Mail Gateway

Price server


Proxmox Mail Gateway

Proxmox Mail Gateway is an open-source email security solution that protects your mail server from all email threats from the moment they occur. The complete mail proxy can be easily implemented within minutes between the firewall and your internal mail server.


Spam and virus detection

Proxmox Mail Gateway is an email proxy and protects your mail server against all email threats with a focus on spam, viruses, Trojans and phishing emails. Deployed between your firewall and the internal mail server, all incoming and outgoing mail traffic is analyzed and various mail filtering services are applied, for example the Postfix Mail Transport Agent (MTA), the ClamAV® antivirus engine and the Apache SpamAssassin ™ – project.

virus scanning

Proxmox Mail Gateway integrates ClamAV with the Google Safe Browsing Database.


ClamAV is an open-source antivirus engine designed to detect Trojans, viruses, malware and other malicious threats. It offers a powerful multi-threaded scan daemon, command-line tools for on-demand file scanning, and an intelligent tool for automatic signature updates.

Spam detection

Proxmox Mail Gateway uses a wide variety of local and network tests to identify spam signatures. This makes it more difficult for spammers to identify an aspect that allows them to get around their messages. Each email is analyzed and assigned a spam score. The systems try to optimize the efficiency of the rules being executed in terms of minimizing the number of false positives and false negatives.

Tracking and logging

Find emails quickly

The innovative Proxmox Message Tracking Center
The innovative Proxmox Message Tracking Center tracks and summarizes all available logs. With the web-based and user-friendly management interface, the IT administrator can easily view and manage the email flow from one screen.

The Message Tracking Center is very fast and powerful, tested on Proxmox Mail Gateway sites and handles over a million emails per day. All the different log files from the last 7 days can be retrieved and the results are summarized by an intelligent algorithm.

All associated log files are displayed

  • Arrival of the email
  • Proxmox filter processing with results
  • Internal queue to your email server
  • Status of the final delivery

real time

The real-time syslog shows the last 100 lines, the output can be filtered by selecting a service’s log files or by entering an individual search string.

High availability with Proxmox HA Cluster

To provide a 100% secure email system for your business, we developed Proxmox High Availability (HA) Cluster. The Proxmox HA Cluster uses a unique application-level clustering scheme that delivers extremely high performance. Quick installation in minutes and simple, intuitive management keep maintenance needs low. After temporary outages, nodes are automatically reintegrated without operator intervention.

Synchronization via VPN tunnel

The Proxmox HA cluster consists of a master and multiple nodes (minimum one node). All configuration is done on the master and then synchronized to all cluster nodes through a VPN tunnel.

Proxmox HA Cluster Benefits:

  • Centralized Configuration Management
  • Fully redundant data storage
  • High availability
  • High performance
  • Unique application-level clustering scheme
  • Cluster setup is completed in minutes
  • Nodes are automatically reintegrated after temporary failures – without operator intervention.


Customize with the object-oriented control system
The object-oriented rules system allows you to create custom rules for your environment. It is an easy yet very powerful way to define filtering rules by user, domain, time frame, content type and resulting action. Proxmox Mail Gateway offers many powerful objects to configure your own custom system.


  • ACTIONS – object: defines what to do with the email.
  • WHO – object: Who is the sender or recipient of the email?
  • WHAT – object: What’s in the email?
  • WHEN – object: When will the email be received by Proxmox Mail Gateway?


Each rule has five categories FROM, TO, WHEN, WHAT and ACTION. Each of these categories can contain multiple objects and a direction (in, out, and both).

Options range from simple spam and virus filtering settings to advanced, highly customized configurations that block certain types of emails and generate notifications.

Read more in the reference documentation


Affordable and scalable

A single Proxmox Mail Gateway server can handle an unlimited number of email domains with multiple internal email servers and millions of emails per day. The flexible subscription model makes it very affordable to scale capacity as your demand grows.

the gatekeeper

In a standard mail server architecture, mail traffic (SMTP) usually arrives at the firewall and is routed directly to your mail server.

