Instelligence

Solution

Proxmox Mail Gateway

SMTP-layer spam and virus filtering — Rspamd detection engine, ClamAV scanning, quarantine management, and DKIM/SPF/DMARC enforcement in an open-source appliance.

Book a discovery call All solutions

Proxmox Mail Gateway (PMG) is an open-source email security gateway that sits between the public internet and your mail server. Inbound and outbound SMTP traffic passes through PMG for spam scoring, virus scanning, and policy enforcement — before it reaches your users or leaves your network. Built on a hardened Debian base with a web-based management interface and a REST API.

How it works

1

Mail arrives at PMG (MX record)

Your MX record points to Proxmox Mail Gateway. All inbound SMTP connections terminate here. PMG applies reputation checks, SPF/DKIM/DMARC validation, and greeting-stage rejection before accepting the message body.

2

Rspamd scoring + ClamAV scanning

Each message is scored by Rspamd — a high-performance spam filter with Bayesian learning, DNSBL lookups, and machine-learning scoring. ClamAV scans attachments and embedded content for malware signatures.

3

Rule-based policy action

Based on the score and any matching policy rules, PMG accepts, quarantines, rejects, tags, or rewrites the message. Rules can target sender, recipient, score thresholds, or content patterns.

4

Delivery to your mail server

Clean messages are relayed to your internal mail server — Exchange, Postfix, Microsoft 365, or any SMTP target. PMG is transport-agnostic and delivery is configurable per domain.

Feature set

Rspamd spam detection

Rspamd combines rule-based, statistical (Bayesian), and machine-learning approaches. It's significantly more accurate than legacy SpamAssassin-based systems, with substantially lower false positive rates.

ClamAV malware scanning

ClamAV scans all message attachments and embedded URLs. Signature updates are automatic. Additional commercial AV databases can be added for broader coverage.

Quarantine management

Quarantined messages are accessible via a web portal. Users receive daily digest emails with one-click release. Admins can search, release, or block-list directly from the admin UI.

DKIM, SPF & DMARC

PMG enforces SPF and DMARC policies on inbound mail. DKIM signing is available for outbound mail — signing with your domain's key before delivery. DMARC reports are generated and consumable.

TLS enforcement

Inbound and outbound TLS with certificate validation. Mandatory TLS policies can be configured per destination domain — ensuring encrypted delivery to known partners.

Reporting & statistics

Per-domain and per-user mail flow statistics, spam/virus hit rates, and quarantine summaries — accessible from the admin UI and via the REST API for integration with external dashboards.

Deployment modes

Transparent SMTP proxy

PMG intercepts SMTP traffic without being the MX record — useful when you can't change DNS or need to insert filtering inline. Requires network configuration to route SMTP traffic through PMG.

Suitable for: adding filtering to an existing setup without DNS changes

SMTP relay (recommended)

PMG is your public MX. Inbound mail terminates here, is processed, and is relayed internally to your mail server. Outbound mail routes through PMG for DKIM signing and outbound filtering. This is the most common and most capable deployment mode.

Suitable for: new deployments and migrations

Runs on Proxmox VE or bare metal

PMG is a self-contained Debian-based appliance. It can run as a VM on your Proxmox VE cluster (the common deployment) or on dedicated hardware. For HA, deploy two PMG nodes behind a load balancer or with split MX priority.

Subscription tiers

Basic

  • Enterprise repo
  • 3 support tickets/yr
  • 2 business day response

Standard

  • Enterprise repo
  • 10 support tickets/yr
  • 2 business day response

Premium

  • Enterprise repo
  • Unlimited tickets
  • 4-hour response

Get a PMG licensing quote

Book a discovery call