Dual Virus Scanning
Proxmox Mail Gateway integrates two high performance and multithreaded anti virus engines to an affordable price in all license subscriptions:
- Zero-Hour Virus Outbreak Protection by CYREN
With this dual-engine support, Proxmox Mail Gateway combines signature-less high-performance and cloud-based immediate scanning capabilities from CYREN with traditional, signature-based scanning from ClamAV.
As a third scanner option, you can additionally license Avira SAV for full protection.
Zero-Hour Virus Outbreak Protection by CYREN
CYREN’s signature-less zero-hour malware detection uses the unique content-agnostic technology which analyzes billions of emails in real-time, protecting against new outbreaks the moment they emerge. CYREN’s high-performance services complement the anti-spam/antivirus stack used in Proxmox Mail Gateway.
ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.
Proxmox Mail Gateway uses a wide variety of local and network tests to identify spam signatures. This makes it harder for spammers to identify one aspect which they can craft their messages to work around. Every single e-mail will be analyzed and get a spam score assigned. The systems attempt to optimize the efficiency of the rules that are run in terms of minimizing the number of false positives and false negatives.
How to deploy Proxmox Mail Gateway in your network:
Recurrent Pattern Detection (RPD™)
The CYREN RPD™ technology protects against spam outbreaks in real-time as messages are mass-distributed over the Internet. The content-agnostic technology detects and blocks spam in any language. Rather than evaluating the content of messages, the CYREN Detection Center analyzes billions of emails in real-time, recognizing and protecting against new spam outbreaks the moment they emerge.
GlobalView™ Mail Reputation Service
The GlobalView™ Mail Reputation Service by CYREN fights unwanted mail at the entry-point, reducing more than 85% of incoming messages before these enter the network. Built on CYREN’s comprehensive view of global Internet traffic, GlobalView distinguishes in real-time between legitimate corporate senders, valid publishers, zombies, and spammers/malware distributors. CYREN’s global detection centers analyze more than two billion Internet transactions per day, providing visibility into network traffic in every location around the world.
Receiver Verification – The Proxmox Solution
Many of the junk messages reaching your network are emails to non-existent useres. Proxmox Mail Gateway detects these emails on SMTP level, which means before they are transferred to your networks. This reduces the traffic to be analyzed for spam and viruses up to 90% and reduces the working load on your mail servers and scanners.
Sender policy framework (SPF)
Sender Policy Framework (SPF) is an open standard for validating emails and to prevent sender IP address forgery. SPF allows the administrator of an Internet domain to specify which computers are authorized to send emails with a given domain by creating a specific SPF record in the Domain Name System (DNS).
DNS-based Blackhole List
A DNS-based Blackhole List (DNSBL) is a means by which an Internet site may publish a list of IP addresses, in a format which can be easily queried by computer programs on the internet. The technology is built on top of the Domain Name System. DNSBLs are used to publish lists of addresses linked to spamming.
Exclude senders from SMTP blocking. To prevent all SMTP checks (Greylisting, Receiver Verification, SPF and RBL) and accept all e-mails for the analysis in the filter rule system, you can add the following to this list: Domains (Sender/Receiver), Mail address (Sender/Receiver), Regular Expression (Sender/Receiver), IP address (Sender), IP network (Sender)
Bayesian Filter – Automatically trained statistical filters
Some particular words have a higher probability of occurring in spam emails rather than in legitimate emails. By beeing trained to recognize those words, the Bayesian checks every email and adjusts the probabilities of it beeing a spam word or not in its database. This is done automatically.
Black- and Whitelists
Black- and Whitelists are an access control mechanism to accept, block, or quarantine emails to recipients. This allows you to tune the rule-system by applying different objects like domains, email address, regular expression, IP Network, LDAP Group, and others.
Proxmox Mail Gateway gathers statistical information about spam emails. This information is used by an autolearning algorithm, so the system becomes smarter over time.
Spam Uri Realtime BlockList (SURBL)
SURBLs are used to detect spam based on message body URIs (usually web sites). This makes them different from most other Real-time Blocklists, because SURBLs are not used to block spam senders. SURBLs allow you to block messages that have spam hosts which are mentioned in message bodies.
Tracking & Logs
Find Emails Quickly
The innovative Proxmox Message Tracking Center
The innovative Proxmox Message Tracking Center tracks and summarizes all available logs. With the web-based and userfriendly management interface the IT admins can easily overview and controll all functions from a single screen.
The Message Tracking Center is very fast and powerful, tested on Proxmox Mail Gateway sites processing over a million emails per day. All different log files from the last 7 days can be queried and the results are summarized by an intelligent algorithm.
All corresponding log files are displayed
- Arrival of the email
- Proxmox filtering processing with results
- Internal queue to your email server
- Status of final delivery
The real-time syslog shows the last 100 lines, the output can be filtered by selecting the log files from a service or by entering an individual search string.
Greylisting an email from a sender your system does not recognize, means, that it will be temporarily rejected. Since temporary failures are built into the RFC specifications for mail delivery, a legitimate server will try to resend the email later on. This is an effective method because spammers do not queue and reattempt mail delivery as is normal for a regular Mail Transport Agent. Greylisting can reduce e-mail traffic up to 50%. A greylisted email never reaches your mail server and thus your mail server will not send useless “Non Delivery Reports” to spammers.
Customize with the Object-Oriented Rule System
The object-oriented rule system enables custom rules for your domains. It’s an easy but very powerful way to define filter rules by user, domains, time frame, content type and resulting action. Proxmox Mail Gateway offers a lot of powerful objects to configure your own custom system.
- ACTIONS – object: Defines the final actions
- WHO – object: Who is the sender or receiver of the e-mail?
- WHAT – object: What is in the e-mail?
- WHEN – object: When is the e-mail received by Proxmox Mail Gateway?
Every rule has five categories FROM, TO, WHEN, WHAT and ACTION. Every of these categories can contain several objects and a direction (in, out and both).
For example, a virus protection looks like this: