最新版 Proxmox Virtual Environment 8.2 更新於 2024/4/24
最新版 Proxmox Mail Gateway 8 更新於 2024/2/29
Proxmox Mail Gateway 是一套高效將垃圾郵件和病毒過濾的軟體
為了確保有效的電子郵件通信,Proxmox Mail Gateway是一套高效將垃圾郵件和病毒過濾的軟體。Proxmox的郵件網可幫助您保護您的企業免受所有的電子郵件威脅如垃圾郵件、病毒和木馬等等。靈活的架構結合了用戶名單,基於Web管理,使您可以輕鬆控制所有傳入和傳出的電子郵件。保持一個專業的電子郵件的工作流程,可以獲得較高的商業信譽和客戶滿意度。
版本比較
Annual Subscriptions for Proxmox Mail Gateway
PREMIUM |
STANDARD |
BASIC |
COMMUNITY |
|
|
|
|
系統需求
Recommended Hardware
(depending on your email traffic and settings)
- Multicore CPU: 64bit (Intel EMT64 or AMD64), for use as virtual machine activate Intel VT/AMD-V CPU flag
- 4 GB RAM
- Bootable CD-ROM-drive or USB boot support
- Monitor with a resolution of 1024x768 for the installation
- 1 Gbps Ethernet network interface card
- Storage: at least 8 GB free disk space, best setup with redundancy, use hardware RAID controller with battery backed write cache (“BBU”) or ZFS. ZFS is not compatible with a hardware RAID controller. For best performance use Enterprise class SSD with power loss protection.
Minimum Hardware
- CPU: 64bit (Intel EMT64 or AMD64)
- 2 GB RAM
- Bootable CD-ROM-drive or USB boot support
- Monitor with a resolution of 1024x768 for the installation
- Hard disk with at least 8 GB of disk space
- Ethernet network interface card
Supported web browsers for accessing the web interface
To use the web-based user interface we recommend one of the following browsers:
- Firefox, a release of the current year, or the latest Extended Support Release
- Chrome, a release of the current year
- Microsoft's currently supported version of Edge
- Safari, a release of the current year
Installation on a virtual host
To deploy Proxmox Mail Gateway on a virtualization platform you can use the same resource settings like on a physical hardware. The following platforms are supported:
- Proxmox Virtual Environment
- VMware vSphere
- Hyper-V
- KVM
- Virtual box
- Citrix Hypervisor
- LXC container
- ...and others supporting Debian Linux as guest OS
Anti-Spam/Virus
Spam & Virus Detection
Proxmox Mail Gateway is a mail proxy and protects your mail server from all email threats with a focus on spam, viruses, trojans and phishing emails. Deployed between your firewall and the internal email server, all incoming and outgoing email traffic is analyzed and various services for mail filtering are applied, for example the Postfix Mail Transport Agent (MTA), the ClamAV® antivirus engine and the Apache SpamAssassin™ project.
Virus Scanning
Proxmox Mail Gateway integrates ClamAV with the Google Safe Browsing Database.
ClamAV
ClamAV is an open-source antivirus engine designed for detecting trojans, viruses, malware and other malicious threats. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.
Spam Detection
Proxmox Mail Gateway uses a wide variety of local and network tests to identify spam signatures. This makes it harder for spammers to identify one aspect which they can craft their messages to work around. Every single e-mail will be analyzed and get a spam score assigned. The systems attempt to optimize the efficiency of the rules that are run in terms of minimizing the number of false positives and false negatives.
How to deploy Proxmox Mail Gateway in your network:
In a basic email server architecture, email traffic (SMTP) usually arrives on the firewall and will be directly forwarded to you mail server.
By using the Proxmox Mail Gateway, which is implemented between your firewall and the mail server, all e-mail traffic (SMTP) is forwarded to the Mail Gateway first, all unwanted emails are filtered and removed or rejected (before-queue filtering), and only then they are forwareded to your mail server.
Filtering Methods
Receiver Verification - The Proxmox Solution
Many of the junk messages reaching your network are emails to non-existent users. Proxmox Mail Gateway detects these emails on SMTP level, which means before they are transferred to your networks. This reduces the traffic to be analyzed for spam and viruses up to 90% and reduces the working load on your mail servers and scanners.
Sender policy framework (SPF)
Sender Policy Framework (SPF) is an open standard for validating emails and preventing sender IP address forgery. SPF allows the administrator of an Internet domain to specify which computers are authorized to send emails with a given domain by creating a specific SPF record in the DomainName System (DNS).
DNS-based Blackhole List
A DNS-based Blackhole List (DNSBL) is a means by which an Internet site may publish a list of IP addresses, in a format which can be easily queried by computer programs on the internet. The technology is built on top of the Domain Name System. DNSBLs are used to publish lists of addresses linked to spamming.
SMTP Whitelist
Exclude senders from SMTP blocking. To prevent all SMTP checks (Greylisting, Receiver Verification, SPF and RBL) and accept all e-mails for the analysis in the filter rule system, you can add the following to this list: Domains (Sender/Receiver), Mail address (Sender/Receiver), Regular Expression (Sender/Receiver), IP address (Sender), IP network (Sender)
Bayesian Filter - Automatically trained statistical filters
Some particular words have a higher probability of occurring in spam emails rather than in legitimate emails. By beeing trained to recognize those words, the Bayesian checks every email and adjusts the probabilities of it beeing a spam word or not in its database. This is done automatically.
Black- and Whitelists
Black- and Whitelists are an access control mechanism to accept, block, or quarantine emails to recipients. This allows you to tune the rule-system by applying different objects like domains, email address, regular expression, IP Network, LDAP Group, and others.
Greylisting
Greylisting means that your system temporarily rejects an email from a sender your system does not recognize. Since temporary failures are built into the RFC specifications for mail delivery, a legitimate server will try to resend the email later on. This is an effective method because spammers do not queue and reattempt mail delivery as a regular Mail Transport Agent would normally do. Greylisting can reduce e-mail traffic up to 50%. A greylisted email never reaches your mail server and thus your mail server will not send useless "Non Delivery Reports" to spammers.
Spam Uri Realtime BlockList (SURBL)
SURBLs are used to detect spam based on message body URIs (usually web sites). This makes them different from most other Real-time Blocklists, because SURBLs are not used to block spam senders. SURBLs allow you to block messages that have spam hosts which are mentioned in message bodies.
Find Emails Quickly
The innovative Proxmox Message Tracking Center
The innovative Proxmox Message Tracking Center tracks and summarizes all available logs. With the web-based and userfriendly management interface the IT administrator can easily overview and controll the email flow from a single screen.
The Message Tracking Center is very fast and powerful, tested on Proxmox Mail Gateway sites processing over a million emails per day. All different log files from the last 7 days can be queried and the results are summarized by an intelligent algorithm.
All corresponding log files are displayed
- Arrival of the email
- Proxmox filtering processing with results
- Internal queue to your email server
- Status of final delivery
Real-time
The real-time syslog shows the last 100 lines, the output can be filtered by selecting the log files from a service or by entering an individual search string.
High Availability with Proxmox HA Cluster
To provide a 100% secure email system for your business, we developed Proxmox High Availability (HA) Cluster. The Proxmox HA Cluster uses a unique application level clustering scheme, which provides extremely good performance. Fast set-up within minutes and a simple, intuitive management keep maintenance needs low. After temporary failures, nodes automatically reintegrate without any operator interaction.
Data synchronization via VPN tunnel
The Proxmox HA Cluster consists of a master and several nodes (minimum of one node). All configuration is done on the master and then synchronized to all cluster nodes over a VPN tunnel.
Benefits of Proxmox HA Cluster:
- Centralized configuration management
- Fully redundant data storage
- High availability
- High performance
- Unique application level clustering scheme
- Cluster setup is done within minutes
- Nodes automatically reintegrate after temporary failures - without any operator interaction.
Load-Balancing-Cluster with MX records
With MX records it is simple to set up a high performance load balanced mail cluster. You just have to define two MX records with the same priority.
