Proxmox Mail Gateway is a comprehensive open source email security platform helping you protect your mail server from email threats, and ensuring data integrity with its enterprise-class feature-set.
View the complete feature list
For upcoming features or for release notes take a look at the Roadmap of Proxmox Mail Gateway.
Overview Proxmox Mail Gateway
Spam & Virus Detection
Proxmox Mail Gateway is a mail proxy and protects your mail server from all email threats with a focus on spam, viruses, Trojans and phishing emails. Deployed between your firewall and the internal email server, all incoming and outgoing email traffic is analyzed and various services for mail filtering are applied, for example the Postfix Mail Transport Agent (MTA), the ClamAV® antivirus engine and the Apache SpamAssassin™ project.
Proxmox Mail Gateway integrates ClamAV with the Google Safe Browsing Database.
ClamAV is an open-source antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.
Spam DetectionProxmox Mail Gateway uses a wide variety of local and network tests to identify spam signatures. This makes it harder for spammers to identify one aspect which they can craft their messages to work around. Every single e-mail will be analyzed and get a spam score assigned. The systems attempt to optimize the efficiency of the rules that are run in terms of minimizing the number of false positives and false negatives.
How to deploy Proxmox Mail Gateway in your network:
In a basic email server architecture, email traffic (SMTP) usually arrives at the firewall and will be directly forwarded to your mail server.
By using the Proxmox Mail Gateway, which is implemented between your firewall and the mail server, all e-mail traffic (SMTP) is forwarded to the Mail Gateway first, all unwanted emails are filtered and removed or rejected (before-queue filtering), and only then they are forwarded to your mail server.
Receiver Verification - The Proxmox SolutionMany of the junk messages reaching your network are emails to non-existent users. Proxmox Mail Gateway detects these emails on SMTP level, which means before they are transferred to your networks. This reduces the traffic to be analyzed for spam and viruses up to 90% and reduces the working load on your mail servers and scanners.
Sender policy framework (SPF)Sender Policy Framework (SPF) is an open standard for validating emails and preventing sender IP address forgery. SPF allows the administrator of an Internet domain to specify which computers are authorized to send emails with a given domain by creating a specific SPF record in the Domain Name System (DNS).
DNS-based Blackhole ListA DNS-based Blackhole List (DNSBL) is a means by which an Internet site may publish a list of IP addresses, in a format which can be easily queried by computer programs on the internet. The technology is built on top of the Domain Name System. DNSBLs are used to publish lists of addresses linked to spamming.
SMTP WhitelistExclude senders from SMTP blocking. To prevent all SMTP checks (Greylisting, Receiver Verification, SPF and RBL) and accept all e-mails for the analysis in the filter rule system, you can add the following to this list: Domains (Sender/Receiver), Mail address (Sender/Receiver), Regular Expression (Sender/Receiver), IP address (Sender), IP network (Sender)
Bayesian Filter - Automatically trained statistical filtersSome particular words have a higher probability of occurring in spam emails rather than in legitimate emails. By beeing trained to recognize those words, the Bayesian checks every email and adjusts the probabilities of it beeing a spam word or not in its database. This is done automatically.
Black- and WhitelistsBlack- and Whitelists are an access control mechanism to accept, block, or quarantine emails to recipients. This allows you to tune the rule-system by applying different objects like domains, email address, regular expression, IP Network, LDAP Group, and others.
Greylisting means that your system temporarily rejects an email from a sender your system does not recognize. Since temporary failures are built into the RFC specifications for mail delivery, a legitimate server will try to resend the email later on. This is an effective method because spammers do not queue and reattempt mail delivery as a regular Mail Transport Agent would normally do. Greylisting can reduce e-mail traffic up to 50%. A greylisted email never reaches your mail server and thus your mail server will not send useless "Non Delivery Reports" to spammers.
Spam Uri Realtime BlockList (SURBL)SURBLs are used to detect spam based on message body URIs (usually web sites). This makes them different from most other Real-time Blocklists, because SURBLs are not used to block spam senders. SURBLs allow you to block messages that have spam hosts which are mentioned in message bodies.
Find Emails Quickly
The innovative Proxmox Message Tracking Center
The innovative Proxmox Message Tracking Center tracks and summarizes all available logs. With the web-based and userfriendly management interface the IT administrator can easily overview and controll the email flow from a single screen.
The Message Tracking Center is very fast and powerful, tested on Proxmox Mail Gateway sites processing over a million emails per day. All different log files from the last 7 days can be queried and the results are summarized by an intelligent algorithm.
All corresponding log files are displayed
- Arrival of the email
- Proxmox filtering processing with results
- Internal queue to your email server
- Status of final delivery
The real-time syslog shows the last 100 lines, the output can be filtered by selecting the log files from a service or by entering an individual search string.