By using the Proxmox Mail Gateway, which is implemented between your firewall and the mail server, all mail traffic (SMTP) is first forwarded to the Mail Gateway, all unwanted mails are filtered and deleted or rejected (before queuing filtering), and only then are they forwarded to your mail server.

Filter methods

Receiver Authentication – The Proxmox Solution

Many of the junk messages that reach your network are emails to non-existent users. Proxmox Mail Gateway detects these emails at the SMTP level, which means before they are sent to your networks. This reduces the traffic to be analyzed for spam and viruses by up to 90% and reduces the workload of your mail servers and scanners.

Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is an open standard for validating emails and preventing spoofing of the sender’s IP address. With SPF, the administrator of an Internet domain can indicate which computers are authorized to send emails with a particular domain by creating a specific SPF record in the Domain Name System (DNS).

DNS Based Blackhole List

A DNS-based Blackhole List (DNSBL) is a means by which an Internet site can publish a list of IP addresses in a format that can be easily retrieved by computer programs on the Internet. The technology is built on top of the Domain Name System. DNSBLs are used to publish lists of addresses associated with spam.

SMTP whitelist

Exclude senders from SMTP blocking. To avoid all SMTP checks (Greylisting, Receiver Verification, SPF and RBL) and to accept all emails for analysis in the filtering rule system, you can add the following to this list: Domains (Sender / Recipient), Mail Address (Sender /recipient), regular expression (sender/recipient), IP address (sender), IP network (sender)
Bayesian filter – automatically trained statistical filters
Some specific words are more common in spam emails than in legitimate emails. By being trained to recognize those words, the Bayesian checks each email and adjusts the probability of whether it is a spam word or not in its database. This happens automatically.

Black and white lists

Blacklists and whitelists are an access control mechanism to accept, block or quarantine emails sent to recipients. It allows you to fine-tune the rule system by applying various objects such as domains, email address, regular expression, IP network, LDAP group and others.


Greylisting means that your system temporarily rejects an email from a sender that your system does not recognize. Since transient errors are built into the RFC email delivery specifications, a legitimate server will try to resend the email later. This is an effective method because spammers don’t queue up and try to deliver mail again as a regular Mail Transport Agent would normally do. Greylisting can reduce email traffic by up to 50%. A graylisted email never reaches your mail server, so your mail server will not send useless “Non Delivery Reports” to spammers.

Spam Uri Realtime BlockList (SURBL)

SURBLs are used to detect spam based on the URIs of the message body (usually websites). This sets them apart from most other Real-time Blocklists, as SURBLs are not used to block spam senders. SURBLs allow you to block messages that have spam hosts listed in the message body.

Load-Balancing-Cluster with MX records

MX records make it easy to set up a high-performance load-balanced mail cluster. You just need to define two MX records with the same priority.

To get started, you need two working Proxmox Mail Gateways, each with its own IP address. Next, you define your MX records. You receive emails on both hosts – more or less load-balanced, using Round-robin scheduling. Round-robin (RR) is a scheduling algorithm that switches between systems. If one host fails, the other is used.

Note: It is always very useful to add reverse lookup entries (PTR records) for those hosts. Many email systems today reject emails from hosts without valid PTR records.

Multiple address records

If you have many domains, it is possible to use one MX record per domain and multiple address records. This way, you can add one DNS MX record to all your domains, which points to multiple IP addresses, eliminating the need to add multiple records to many domains.

Easy integration

Designed as a software application, the strength of Proxmox Mail Gateway is its flexibility. It integrates easily into your existing email architecture and is compatible with any type of mail transfer agent such as MS Exchange, Lotus Domino or Postfix. Or you can use it as a virtual device, directly from the Tuxis Marketplace or on your own infrastructure.

Still have a question?