To start, you need two working Proxmox Mail Gateways, each having its own IP address. Then you define your MX records. You will receive mails on both hosts - more or less load-balanced, using Round-robin scheduling. Round-robin (RR) is a scheduling algorithm which alternates between systems. If one host fails the other is used.
Note: It is always very useful to add reverse lookup entries (PTR records) for those hosts. Many e-mail systems nowadays reject emails from hosts without valid PTR records.
Multiple address records
If you have many domains, it is possible to use one MX record per domain and multiple address records. This way you can add one DNS MX record to all your domains, which points to multiple IP Addresses, saving you the burden of adding multiple records to many domains.
Customize with the Object-Oriented Rule System
The object-oriented rule system enables you to create customized rules for your environment. It’s an easy but very powerful way to define filter rules by user, domain, time frame, content type and resulting action. Proxmox Mail Gateway offers a lot of powerful objects to configure your own custom system.
Rules:
- ACTIONS - object: Defines what should happen with the email.
- WHO - object: Who is the sender or receiver of the e-mail?
- WHAT - object: What is in the e-mail?
- WHEN - object: When is the e-mail received by Proxmox Mail Gateway?
Categories:
Every rule has five categories FROM, TO, WHEN, WHAT and ACTION. Each of these categories can contain several objects and a direction (in, out and both).
Options range from simple spam and virus filter setups to sophisticated, highly customized configurations blocking certain types of e-mails and generating notifications.
Proxmox Virtual Environment 是一套服務器虛擬化軟體
Proxmox VE 是服務器一個完整的開源虛擬化管理解決方案。基於KVM的虛擬化和管理虛擬機,存儲,虛擬化網絡和HA集群。
企業級的功能和Web界面幫助您提高使用您現有的資源,減少硬件成本和行政的時間。您可以輕鬆地進行虛擬化,處理在Linux和Windows平台中應用程式的工作負載。
更新介紹
Highlights in Proxmox Virtual Environment 8.1
- Support for Secure Boot: This version is now compatible with Secure Boot. This security feature is designed to protect the boot process of a computer by ensuring that only software with a valid digital signature launches on a machine. Proxmox VE now includes a signed shim bootloader trusted by most hardware's UEFI implementations. This allows installing Proxmox VE in environments with Secure Boot active.
- Software-defined Network (SDN): With this version the core Software-defined Network (SDN) packages are installed by default. The SDN technology in Proxmox VE enables to create virtual zones and networks (VNets), which enables users to effectively manage and control complex networking configurations and multitenancy setups directly from the web interface at the datacenter level. Use cases for SDN range from an isolated private network on each individual node to complex overlay networks across multiple Proxmox VE clusters on different locations. The benefits result in a more responsive and adaptable network infrastructure that can scale according to business needs.
- New Flexible Notification System: This release introduces a new framework that uses a matcher-based approach to route notifications. It lets users designate different target types as recipients of notifications. Alongside the current local Postfix MTA, supported targets include Gotify servers or SMTP servers that require SMTP authentication. Notification matchers determine which targets will get notifications for particular events based on predetermined rules. The new notification system now enables greater flexibility, allowing for more granular definitions of when, where, and how notifications are sent.
- Support for Ceph Reef and Ceph Quincy: Proxmox Virtual Environment 8.1 adds support for Ceph Reef 18.2.0 and continues to support Ceph Quincy 17.2.7. The preferred Ceph version can be selected during the installation process. Ceph Reef brings better defaults improving performance and increased reading speed.
版本比較
COMMUNITY
|
BASIC
|
STANDARD
|
PREMIUM
|
» Access to Enterprise repository |
» Access to Enterprise repository |
» Access to Enterprise repository |
» Access to Enterprise repository |
* Guaranteed first response time on critical support requests
系統需求
Recommended Hardware
- Intel EMT64 or AMD64 with Intel VT/AMD-V CPU flag.
- Memory, minimum 2 GB for OS and Proxmox VE services. Plus designated memory for guests. For Ceph or ZFS additional memory is required, approximately 1 GB memory for every TB used storage.
- Fast and redundant storage, best results with SSD disks.
