4 {pmg} is based on Debian. This is why the install disk images (ISO files)
5 provided by Proxmox include a complete Debian system as well as all necessary
8 TIP: See the xref:faq-support-table[support table in the FAQ] for the
9 relationship between {pmg} releases and Debian releases.
11 The installer will guide you through the setup, allowing you to partition the local
12 disk(s), apply basic system configurations (for example, timezone, language,
13 network) and install all required packages. This process should not take more
14 than a few minutes. Installing with the provided ISO is the recommended method
15 for new and existing users.
17 Alternatively, {pmg} can be installed on top of an existing Debian system. This
18 option is only recommended for advanced users because detailed knowledge about
21 include::pmg-installation-media.adoc[]
24 Using the {pmg} Installation CD-ROM
25 -----------------------------------
27 The installer ISO image includes the following:
29 * Complete operating system (Debian Linux, 64-bit)
31 * The {pmg} installer, which partitions the hard drive(s) with ext4,
32 XFS or ZFS and installs the operating system
36 * Postfix MTA, ClamAV, Spamassassin and the {pmg} toolset
38 * Web-based management interface for using the toolset
41 Please insert the xref:installation_prepare_media[prepared installation media]
42 (for example, USB flash drive or CD-ROM) and boot from it.
44 TIP: Make sure that booting from the installation medium (for example, USB) is
45 enabled in your servers firmware settings.
47 After choosing the correct entry (for example, Boot from USB) the {pmg} menu
48 will be displayed, and one of the following options can be selected:
50 image::images/installer/pmg-grub-menu.png[]
54 Start normal installation.
56 Install {pmg} (Debug mode)::
58 Start installation in debug mode. This opens a shell console at various stages
59 throughout the installation, so that you can debug issues, if something goes
60 wrong. You can press `CTRL-D` to exit the debug console and continue the
61 installation. This option is mostly for developers and not meant for general
66 This option allows you to boot an existing installation. It searches
67 all attached hard disks and, if it finds an existing installation,
68 boots directly into that disk using the existing Linux kernel. This
69 can be useful if there are problems with the boot block (grub), or the
70 BIOS is unable to read the boot block from the disk.
74 Runs `memtest86+`. This is useful to check if your memory is
75 functional and error free.
77 You normally select *Install {pmg}* to start the installation.
79 image::images/installer/pmg-select-target-disk.png[]
81 The first step is to read our EULA (End User License Agreement). Following
82 this, you can select the target hard disk(s) for the installation.
84 CAUTION: By default, the whole server is used and all existing data is removed.
85 Make sure there is no important data on the server before proceeding with the
88 The `Options` button lets you select the target file system, which
89 defaults to `ext4`. The installer uses LVM if you select
90 `ext4` or `xfs` as a file system, and offers additional options to
91 restrict LVM space (see <<advanced_lvm_options,below>>)
93 If you have more than one disk, you can also use ZFS as a file system.
94 ZFS supports several software RAID levels, which is particularly useful
95 if you do not have a hardware RAID controller. The `Options` button
96 lets you choose the ZFS RAID level and select which disks will be used.
98 image::images/installer/pmg-select-location.png[]
100 The next page asks for basic configuration options like your
101 location, timezone, and keyboard layout. The location is used to
102 select a nearby download server, in order to increase the speed of updates.
103 The installer is usually able to auto-detect these settings, so you only need to
104 change them in rare situations when auto-detection fails, or when you want to
105 use a keyboard layout not commonly used in your country.
107 image::images/installer/pmg-set-password.png[]
109 You then need to specify an email address and the superuser (root)
110 password. The password must have at least 5 characters, but we highly
111 recommend to use stronger passwords - here are some guidelines:
113 - Use a minimum password length of 12 to 14 characters.
115 - Include lowercase and uppercase alphabetic characters, numbers and symbols.
117 - Avoid character repetition, keyboard patterns, dictionary words, letter or
118 number sequences, usernames, relative or pet names, romantic links (current
119 or past) and biographical information (e.g., ID numbers, ancestors' names or
122 It is sometimes necessary to send notification to the system administrator, for
125 - Information about available package updates.
127 - Error messages from periodic cron jobs.
129 All those notification mails will be sent to the specified email address.
131 image::images/installer/pmg-setup-network.png[]
133 The next step is the network configuration. Please note that you can use either
134 IPv4 or IPv6 here, but not both. If you want to configure a dual stack node,
135 you can easily do that after the installation.
137 image::images/installer/pmg-summary.png[]
139 When you press `Next`, you will see an overview of your entered configuration.
140 Please re-check every setting, you can still use the `Previous` button to go
141 back and edit any settings.
143 After clicking `Install`, the installer will begin to format and copy packages
144 to the target disk(s).
146 image::images/installer/pmg-installation.png[]
148 Copying the packages usually takes several minutes. When this is
149 finished, you can reboot the server.
151 Further configuration is done via the {pmg} web interface:
153 [thumbnail="pmg-gui-login-window.png"]
155 . Point your browser to the IP address given during the installation
156 (https://youripaddress:8006).
