Fri. Aug 14th, 2020

Proxmox Mail Gateway 6.2 releases: based on Debian Buster

4 min read

Proxmox Mail Gateway is the leading open-source email security solution protecting your mail server against all email threats the moment they emerge. Organizations of any size can easily implement and deploy the comprehensive anti-spam and anti-virus platform in a few minutes. Deploying the full featured mail proxy between the firewall and an internal mail server allows to control all incoming and outgoing email traffic from the single web-based interface. Proxmox filters the whole email traffic at the gateway before it reaches the mail server and protects businesses against email attacks and other malicious threats. Proxmox Mail Gateway is open-source software, licensed under the GNU AGPL, v3. Commercial support subscriptions are available from Proxmox.

Proxmox Mail Gateway

The Mail Gateway is a complete operating system based on Debian Stretch 9.5 with a 4.15 kernel. The anti-spam and anti-virus filtering solution functions like a full-featured mail proxy deployed between the firewall and the internal mail server and protects organizations against spam, viruses, Trojans, and phishing emails.

Changelog v6.2

  • Based on Debian Buster (10.3)
    • Proxmox Mail Gateway is based on the latest stable release of Debian 10.3 (Buster).
  • SpamAssassin 3.4.4
    • Proxmox ships the latest upstream release of Apache SpamAssassin with a updated and enhance ruleset (KAM rules added)
  • Kernel 5.4
    • Proxmox Mail Gateway shares the kernel with Proxmox VE and is based on the 5.4 series from Ubuntu 20.04
  • pmg-log-tracker in Rust
    • pmg-log-tracker has been extended and reimplemented in the Rust programming language. pmg-log-tracker is the binary at the core of the Message Tracking Center, providing live searchable and grouped logs in the GUI.
    • The new pmg-log-tracker has support for parsing and grouping logs in before-queue filtering mode.
    • The refresh of the code base of pmg-log-tracker provides an optimized performance and more stability.
  • Support for before-queue filtering in the GUI
    • With the added support for displaying before-queue filtering logs in the GUI and fixing some minor glitches in that area, the before-queue filtering can now be comfortably enabled in the GUI.
  • Improved IPv6 support
    • The Mail Proxy’s SPF checker also verifies SPF records for those remote mail servers connecting via IPv6.
    • Greylisting support for IPv6 addresses (with variable netmask, defaulting to ‘/64’) – needs to be explicitly enabled.
    • Who-objects containing IPv6 literal address work now.
  • Customizable netmask length for greylist matching
    • Instead of fixing a greylist network to a ‘/24’ the administrator can now configure which hosts should be considered as belonging to the same network by setting a larger (or smaller) prefix.
    • This can help with receiving mail from some cloud-providers, who send out one mail from different ip addresses within a large network, which usually leads to a rather long delay and sometimes even to a legitimate mail being rejected.
    • Due to the changed database layout partial upgrades of clusters will prevent nodes running the older version from syncing the greylist database until they are upgraded.
  • Better UX for the User Spam Quarantine interface
    • If selected in the Quarantine view, the From header and the Subject are now displayed on top of the mail body.
    • It is now possible to delete mail addresses containing certain special characters (for example ‘/’) from a users’ black- or whitelist.
    • Users can set their preferred language directly in the quarantine interface instead of having to log out to change the setting.
    • Fixed a bug in the selection of multiple e-mails.
  • Handling of changes to overridden templates with ucf
    • Starting with this release all service configuration templates, copied and modified in /etc/pmg/templates get registered with ucf. Should a overridden template change with a new package version the administrator is asked and can accept or reject the changes.
    • All users who have templates in /etc/pmg/templates will be asked about the current changes for the initial registration.
  • New What Object: ‘Match Archive Filename’
    • In addition to match files in archives (zip, tar.gz, rar,…) based on the file’s content-type, it is also possible to look for particular filename patterns inside of archives.
    • This completes the feature matrix of matching files based on content-type or filename, as plain attachments, or inside archives.
  • Support for downstream LMTP servers
    • In certain setups there is no advantage in having a dedicated SMTP server for receiving e-mails from Proxmox Mail Gateway, since all used functionality is provided by a MTA, which speaks IMAP and LMTP (e.g., Dovecot).
    • It is now possible to configure Proxmox Mail Gateway to send e-mails directly to a LMTP relay, both as default transport and only as transport for certain domains.
  • Improvements to recently added features
    • Before-queue filtering and DKIM signing, both implemented with Proxmox Mail Gateway 6.1, have a better user experience and are considered stable now.
    • Some remaining glitches and bugs fixed for both.
    • DKIM selector handling can handle the existence of multiple selectors and in the GUI, users can comfortably switch between the active selector.
  • TLS policy selection for internal downstream servers
    • It is now possible to specify a desired level of encryption and authentication for the opportunistic TLS-encryption (STARTTLS) for downstream servers entered in your transports.
    • This can help to ensure that your internal communication is not sent in the clear over the network. It can also be used to work around broken TLS implementations in legacy downstream servers.
  • Improvements to general usability
    • The unbounded growth of the Quarantine disk usage for non-master nodes in clustered setups is fixed.
    • It’s now possible to switch to incremental updates of the AV signatures for ClamAV via GUI, alleviating the problem that both methods fail in certain cases for some users.