Proxmox Mail Gateway is a comprehensive open-source email security platform helping you protect your mail server from email threats, and ensuring data integrity with its enterprise-class feature-set. It's source code is published under the software license GNU AGPLv3 and thus freely available via code repository (git) for download, use and share.
Spam & Virus Detection
Proxmox Mail Gateway is a mail proxy and protects your mail server from all email threats with a focus on spam, viruses, Trojans and phishing emails. Deployed between your firewall and the internal email server, all incoming and outgoing email traffic is analyzed and various services for mail filtering are applied, for example the Postfix Mail Transport Agent (MTA), the ClamAV® antivirus engine and the SpamAssassin™ project.
ClamAV is an open-source antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It provides a high performance multi-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.
Proxmox Mail Gateway uses a wide variety of local and network tests to identify spam signatures. This makes it harder for spammers to identify one aspect which they can craft their messages to work around. Every single e-mail will be analyzed and get a spam score assigned. The systems attempt to optimize the efficiency of the rules that are run in terms of minimizing the number of false positives and false negatives.
In a basic email server architecture, email traffic (SMTP) usually arrives at the firewall and will be directly forwarded to your mail server.
By using the Proxmox Mail Gateway, which is implemented between your firewall and the mail server, all e-mail traffic (SMTP) is forwarded to the Mail Gateway first, all unwanted emails are filtered and removed or rejected (before-queue filtering), and only then they are forwarded to your mail server.
Many of the junk messages reaching your network are emails to non-existent users. Proxmox Mail Gateway detects these emails on SMTP level, which means before they are transferred to your networks. This reduces the traffic to be analyzed for spam and viruses up to 90% and reduces the working load on your mail servers and scanners.
Sender Policy Framework (SPF) is an open standard for validating emails and preventing sender IP address forgery. SPF allows the administrator of an Internet domain to specify which computers are authorized to send emails with a given domain by creating a specific SPF record in the Domain Name System (DNS).
A DNS-based Blackhole List (DNSBL) is a means by which an Internet site may publish a list of IP addresses, in a format which can be easily queried by computer programs on the internet. The technology is built on top of the Domain Name System. DNSBLs are used to publish lists of addresses linked to spamming.
Exclude senders from SMTP blocking. To prevent all SMTP checks (Greylisting, Receiver Verification, SPF and RBL) and accept all e-mails for the analysis in the filter rule system, you can add the following to this list: Domains (Sender/Receiver), Mail address (Sender/Receiver), Regular Expression (Sender/Receiver), IP address (Sender), IP network (Sender)
Block- and Welcomelists are an access control mechanism to accept, block, or quarantine emails to recipients. This allows you to tune the rule-system by applying different objects like domains, email address, regular expression, IP Network, LDAP Group, and others.
Greylisting means that your system temporarily rejects an email from a sender your system does not recognize. Since temporary failures are built into the RFC specifications for mail delivery, a legitimate server will try to resend the email later on. This is an effective method because spammers do not queue and reattempt mail delivery as a regular Mail Transport Agent would normally do. Greylisting can reduce e-mail traffic up to 50%. A greylisted email never reaches your mail server and thus your mail server will not send useless "Non Delivery Reports" to spammers.
SURBLs are used to detect spam based on message body URIs (usually web sites). This makes them different from most other Real-time Blocklists, because SURBLs are not used to block spam senders. SURBLs allow you to block messages that have spam hosts which are mentioned in message bodies.
Find Emails Quickly
The innovative Proxmox Message Tracking Center
The innovative Proxmox Message Tracking Center tracks and summarizes all available logs. With the web-based and userfriendly management interface the IT administrator can easily overview and control the email flow from a single screen.
The Message Tracking Center is very fast and powerful, tested on Proxmox Mail Gateway sites processing over a million emails per day. All different log files from the last 4 weeks can be queried and the results are summarized by an intelligent algorithm.
All corresponding log files are displayed
- Arrival of the email
- Proxmox filtering processing with results
- Internal queue to your email server
- Status of final delivery
The real-time syslog shows the last 100 lines, the output can be filtered by selecting the log files from a service or by entering an individual search string.
High Availability with Proxmox HA Cluster
To provide a 100% secure email system for your business, we developed Proxmox High Availability (HA) Cluster. The Proxmox HA Cluster uses a unique application level clustering scheme, which provides extremely good performance. Fast set-up within minutes and a simple, intuitive management keep maintenance needs low. After temporary failures, nodes automatically reintegrate without any operator interaction.
The Proxmox HA Cluster consists of a master and several nodes (minimum of one node). All configuration is done on the master and then synchronized to all cluster nodes over a VPN tunnel.
Benefits of Proxmox HA Cluster:
- Centralized configuration management
- Fully redundant data storage
- High availability
- High performance
- Unique application level clustering scheme
- Cluster setup is done within minutes
- Nodes automatically reintegrate after temporary failures - without any operator interaction.
With MX records it is simple to set up a high performance load balanced mail cluster. You just have to define two MX records with the same priority.
To start, you need two working Proxmox Mail Gateways, each having its own IP address. Then you define your MX records. You will receive mails on both hosts - more or less load-balanced, using Round-robin scheduling. Round-robin (RR) is a scheduling algorithm which alternates between systems. If one host fails the other is used.
Note: It is always very useful to add reverse lookup entries (PTR records) for those hosts. Many e-mail systems nowadays reject emails from hosts without valid PTR records.
If you have many domains, it is possible to use one MX record per domain and multiple address records. This way you can add one DNS MX record to all your domains, which points to multiple IP Addresses, saving you the burden of adding multiple records to many domains.
Customize with the Object-Oriented Rule System
The object-oriented rule system enables you to create customized rules for your environment. It’s an easy but very powerful way to define filter rules by user, domain, time frame, content type and resulting action. Proxmox Mail Gateway offers a lot of powerful objects to configure your own custom system.
Every rule has five categories:
Each of these categories can contain several objects to define different criteria for the rule.
A rule can consist of 4 types of objects:
Defines what should happen with the email.
Who is the sender or receiver of the e-mail?
What is in the e-mail?
When is the e-mail received by Proxmox Mail Gateway?
Options range from simple spam and virus filter setups to sophisticated, highly customized configurations blocking certain types of e-mails and generating notifications.
Learn more in the reference documentation >
To view the comprehensive feature-set, download the datasheet for Proxmox Virtual Environment.
Find detailed description of product updates in the release notes.
Proxmox solutions use the free, copyleft license GNU AGPLv3. The source code is available via Git.