158 . Log in and upload your subscription key.
160 NOTE: The default login is "root", and the password is the one chosen during the
163 . Check the IP configuration and hostname.
165 . Check the timezone.
167 . Check your xref:firewall_settings[Firewall settings].
169 . Configure {pmg} to forward the incoming SMTP traffic to your mail
170 server ('Configuration/Mail Proxy/Default Relay') - 'Default
171 Relay' is your email server.
173 . Configure your email server to send all outgoing messages through
174 your {pmg} ('Smart Host', port 26 by default).
176 For detailed deployment scenarios see chapter
177 xref:chapter_deployment[Planning for Deployment].
179 After the installation, you have to route all your incoming and
180 outgoing email traffic to {pmg}. For incoming traffic, you
181 have to configure your firewall and/or DNS settings. For outgoing
182 traffic you need to change the existing email server configuration.
185 [[advanced_lvm_options]]
186 Advanced LVM Configuration Options
187 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
189 The installer creates a Volume Group (VG) called `pmg`, and additional
190 Logical Volumes (LVs) called `root` and `swap`. The size of
191 those volumes can be controlled with:
195 Defines the total disk size to be used. This way you can save free
196 space on the disk for further partitioning (i.e. for an additional PV
197 and VG on the same disk that can be used for LVM storage).
201 Defines the size of the `swap` volume. The default is the size of the
202 installed memory. The minimum is 4 GB and the maximum is 8 GB. The resulting
203 value cannot be greater than `hdsize/8`.
207 Defines the amount of free space that should be left in the LVM volume group
208 `pmg`. With more than 128GB storage available, the default is 16GB, otherwise
209 `hdsize/8` will be used.
211 NOTE: LVM requires free space in the VG for snapshot creation (not
212 required for lvmthin snapshots).
218 ZFS uses a lot of memory, so it is best to add additional RAM if you
219 want to use ZFS. A good calculation is 4GB plus 1GB RAM for each TB
222 ZFS also provides the ability to use a fast SSD drive as write cache. The
223 write cache is called the ZFS Intent Log (ZIL). You can add that after
224 the installation using the following command:
226 zpool add <pool-name> log </dev/path_to_fast_ssd>
229 [[pmg_install_on_debian]]
230 Install {pmg} on Debian
231 -----------------------
233 {pmg} ships as a set of Debian packages, so you can install it
234 on top of a normal Debian installation. After configuring the
235 xref:pmg_package_repositories[package repositories], you need to run:
240 apt install proxmox-mailgateway
243 Installing on top of an existing Debian installation seems easy, but
244 it assumes that you have correctly installed the base system, and you
245 know how you want to configure and use the local storage. Network
246 configuration is also completely up to you.
248 NOTE: In general, this is not trivial, especially when you use LVM or
252 [[pmg_install_on_debian_container]]
253 Install {pmg} as a Linux Container Appliance
254 --------------------------------------------
256 {pmg} can also run inside a Debian-based LXC
257 instance. In order to keep the set of installed software, and thus the
258 necessary updates minimal, you can use the `proxmox-mailgateway-container`
259 meta-package. This does not depend on any Linux kernel, firmware, or components
260 used for booting from bare-metal, like grub2.
262 A ready-to-use appliance template is available through the `mail` section of the
263 https://www.proxmox.com/proxmox-virtual-environment/overview[Proxmox VE]
264 appliance manager, so if you already use Proxmox VE, you can set up a {pmg}
267 NOTE: It's recommended to use a static network configuration. If DHCP must be
268 used, ensure that the container always leases the same IP, for example, by
269 reserving one with the container's network MAC address.
271 Additionally, you can install this on top of a container-based Debian
272 installation. After configuring the
273 xref:pmg_package_repositories[package repositories], you need to run:
278 apt install proxmox-mailgateway-container
281 [[pmg_package_repositories]]
285 {pmg} uses http://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as its
286 package management tool like any other Debian-based system.
288 Repositories in {pmg}
289 ~~~~~~~~~~~~~~~~~~~~~
291 Repositories are a collection of software packages. They can be used to install
292 new software, but are also important to get new updates.
294 NOTE: You need valid Debian and Proxmox repositories to get the latest
295 security updates, bug fixes and new features.
297 APT Repositories are defined in the file `/etc/apt/sources.list` and in `.list`
298 files placed in `/etc/apt/sources.list.d/`.
300 Repository Management
301 ^^^^^^^^^^^^^^^^^^^^^
303 [thumbnail="pmg-gui-admin-repositories.png"]
305 Since {pmg} 7.0 you can check the repository state in the web interface. The
306 'Dashboard' shows a high level status overview, while the separate 'Repository'
307 panel (accessible via 'Administration') shows in-depth status and list of all
308 configured repositories.
310 Basic repository management, for example, activating or deactivating a
311 repository, is also supported.