- OS storage: Hardware RAID with batteries protected write cache (“BBU”) or non-RAID with ZFS and SSD cache.
- VM storage: For local storage use a hardware RAID with battery backed write cache (BBU) or non-RAID for ZFS. Neither ZFS nor Ceph are compatible with a hardware RAID controller. Shared and distributed storage is also possible.
- Redundant Gbit NICs, additional NICs depending on the preferred storage technology and cluster setup – 10 Gbit and higher is also supported.
- For PCI(e) passthrough a CPU with VT-d/AMD-d CPU flag is needed.
For Evaluation
Minimum Hardware (for testing only)
- CPU: 64bit (Intel EMT64 or AMD64)
- Intel VT/AMD-V capable CPU/Mainboard (for KVM Full Virtualization support)
- Minimum 1 GB RAM
- Hard drive
- One NIC
Testing with desktop virtualization
Proxmox VE can be installed as a guest on all common used desktop virtualization solutions as long as they support nested virtualization.
Supported web browsers for accessing the web interface
To use the web interface you need a modern browser, this includes:
- Firefox, a release from the current year, or the latest Extended Support Release
- Chrome, a release from the current year
- Microsofts currently supported version of Edge
- rSafari, a release from the current yea
Proxmox VE on a Debian System
If you want you can install Proxmox VE on top of a running Debian 64-bit. This is especially interesting, if you want to have a custom partition layout.
Server Virtualization
Proxmox Virtual Environment is based on Debian GNU/Linux and uses a custom Linux Kernel. The Proxmox VE source code is free, released under the GNU Affero General Public License, v3 (GNU AGPLv3). This means that you are free to use the software, inspect the source code at any time and contribute to the project yourself. You can download the Proxmox VE ISO installer or inspect the code in the public code repository (git).
Using open-source software guarantees full access to all functionality, as well as a high level of reliability and security. We encourage everybody to contribute to the Proxmox VE project, while Proxmox, the company behind it, ensures that the product meets consistent, enterprise-class quality criteria.
Kernel-based Virtual Machine (KVM)
KVM is the industry-leading Linux virtualization technology for full virtualization. It's a kernel module, that's merged into the mainline Linux kernel, and it runs with near-native performance on all x86 hardware with virtualization support—either Intel VT-x or AMD-V.
With KVM you can run both Windows and Linux in virtual machines (VMs), where each VM has private, virtualized hardware: a network card, disk, graphics adapter, etc. Running several applications in VMs on a single system, enables you to save power and reduce costs, while at the same time, giving you the flexibility to build an agile and scalable software-defined data center, that meets your business demands.
Proxmox VE has included KVM support since the beginning of the project, back in 2008 (that is since version 0.9beta2).
Container-based virtualization
Container-based virtualization technology is a lightweight alternative to full machine virtualization, because it shares the host system's kernel.
Linux Containers (LXC)
LXC is an operating-system-level virtualization environment for running multiple, isolated Linux systems on a single Linux control host. LXC works as a userspace interface for the Linux kernel containment features. Users can easily create and manage system or application containers with a powerful API and simple tools.
Central Management
To manage all tasks of your virtual data center, you can use the central, web-based management interface. The whole functionality of the web interface is also accessible via CLI or REST API, which can be used to automate tasks.
Web-based management interface
Proxmox VE is easy to use. You can do all management tasks with the integrated graphical user interface (GUI), there is no need to install a separate management tool. The central web interface is based on the ExtJS JavaScript framework and can be accessed from any modern browser. In addition to management tasks, it also provides an overview of the task history and system logs of each node. This includes running backup tasks, live migration, software-defined storage, or HA triggered activities. The multi-master tool allows you to manage your whole cluster from any node of your cluster; you don't need a dedicated manager node.
Proxmox VE mobile
You can access Proxmox VE on mobile devices either via an Android app or via the HTML5-based mobile version of the web interface. The Proxmox VE Android app is based on the Flutter framework, and allows you to access your Proxmox VE server and manage your cluster, nodes, VMs, and containers. The Proxmox VE HTML5 mobile client enables you to manage Proxmox VE on the go, including access to the SPICE and HTML5 console. This allows you to manage VMs and containers, and view their configuration.
