How to get proxmox mail gateway to the next level? we are so far away from a secure system

poetry

Active Member
May 28, 2020
206
57
33
Hello,
I have been working extremely hard on improving spam detection, improving virus detection on proxmox mail gateway but I still feel like I am nowhere where I want it to be. I am mostly worried about malicious links/attachments, messages that will load scripts or anything malicious.

I just done the test on https://emailsecuritytester.com/ and it just shows how far away from a secure system I am currently.
I really have no idea what to do anymore and I am tried of putting unlimited hours in without any significant improvement.
I think this tests are completely legitimate and just shows how much we have to improve on proxmox mail gateway, Is there anything in the works that will really take proxmox mail gateway to the next level or should we just give up and go with other system?

Here are my results:
01. Spoofed envelope sender - Well done!
02. HTML analysis - High Risk!
03. Executable file - Room for Improvement!
04. Virus attachment - Well done!
05. Outlook Conditional Comment - High Risk!
06. Malware URI - High Risk!
07. Zero Width Spaces link - High Risk!
08. Base HTML Tag link - High Risk!
09. HTML JS Redirect Attachment - High Risk!
10. RFC-Abused HTML Attachment - High Risk!
11. Active PDF - High Risk!
12. PDF with malicious text link - High Risk!
13. PDF with malicious link - High Risk!
14. ZIP Archive with JS - Room for Improvement!
15. MS Word Document with external contents - Well done!
16. MS Excel Document with formula macro function - High Risk!

1627413291900.png

The spoofing was blocked because of -all spf record and custom SPF_FAIL(29). The one message that was quarantined was detected with virus detected: SecuriteInfo.com.Backdoor.Generic.aybo.27163.UNOFFICIAL (clamav) again something that you don't get on default proxmox and is something I added myself.


1627413765007.png
 
  • Like
Reactions: rroethof and flames
1.5 year later and lately receiving loads and loads of PDF link spam, just tested this on 31st of december 2022.. 20% score.
"Comprehensive Open-Source Email Security Platform" is what the website of PMG states, how come and why this is (even 1.5 year after the original question is posted.. still an issue ?
 
1.5 year later and lately receiving loads and loads of PDF link spam, just tested this on 31st of december 2022.. 20% score.
"Comprehensive Open-Source Email Security Platform" is what the website of PMG states, how come and why this is (even 1.5 year after the original question is posted.. still an issue ?
I tested this also. I have an 48% score with rspamd...will test this with PMG soon.
 
  • Like
Reactions: Andy_red
Since I posted this post I have done some changes that should improve this score have to test again when I have some time. I have been extremely busy when I have some free time I would like to do a big new post about what are all my changes that help improve the detection hope I can do this by the end of this month but no promises. Thanks to everyone for testing if you know of any similar test let me know I would like to run pmg over as many tests as possible. I think we all want to do as good as a job with filtering as we can with what we have available and only with testing and continuous improvement we can get to a very good filtering system that we all want.
 
  • Like
Reactions: DerDanilo

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!