E-mail security begins at the gateway by controlling all incoming and outgoing e-mail messages. Proxmox Mail Gateway addresses the full spectrum of unwanted e-mail traffic, focusing spam and virus detection.
Proxmox Mail Gateway uses a wide variety of local and network tests to identify spam signatures. This makes it harder for spammers to identify one aspect which they can craft their messages to work around.
Every single e-mail will be analyzed and gets a spam score assigned. The systems attempt to optimize the efficiency of the rules that are run in terms of minimizing the number of false positives and false negatives.
The flexible architecture combined with the easy-to-use configuration interface safeguards companies against existing and new e-mail threats.
Four steps to get your Proxmox up and running:
Download ISO image and burn it on a CD
Boot from CD and start the automatic installer on your dedicated hardware
Request a license
Configure the Proxmox Mail Gateway via web interface
Spam Filtering Methods
Greylisting
Typically, a server that utilises Greylisting will record the following three pieces of information (refered to as tripplet) for all incoming e-mail.
The IP address of the connecting host
The envelope sender address
The envelope recipient address
The client is checked against the mail server's internal whitelists (if any) first. Then, if the tripplet has never been seen before, it is greylisted for a period of time (how much time is dependent on the server configuration). The e-mail is rejected with a temporary error. The assumption is that since temporary failures are built into the RFC specifications for e-mail delivery, a legitimate server will attempt to connect again later on to deliver the e-mail.
Greylisting is effective because many mass e-mail tools utilised by spammers are not set up to handle temporary failures (or any failures for that matter) so the Spam is never received.
This feature can reduce e-mail traffic up to 50%. Greylisted e-mails never reach your mail server and your mail server will stop sending useless "Non Delivery Reports" to spammers.
Sender Police Framework (SPF)
Domains use public records (DNS) to direct requests for different services (web, e-mail, etc.) to the machines that perform those services. All domains already publish e-mail (MX) records to tell the world what machines receive e-mail for the domain. SPF works by domains publishing "reverse MX" records to tell the world what machines send e-mail for the domain. When receiving a message from a domain, the recipient can check those records to make sure e-mail is coming from where it should be coming from.
Bayesian Filter
The Bayesian filter is a statistical filter which relies on the fact that particular words have different likelihoods of occurring across different categories. For instance, most e-mail users will seldom see the word "Viagra" in legitimate e-mail, but will encounter it frequently in spam e-mail.
Blacklist
Blacklist is an access control mechanism that stands for allow everybody to send an e-mail to the Proxmox Mail Gateway, except members of the blacklist.
Whitelist
Whitelist is an access control mechanism that stands for allow to send an e-mail to the Proxmox Mail Gateway without doing any Spamfiltering.
DNS-based Blackhole List
A DNS-based Blackhole List, or DNSBL, is a means by which an Internet site may publish a list of IP addresses, in a format which can be easily queried by computer programs on the Internet. As the name suggests, the technology is built on top of the Internet DNS or Domain Name System. DNSBLs are chiefly used to publish lists of addresses linked to spamming.
Distributed Checksum Clearinghouse (DCC)
The idea of the DCC is that if e-mail recipients could compare the e-mail they receive, they could recognize unsolicited bulk e-mail. A DCC server totals reports of checksums of messages from clients and answers queries about the total counts for checksums of e-mail messages. A DCC client reports the checksums for a e-mail message to a server and is told the total number of recipients of e-mail with each checksum. If one of the totals is high enough the message is unsolicited, the DCC client can log, discard, or reject the message.
Advanced Header Analysis and Text Searching Rules
E-mail headers are usually hidden, but they are required to deliver an e-mail to its destination. The system can detect inconsistent headers that are a feature of many spam e-mails. Around 600 text searching rules are used to detect phrases and other features common in spam e-mails.
Spam URI Realtime Blocklists (SURBL)
SURBLs differ from most other RBLs in that they're used to detect spam based on message body URIs (usually web sites). Unlike most other RBLs, SURBLs are not used to block spam senders. Instead they allow you to block messages that have spam hosts which are mentioned in message bodies.
Autolearning
The system gathers statistical information about spam e-mails. This information is used by an autolearning algorithm, so the system becomes smarter over time.
Hashcash
Hashcash is a denial-of-service counter measure tool. Its main current use is to help hashcash users avoid losing email due to content based and blacklist based anti-spam systems. A hashcash stamp constitutes a proof-of-work which takes a parameterizable amount of work to compute for the sender. The recipient can verify received hashcash stamps efficiently.
System requirements
Minimum system requirements
Pentium class PC, at least 500 MHz
256 MB RAM
bootable CD-ROM-drive
1024x768 capable VGA/Monitor for Installer
Hard disk 5GB - ATA / SATA / SCSI
10/100 MBps Network interface card
Recommended system requirements
(for 100 Users, depends on email usage)
Pentium 4 class PC/Server, 2 GHZ
512 MB RAM
bootable CD-ROM-drive
1024x768 capable VGA/Monitor for Installer
Hard disk 18 GB ATA / SATA / SCSI or better, SCSI RAID
