Relay Domains
~~~~~~~~~~~~~
-
ifndef::manvolnum[]
image::images/screenshot/pmg-gui-mailproxy-relaydomains.png[]
endif::manvolnum[]
-TODO
+List of relayed mail domains, i.e. what destination domains this
+system will relay mail to. The system will reject incoming mails to
+other domains.
Ports
image::images/screenshot/pmg-gui-mailproxy-transports.png[]
endif::manvolnum[]
-TODO
+You can use {pmg} to send e-mails to different internal
+e-mail servers. For example you can send e-mails addressed to
+domain.com to your first e-mail server, and e-mails addressed to
+subdomain.domain.com to a second one.
+
+You can add the IP addresses, hostname and SMTP ports and mail domains (or
+just single email addresses) of your additional e-mail servers.
Networks
image::images/screenshot/pmg-gui-mailproxy-networks.png[]
endif::manvolnum[]
-TODO
+You can add additional internal (trusted) IP networks or hosts.
+All hosts in this list are allowed to relay.
+
+NOTE: Hosts in the same subnet with Proxmox can relay by default and
+it’s not needed to add them in this list.
TLS
image::images/screenshot/pmg-gui-mailproxy-tls.png[]
endif::manvolnum[]
-TODO
+Transport Layer Security (TLS) provides certificate-based
+authentication and encrypted sessions. An encrypted session protects
+the information that is transmitted with SMTP mail. When you activate
+TLS, {pmg} automatically generates a new self signed
+certificate for you (`/etc/pmg/pmg-tls.pem`).
+
+{pmg} uses opportunistic TLS encryption. The SMTP transaction is
+encrypted if the 'STARTTLS' ESMTP feature is supported by the remote
+server. Otherwise, messages are sent in the clear.
+
+Enable TLS logging::
+
+To get additional information about SMTP TLS activity you can enable
+TLS logging. That way information about TLS sessions and used
+certificate’s is logged via syslog.
+
+Add TLS received header::
+
+Set this option to include information about the protocol and cipher
+used as well as the client and issuer CommonName into the "Received:"
+message header.
+
+Those settings are saved to subsection 'mail' in `/etc/pmg/pmg.conf`,
+using the following configuration keys:
+
+include::pmg.mail-tls-conf-opts.adoc[]
+
Whitelist
~~~~~~~~~
image::images/screenshot/pmg-gui-mailproxy-whitelist.png[]
endif::manvolnum[]
-TODO
+All SMTP checks are disabled for those entries (e. g. Greylisting,
+SPF, RBL, ...)
+
+NOTE: If you use a backup MX server (e.g. your ISP offers this service
+for you) you should always add those servers here.
Spam Detector Configuration
---------------------------
-TODO
+Options
+~~~~~~~
+
+ifndef::manvolnum[]
+image::images/screenshot/pmg-gui-spam-options.png[]
+endif::manvolnum[]
+
+{pmg} uses a wide variety of local and network tests to identify spam
+signatures. This makes it harder for spammers to identify one aspect
+which they can craft their messages to work around the spam filter.
+
+Every single e-mail will be analyzed and gets a spam score
+assigned. The system attempts to optimize the efficiency of the rules
+that are run in terms of minimizing the number of false positives and
+false negatives.
+
+include::pmg.spam-conf-opts.adoc[]
+
+
+Quarantine
+~~~~~~~~~~
+
+ifndef::manvolnum[]
+image::images/screenshot/pmg-gui-spamquar-options.png[]
+endif::manvolnum[]
+
+Proxmox analyses all incoming e-mail messages and decides for each
+e-mail if its ham or spam (or virus). Good e-mails are delivered to
+the inbox and spam messages can be moved into the spam quarantine.
+
+The system can be configured to send daily reports to inform users
+about the personal spam messages received the last day. That report is
+only sent if there are new messages in the quarantine.
+
+include::pmg.spamquar-conf-opts.adoc[]
Virus Detector Configuration
----------------------------
-TODO
+Options
+~~~~~~~
+
+ifndef::manvolnum[]
+image::images/screenshot/pmg-gui-virus-options.png[]
+endif::manvolnum[]
+
+All mails are automatically passed to the included virus detector
+({clamav}). The default setting are considered safe, so it is usually
+not required to change them.
+
+{clamav} related settings are saved to subsection 'clamav' in `/etc/pmg/pmg.conf`,
+using the following configuration keys:
+
+include::pmg.clamav-conf-opts.adoc[]
+
+ifndef::manvolnum[]
+image::images/screenshot/pmg-gui-clamav-database.png[]
+endif::manvolnum[]
+
+Please note that the virus signature database it automatically
+updated. But you can see the database status on the GUI, and you can
+trigger manual updates there.
