I'll answer with the pieces I know, however limited they may be. We have several customers using Barracuda Mail Gateway, so I am familiar with them generally, if not at all familiar with your particular setup or needs. But here is what I have found:
- Overall, the more I have used PMG, the more I like it. This is unusual, as usually the longer you use a piece of software, the more you see the limitations/flaws/etc. So I feel that says a lot for PMG.
- My favorite feature of the Barracuda Mail Gateway is the message log. Specifically how it behaves as a very short term archive of messages (limited by storage space) and you can re-deliver messages as needed. This is missing in PMG.
- That said, overall, I like the way PMG handles message tracking better. It is much better privacy-wise. In Barracuda an admin can just double-click a message in the message log and view the full message. (Yes, Helpdesk-level users cannot do this, more on that below) In PMG, for most messages, an admin can only see the mail server logs for the message, and not any of the body of the message. For quarantined messages, admins can see the full contents of a message (in my opinion, this is a requirement for being able to determine whether a particular message is safe to release from quarantine or not.)
- Barracuda is probably slightly ahead in multiple domain setups, but really only for one reason: You can give "helpdesk" permissioned users permission to single domains. In Proxmox it is all or nothing, as far as I have been able to find. So if you need admins to only be able to have access to some of the domains configured on the system you are out of luck. The usual response appears to be "Install another instance" which certainly works, and keeps good separation, but isn't always practical. I think a more robust user permissions system in PMG would be a fabulous enhancement for future releases.
- I like the simplicity of the "Who, What, Where, When" for creating custom rules in PMG better than anything Barracuda has.
- PMG supports DKIM signing. Barracuda does not. I have always felt this was a HUGE oversight by Barracuda. Anything that has the ability to alter the body of an email
should needs to have the ability to sign it after making those alterations. Granted, most places only alter the body of incoming messages ("This email comes from an external source, be careful!" type of banners) so it may not be that big of a deal... But we have a couple of customers running on-prem Exchange servers + Barracuda ESG. Exchange on-prem doesn't handle DKIM (They want you on Office365 to support that!) and Barracuda doesn't handle it either, so they are out of luck! (Hopefully, with Google and Yahoo both about to require DKIM and DMARC Barracuda will step up and add this? I guess we will find out soon enough!)
So, overall... I'd say give PMG a shot and see if it is a fit for your customers. Spin it up at home, or for your own domain, or offer one of your smaller customers a deal for being a Guinea pig while you learn the system. Whatever works best for you. But I'd say it is definitely worth looking into.