Command line interface (CLI)
For advanced users who are used to the comfort of the Unix shell or Windows Powershell, Proxmox VE provides a command line interface to manage all the components of your virtual environment. This command line interface has intelligent tab completion and full documentation in the form of UNIX man pages.
REST API
Proxmox VE uses a RESTful API. We chose JSON as the primary data format, and the whole API is formally defined using JSON Schema. This enables fast and easy integration for third party management tools, such as custom hosting environments.
Clustering
While many people start with a single node, Proxmox Virtual Environment can scale out to a large set of clustered nodes. The cluster stack is fully integrated and ships with the default installation.
Proxmox Cluster File System (pmxcfs)
Proxmox VE uses the unique Proxmox Cluster File System (pmxcfs), a database-driven file system developed by Proxmox.
The pmxcfs enables you to synchronize configuration files across your cluster. By using Corosync, these files are replicated in real time to all cluster nodes. The file system stores all data inside a persistent database on disk, nonetheless, a copy of the data resides in RAM. The maximum storage size is currently 30 MB - more than enough to store the configuration of several thousands of VMs.
Proxmox VE is the only virtualization platform using this unique cluster file system, pmxcfs.
Live/Online migration
With the integrated live/online migration feature, you can move running virtual machines from one Proxmox VE cluster node to another, without any downtime or noticeable effect from the end-user side.
Administrators can initiate this process from either the web interface or the command line. This enables you to minimize downtime, in case you need to take the host system offline for maintenance.
Unique multi-master design
To simplify the management of a cluster, you can carry out maintenance tasks cluster-wide, from any node. The integrated web-based management interface gives you a clean overview of all your KVM guests and Linux containers across your cluster. You can easily manage your VMs and containers, storage or cluster from the GUI. There is no need to install a separate, complex, and pricey management server.
Authentication
Role-based administration
You can define granular access to all objects (like VMs, storage, nodes, etc.) by using the role-based permission management system. This allows you to define privileges and helps you to control access to objects. This concept is also known as access control lists: Each permission specifies a subject (a user group, or API token) and a role (set of privileges) on a specific path.
Authentication realms
Proxmox VE supports multiple authentication sources, for example Linux PAM, an integrated Proxmox VE authentication server, LDAP, Microsoft Active Directory, and OpenID Connect.
Proxmox VE High Availability (HA) Cluster
A multi-node Proxmox VE Cluster enables the creation of highly available virtual servers. The Proxmox VE HA Cluster is based on proven Linux HA technologies, providing stable and reliable HA service.
The entire Proxmox VE HA Cluster can be easily configured from the integrated web-based user interface.
Proxmox VE HA Manager
The resource manager, Proxmox VE HA Manager, monitors all VMs and containers in the cluster and automatically comes into action if one of them fails. The Proxmox VE HA Manager works out-of-the-box. Zero configuration is needed. Additionally, the watchdog-based fencing dramatically simplifies deployment.
Proxmox VE HA Simulator
Proxmox VE includes a HA Simulator. This allows you to test the behavior of a real-world 3 node cluster with 6 VMs. The Proxmox HA Simulator runs out-of-the-box and helps you to learn and understand how Proxmox VE HA works.
Networking
Proxmox VE's networking capabilities enable responsive and adaptable networks that can scale according to your business needs.
Software-Defined Network (SDN)
The Software-defined Networking (SDN) feature allows Proxmox VE to manage advanced networking configurations and multitenancy setups across Proxmox VE clusters. Possible use cases range from an isolated private network on each individual node to complex overlay networks across multiple Proxmox VE clusters on different locations.
It is applicable to all sizes of networks, from a simple routed NAT setup, traditional separation into 802.1q VLANs, to features like QinQ, VXLAN tunneling, and BGP-based EVPN infrastructures.
Linux Networking Stack
For simple setups, Proxmox VE provides flexible network configuration options for local nodes. A bridged network model is used to provide seamless connectivity between virtualized environments and the external network. Bridges are comparable to physical network switches, but implemented as software on the Proxmox VE host.