+
+
+Quarantine
+~~~~~~~~~~
+
+ifndef::manvolnum[]
+image::images/screenshot/pmg-gui-virusquar-options.png[]
+endif::manvolnum[]
+
+Indentified virus mails are automatically moved to the virus
+quarantine. The administartor can view those mails using the GUI, or
+deliver them in case of false positives. {pmg} does not notify
+individual users about received virus mails.
+
+Virus quarantine related settings are saved to subsection 'virusquar'
+in `/etc/pmg/pmg.conf`, using the following configuration keys:
+
+include::pmg.virusquar-conf-opts.adoc[]
+
+
+Custom SpamAssassin configuration
+---------------------------------
+
+This is only for advanced users. To add or change the Proxmox
+{spamassassin} configuration please login to the console via SSH. Go
+to directory `/etc/mail/spamassasin/`. In this directory there are several
+files (`init.pre`, `local.cf`, ...) – do not change them.
+
+To add your special configuration, you have to create a new file and
+name it `custom.cf` (in this directory), then add your
+configuration there. Be aware to use the {spamassassin}
+syntax, and test with
+
+----
+# spamassassin -D --lint
+----
+
+If you run a cluster, the `custom.cf` file is synchronized from the
+master node to all cluster members.
User Management
---------------
-TODO
+User management in {pmg} consists of three types of users/accounts:
+
+
+Local Users
+~~~~~~~~~~~
+
+image::images/screenshot/pmg-gui-local-user-config.png[]
+
+Local users are used to manage and audit {pmg}. Those users can login on the
+management web interface.
+
+There are three roles:
+
+* Administrator
++
+Is allowed to manage settings of {pmg}, except some tasks like
+network configuration and upgrading.
+
+* Quarantine manager
++
+Is allowed to manage quarantines, blacklists and whitelists, but not other
+settings. Has no right to view any other data.
+
+* Auditor
++
+With this role, the user is only allowed to view data and configuration, but
+not to edit it.
+
+In addition there is always the 'root' user, which is used to perform special
+system administrator tasks, such as updgrading a host or changing the
+network configuration.
+
+NOTE: Only pam users are able to login via the webconsole and ssh, which the
+users created with the web interface are not. Those users are created for
+{pmg} administration only.
+
+Local user related settings are saved in `/etc/pmg/user.conf`.
+
+For details of the fields see xref:pmg_user_configuration_file[user.conf]
+
+LDAP/Active Directory
+~~~~~~~~~~~~~~~~~~~~~
+
+image::images/screenshot/pmg-gui-ldap-user-config.png[]
+
+You can specify multiple LDAP/Active Directory profiles, so that you can
+create rules matching those users and groups.
+
+Creating a profile requires (at least) the following:
+
+* profile name
+* protocol (LDAP or LDAPS; LDAPS is recommended)
+* at least one server
+* a user and password (if your server does not support anonymous binds)
+
+All other fields should work with the defaults for most setups, but can be
+used to customize the queries.
+
+The settings are saved to `/etc/pmg/ldap.conf`. Details for the options
+can be found here: xref:pmg_ldap_configuration_file[ldap.conf]
+
+Bind user
+^^^^^^^^^
+
+It is highly recommended that the user which you use for connecting to the
+LDAP server only has the permission to query the server. For LDAP servers
+(for example OpenLDAP or FreeIPA), the username has to be of a format like
+'uid=username,cn=users,cn=accounts,dc=domain' , where the specific fields are
+depending on your setup. For Active Directory servers, the format should be
+like 'username@domain' or 'domain\username'.
+
+Sync
+^^^^
+
+{pmg} synchronizes the relevant user and group info periodically, so that
+that information is available in a fast manner, even when the LDAP/AD server
+is temporarily not accessible.
+
+After a successfull sync, the groups and users should be visible on the web
+interface. After that, you can create rules targeting LDAP users and groups.
+
+
+Fetchmail
+~~~~~~~~~
+
+image::images/screenshot/pmg-gui-fetchmail-config.png[]
+
+Fetchmail is utility for polling and forwarding e-mails. You can define
+e-mail accounts, which will then be fetched and forwarded to the e-mail
+address you defined.
+
+You have to add an entry for each account/target combination you want to
+fetch and forward. Those will then be regularly polled and forwarded,
+according to your configuration.
+
+The API and web interface offer following configuration options:
+
+include::fetchmail.conf.5-opts.adoc[]
ifdef::manvolnum[]
projects / pmg-docs.git / blobdiff