316 In a `sources.list` file, each line defines a package repository. The preferred
317 source must come first. Empty lines are ignored. A `#` character anywhere on a
318 line marks the remainder of that line as a comment. The available packages from
319 a repository are acquired by running `apt update`. Updates can be installed
320 directly using `apt`, or via the GUI (Administration -> Updates).
322 .File `/etc/apt/sources.list`
324 # basic Debian repositories:
325 deb http://deb.debian.org/debian bookworm main contrib
326 deb http://deb.debian.org/debian bookworm-updates main contrib
329 deb http://security.debian.org/debian-security bookworm-security main contrib
331 # Proxmox Mail Gateway repo required too - see below!
334 {pmg} provides three different package repositories.
337 {pmg} Enterprise Repository
338 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
340 This is the default, stable and recommended repository, available for
341 all {pmg} subscription users. It contains the most stable packages,
342 and is suitable for production use. The `pmg-enterprise` repository is
345 .File `/etc/apt/sources.list.d/pmg-enterprise.list`
347 deb https://enterprise.proxmox.com/debian/pmg bookworm pmg-enterprise
350 As soon as updates are available, the `root@pam` user is notified via
351 email about the newly available packages. From the GUI, the change-log of
352 each package can be viewed (if available), showing all details of the
353 update. Thus, you will never miss important security fixes.
355 Please note that you need a valid subscription key to access this
356 repository. We offer different support levels, which you can find further
357 details about at {pricing-url}.
359 NOTE: You can disable this repository by commenting out the above line
360 using a `#` (at the start of the line). This prevents error messages,
361 if you do not have a subscription key. Please configure the
362 `pmg-no-subscription` repository in this case.
365 {pmg} No-Subscription Repository
366 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
368 As the name suggests, you do not need a subscription key to access
369 this repository. It can be used for testing and non-production
370 use. It's not recommended to use this on production servers, as these
371 packages are not always heavily tested and validated.
373 We recommend configuring this repository in `/etc/apt/sources.list`.
375 .File `/etc/apt/sources.list`
377 deb http://ftp.debian.org/debian bookworm main contrib
378 deb http://ftp.debian.org/debian bookworm-updates main contrib
381 deb http://security.debian.org/debian-security bookworm-security main contrib
383 # PMG pmg-no-subscription repository provided by proxmox.com,
384 # NOT recommended for production use
385 deb http://download.proxmox.com/debian/pmg bookworm pmg-no-subscription
389 {pmg} Test Repository
390 ~~~~~~~~~~~~~~~~~~~~~
392 Finally, there is a repository called `pmgtest`. This contains the
393 latest packages, and is heavily used by developers to test new
394 features. As with before, you can configure this using
395 `/etc/apt/sources.list` by adding the following line:
397 .sources.list entry for `pmgtest`
399 deb http://download.proxmox.com/debian/pmg bookworm pmgtest
402 WARNING: the `pmgtest` repository should only be used
403 for testing new features or bug fixes.
409 We use GnuPG to sign the `Release` files inside these repositories,
410 and APT uses these signatures to verify that all packages are from a
413 The key used for verification is already installed, if you install from
414 our installation CD. If you install via another means, you can manually
415 download the key by executing the following command as root user:
418 # wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
421 Verify the checksum afterwards with the `sha512sum` CLI tool:
424 # sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
425 7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87 /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
428 or the `md5sum` CLI tool:
431 # md5sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
432 41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
436 Debian Non-Free Repository
437 ~~~~~~~~~~~~~~~~~~~~~~~~~~
439 Certain software cannot be made available in the `main` and `contrib`
440 areas of the {debian} archives, since it does not adhere to the Debian
441 Free Software Guidelines (DFSG). These are distributed in the
442 {debian_nonfree_archive_area}. For {pmg} two packages from the `non-free` area
443 are needed in order to support the RAR archive format:
445 * `p7zip-rar` for matching xref:pmg_mailfilter_what[Archive Objects] in the
446 xref:chapter_mailfilter[Rule system]
448 * `libclamunrar` for detecting viruses in RAR archives.
450 To enable the `non-free` component, run `editor /etc/apt/sources.list` and
451 append `non-free` to the end of each `.debian.org` repository line.
453 Following this, you can install the required packages with:
457 apt install libclamunrar p7zip-rar
461 [[pmg_debian_firmware_repo]]
462 Debian Firmware Repository
463 ~~~~~~~~~~~~~~~~~~~~~~~~~
464 Starting with Debian Bookworm ({pmg} 8) non-free firmware (as defined by
465 https://www.debian.org/social_contract#guidelines[DFSG]) has been moved to the
466 newly created Debian repository component `non-free-firmware`.
468 Enable this repository if you want to set up
469 xref:pmg_firmware_cpu[Early OS Microcode Updates] or need additional
470 xref:pmg_firmware_runtime_files[Runtime Firmware Files] not already included in
471 the pre-installed package `pve-firmware`.
473 To be able to install packages from this component, run
474 `editor /etc/apt/sources.list`, append `non-free-firmware` to the end of each
475 `.debian.org` repository line and run `apt update`.