To provide a 100% secure email system for your business, we developed Proxmox High Availability (HA) Cluster. The Proxmox HA Cluster uses a unique application level clustering scheme, which provides extremely good performance. Fast set-up within minutes and a simple, intuitive management keep maintenance needs low. After temporary failures, nodes automatically reintegrate without any operator interaction.
High Availability with Proxmox HA Cluster
Data synchronization via VPN tunnelThe Proxmox HA Cluster consists of a master and several nodes (minimum of one node). All configuration is done on the master and then synchronized to all cluster nodes over a VPN tunnel.
Benefits of Proxmox HA Cluster:
- Centralized configuration management
- Fully redundant data storage
- High availability
- High performance
- Unique application level clustering scheme
- Cluster setup is done within minutes
- Nodes automatically reintegrate after temporary failures - without any operator interaction.
Load-Balancing-Cluster with MX recordsWith MX records it is simple to set up a high performance load balanced mail cluster. You just have to define two MX records with the same priority.
To start, you need two working Proxmox Mail Gateways, each having its own IP address. Then you define your MX records. You will receive mails on both hosts - more or less load-balanced, using Round-robin scheduling. Round-robin (RR) is a scheduling algorithm which alternates between systems. If one host fails the other is used.
Note: It is always very useful to add reverse lookup entries (PTR records) for those hosts. Many e-mail systems nowadays reject emails from hosts without valid PTR records.
Multiple address records
If you have many domains, it is possible to use one MX record per domain and multiple address records. This way you can add one DNS MX record to all your domains, which points to multiple IP Addresses, saving you the burden of adding multiple records to many domains.
Customize with the Object-Oriented Rule System
The object-oriented rule system enables you to create customized rules for your environment. It’s an easy but very powerful way to define filter rules by user, domain, time frame, content type and resulting action. Proxmox Mail Gateway offers a lot of powerful objects to configure your own custom system.
- ACTIONS - object: Defines what should happen with the email.
- WHO - object: Who is the sender or receiver of the e-mail?
- WHAT - object: What is in the e-mail?
- WHEN - object: When is the e-mail received by Proxmox Mail Gateway?
Every rule has five categories FROM, TO, WHEN, WHAT and ACTION. Each of these categories can contain several objects and a direction (in, out and both).
Options range from simple spam and virus filter setups to sophisticated, highly customized configurations blocking certain types of e-mails and generating notifications.
Learn more in the reference documentation >
University of Macau scans emails
with Proxmox Mail Gateway
At University of Macau around 50k emails are scanned per day on average with Proxmox Mail Gateway. It is used internally for scanning outbound emails: All outgoing emails are first routed to Proxmox Mail Gateway, where they are checked and either relayed or blocked.
“Inbound scanning is currently done with another enterprise-grade mail gateway,” says Queenie Leong, assistant Information Technology technician at University Macau. “The greatest advantages of Proxmox Mail Gateway are its user-friendly interface and good user experience. We have a lot of reports and necessary statistics available and can quickly get an overview. The clustering functionality improves the mail gateway availability. What we also like is that the Mail Gateway has integrated anti-spam and anti-virus for enhanced email security. So, all in all, it is quick to set up and easy to manage."
3 VMs in a Cluster
“Implementing Proxmox Mail Gateway is very straight-forward as it provides an image that can be deployed as a VM. We installed three VMs as a cluster, each with 8 vCPUs and 8GB RAM.”
“The University of Macau (UM) is an international, comprehensive university. Since its establishment in 1981, UM has been dedicated to providing a multifaceted education, through our educational model and residential college system, and in accordance with the university motto: Humanity, Integrity, Propriety, Wisdom and Sincerity.”
From Postfix and Policyd to Proxmox
“Before starting to use Proxmox Mail Gateway, we had been using Postfix and Policyd as our internal email gateway. We found several introductory blog articles on deploying Proxmox Mail Gateway, and so we thought that it could also be applied in our University.”
“At the beginning, we had some concerns about the requisites and the limit on the number of policies. We were not sure if it could fully replace our previous solution, which is based on PolicyD. We have a regular staff of about 1,600 and each morning the University sends a bulletin to the staff members and students—so email throughput needed to be tested.”
“After some testing and checking, we found that the Mail Gateway platform fulfilled all our requirements and is also regularly updated. As it is an open-source project, we could fully test the platform and deployment before putting it into production. This finally convinced us to choose Proxmox Mail Gateway.”
Great Filtering Rules
“Our absolute favorite feature in Proxmox Mail Gateway is the rule-based mail filter, where you combine objects (sender, recipient, email, etc.) into a filtering rule. It is very easy to configure and very flexible.”
Queenie Leong, Assistant Information Technology Technician
University of Macau (China), https://www.um.edu.mo