Your solution looks fine and I test it for installation in our company (then for sure with license). However, I recognized, that some things are missing:
- IPv6 is not fetched on installation and setting need restart?
- No time server could be set!
- Cert handling would be fine via UI, but is ok via command line
- Why no own bind server shipped with installation (prevent from blocks like URIBL with common nameservers)
- Why no firewall setup / settings to run Proxmox also "in the internet"
- Additional VPN setup would be fine to restrict access to the system
- Missing Pyzor and DCC (if because of license perhaps providing assistance/a script/... to install DCC)
- Missing additional postfix restrictions against RFC ignorant spam (smtpd_data_restrictions = reject_unauth_pipelining, unknown_address_reject_code = 550, unknown_client_reject_code = 550)
- Missing additional blacklist possibilities (reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_client dbl.spamhaus.org
- Missing additional content list possibilities (add additional blacklists to spamassassin like Barracuda RBL (has some false positives, so better for content), RBLDNS.RU (has more false positives, same for following ones), SPFBL, s5h RBL, JunkEmailFilter with Black, White and Brown, DNSRBL, JustSpam, inps DNSBL, GBUdb Truncate, V4BL/FREE, maybe also UCEPROTECT Level 1 and BACKSCATTERER Zone)
- Tracking Center may also show subject and especially the spam level reached, should be filterable for Status (maybe more Status options for rejected ones) and searchable for log content
- Statistic graphs don't include spam mails and there is no clear definition in difference of rejected is Junk and content scanned maybe Spam
So the solution looks very good with room for improvements. I believe, open sourcing the solution has the idea to find help from users, where to improve to kick all competitor products away.
- IPv6 is not fetched on installation and setting need restart?
- No time server could be set!
- Cert handling would be fine via UI, but is ok via command line
- Why no own bind server shipped with installation (prevent from blocks like URIBL with common nameservers)
- Why no firewall setup / settings to run Proxmox also "in the internet"
- Additional VPN setup would be fine to restrict access to the system
- Missing Pyzor and DCC (if because of license perhaps providing assistance/a script/... to install DCC)
- Missing additional postfix restrictions against RFC ignorant spam (smtpd_data_restrictions = reject_unauth_pipelining, unknown_address_reject_code = 550, unknown_client_reject_code = 550)
- Missing additional blacklist possibilities (reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_client dbl.spamhaus.org
- Missing additional content list possibilities (add additional blacklists to spamassassin like Barracuda RBL (has some false positives, so better for content), RBLDNS.RU (has more false positives, same for following ones), SPFBL, s5h RBL, JunkEmailFilter with Black, White and Brown, DNSRBL, JustSpam, inps DNSBL, GBUdb Truncate, V4BL/FREE, maybe also UCEPROTECT Level 1 and BACKSCATTERER Zone)
- Tracking Center may also show subject and especially the spam level reached, should be filterable for Status (maybe more Status options for rejected ones) and searchable for log content
- Statistic graphs don't include spam mails and there is no clear definition in difference of rejected is Junk and content scanned maybe Spam
So the solution looks very good with room for improvements. I believe, open sourcing the solution has the idea to find help from users, where to improve to kick all competitor products away.