For additional flexibility, you can set up VLANs, create a bond interface, and manage basic network routing.
Flexible Storage Options
The Proxmox VE storage model is very flexible. VM images can either be stored on one or several local storage devices or on shared storage like NFS and SAN. There are no limits. You can configure as many storages as you like, and can use all storage technologies available for Debian GNU/Linux. The benefit of storing VMs on shared storage is the ability to live-migrate running machines without any downtime.
In the Proxmox VE web interface, you can add the following storage types:
Network storage types
- LVM Group (network backing with iSCSI targets)
- iSCSI target
- NFS Share
- SMB/CIFS
- Ceph RBD
- Direct to iSCSI LUN
- GlusterFS
- CephFS
Local storage types
- LVM Group
- Directory (storage on an existing filesystem)
- ZFS
Software-Defined Storage with Ceph
Ceph is an open-source distributed object store and file system designed to provide excellent performance, reliability and scalability. Proxmox Virtual Environment fully integrates Ceph, giving you the ability to run and manage Ceph storage directly from any of your cluster nodes.
Ceph provides two types of storage, RADOS Block Device (RBD) and CephFS. An RBD provides block level storage, for content such as disk images and snapshots. CephFS implements a POSIX-compliant filesystem using a Ceph storage cluster to store its data.
Benefits of Ceph with Proxmox VE
- Easy setup and management through the GUI and CLI
- Self-healing
- Scalable to the exabyte level
- Setup pools with different performance and redundancy characteristics
- Runs on economical commodity hardware
Proxmox VE Firewall
The built-in Proxmox VE Firewall provides an easy way to protect your IT infrastructure. The firewall is completely customizable, allowing complex configurations via the GUI or CLI.
You can set up firewall rules for all hosts inside a cluster, or define rules for virtual machines and containers only. Features like firewall macros, security groups, IP sets and aliases help to make that task easier.
Distributed firewall
While all configuration is stored in the cluster file system, the iptables-based firewall runs on each cluster node, and thus provides full isolation between virtual machines. The distributed nature of this system also provides much higher bandwidth than a centralized firewall solution.
IPv4 and IPv6
The firewall has full support for IPv4 and IPv6. IPv6 support is fully transparent, and we filter traffic for both protocols by default. Thus, there is no need to maintain a different set of rules for IPv6.
Backup/Restore
Backups are a basic requirement for any sensible IT environment. The Proxmox VE platform provides a fully integrated solution, using the capabilities of each storage and each guest system type. Backups can be easily started with the GUI or with the vzdump backup tool (via command line). These backups are always full backups - containing the configuration of VMs and container, and all data.
The integrated backup tool (vzdump) creates consistent snapshots of running containers and KVM guests. It basically creates an archive of the VM or container data and also includes the configuration files.
Scheduled backup
Backup jobs can be scheduled so that they are executed automatically on specific days and times, for selectable nodes and guest systems.
Backup storage
KVM live backup works for all storage types including VM images on NFS, iSCSI LUN, and Ceph RBD. The Proxmox VE backup format is optimized for storing VM backups quick and effectively (accounting for sparse files, out of order data, minimized I/O).
Proxmox Backup Server Integration
Proxmox Backup Server is our enterprise-class backup solution, that is capable of backing up VMs, containers, and physical hosts. Support for this is fully integrated into Proxmox VE, meaning you can seamlessly back up and restore guests using the same common interface that the other storage types use.
These backups are incremental, only transferring newly changed data over the network. This is highly beneficial in terms of network bandwidth and backup job run time. Data can also be easily encrypted on the client side, so that your backed up data is inaccessible to attackers.
Live-restore
Restoring large backups can take a long time and be a major source of downtime in case of disaster. However, for VM backups that are stored on a Proxmox Backup Server, the live-restore feature minimizes this downtime, allowing the VM to start as soon as the restore begins. In this case, the data is continuously copied in the background, prioritizing chunks that the VM is actively accessing.
Single-file restore
Oftentimes, only a single file or directory is needed from a backup. From the Proxmox VE web interface, you can securely search for and restore individual files or directories from a VM or container backup.