suggestion : missing features for a complete product

Jun 30, 2020
Hi all,

I've installed the Proxmox Mail Gateway to test myself if this product can replace a working system based on mailscanner + mailwatch. The GUI is impressive but i've found that at least two essential features are missing :

1) the domain admin user. This user can view and manage all (quarantine, threshold, BL, WL etc) about the domain assigned to him
2) the single local user : this user have the name in the form of user@[domain].domain.ext and can view and manage his personal quarantine, BL, WL. The registration of this user type is autonomous (like a recovery password inserting his email address in a form and with a check that must be in the domain list of the system) or by his domain admin

may be that i haven't found these hidden features ?

Obviously i've tried the different role (as the "quaratine manager") but this is for all the system and can't filter for some domains in the system. Also i think that the menu must collapse and hide the unavailable options for the role ... below is what happen with the "quarantine manager" : the menu is complete but when you select a menu option that you can't view/manage, an error appear ... not good.


Thank you
2) the single local user : this user have the name in the form of user@[domain].domain.ext and can view and manage his personal quarantine, BL, WL.
This is already possible - simply set the spamreport style in GUI->Configuration->Spam Detector->Quarantine to something apart from none and all users who have mails in their quarantine will get a report with a link to their personal quarantine interface (where they can also configure their BL and WL)

1) the domain admin user. This user can view and manage all (quarantine, threshold, BL, WL etc) about the domain assigned to him
This is currently not implemented - with the idea that an admin has the permissions for all domains on the system
Hi Ivanov

thank you for you quick reply :)

This is already possible - simply set the spamreport style in GUI->Configuration->Spam Detector->Quarantine to something apart from none and all users who have mails in their quarantine will get a report with a link to their personal quarantine interface (where they can also configure their BL and WL)
ok i do a try but ...there is a web interface that i can check (with user/pass) the quarantine without waiting the email with the link ?

This is currently not implemented - with the idea that an admin has the permissions for all domains on the system
i agree if you are talking about system admin (who installed and maintain the system) but in many company there are another figure that is not a system admin but have the task to check all the quarantined email (false positive) for the other users ...
ok i do a try but ...there is a web interface that i can check (with user/pass) the quarantine without waiting the email with the link ?
if you've configured an LDAP integration you can use the LDAP-credentials for logging in as well - see section 4.7.2 in:

else you can also use
 pmgqm send -debug 1 -receiver local@yourdomain.tld

to get a dump of such a mail into the console (this also contains the link)

i agree if you are talking about system admin (who installed and maintain the system) but in many company there are another figure that is not a system admin but have the task to check all the quarantined email (false positive) for the other users ...
that would be a quarantine manager - the difference is that a quarantine manager can check the mail for all domains of the company ...
You can always setup a separate PMG instance per domain(group) as well as a workaround
if you've configured an LDAP integration you can use the LDAP-credentials for logging in as well - see section 4.7.2 in:
no .. only local user

else you can also use
pmgqm send -debug 1 -receiver local@yourdomain.tld

to get a dump of such a mail into the console (this also contains the link)
good trick in a production system :) ... i'm evaluating the product so i don't have a single email of spam and i don't think that the email with the link goes out ..

that would be a quarantine manager - the difference is that a quarantine manager can check the mail for all domains of the company ...
yes but i'm talking about a server shared between some company and every company with a quarantine manager that must not see the emails of the other company

You can always setup a separate PMG instance per domain(group) as well as a workaround
is a solution but not a good solution IMHO :)

thank you
  • Like
Reactions: thiagotgc
  • Like
Reactions: stetor
is a solution but not a good solution IMHO

Only by doing a separate instance per company, you can be sure to meet all regulatory requirements like GDPR. At least inside the EU, this is best practice.
  • Like
Reactions: Stoiko Ivanov
Hi Tom,

welcome in the discussion :)

Only by doing a separate instance per company, you can be sure to meet all regulatory requirements like GDPR. At least inside the EU, this is best practice.
This is not true ... otherwise every mail provider must create an instance for every domain on their mailbox server. The GDPR provide and know about the system admin that have access to all the data. The important thing is to name the person in the document and register (on unalterable supports) his login but this is another question ...
This is true only on PMG because the "quarantine manager" itsn't a system admin but can view all the mail that goes through PMG and can't be limited for the only domain that he must see
  • Like
Reactions: thiagotgc
The concept of the Proxmox Mail Gateway is that the admin can see all logs and rules for all domains.

The very advanced rule set is designed to build complex company filtering rules. Shared hosting setups were never the design goals.

So the only way for you to use the Proxmox Mail Gateway seems to use separate instances (e.g. LXC container or QEMU VMs).