NAME
pmg.conf - Proxmox Mail Gateway Main Configuration
SYNOPSIS
/etc/pmg/pmg.conf
DESCRIPTION
The file /etc/pmg/pmg.conf is the main configuration.
File Format
The file is divided into several section. Each section has the following format:
section: NAME OPTION value ...
Blank lines in the file separates sections, and lines starting with a # character are treated as comments and are also ignored.
Options
- advfilter: <boolean> (default = 0)
-
Enable advanced filters for statistic.
If this is enabled, the receiver statistic are limited to active ones (receivers which also sent out mail in the 90 days before), and the contact statistic will not contain these active receivers.
- avast: <boolean> (default = 0)
-
Use Avast Virus Scanner (/usr/bin/scan). You need to buy and install Avast Core Security before you can enable this feature.
- clamav: <boolean> (default = 1)
-
Use ClamAV Virus Scanner. This is the default virus scanner and is enabled by default.
- custom_check: <boolean> (default = 0)
-
Use Custom Check Script. The script has to take the defined arguments and can return Virus findings or a Spamscore.
- custom_check_path: ^/([^/\0]+\/)+[^/\0]+$ (default = /usr/local/bin/pmg-custom-check)
-
Absolute Path to the Custom Check Script
- dailyreport: <boolean> (default = 1)
-
Send daily reports.
- demo: <boolean> (default = 0)
-
Demo mode - do not start SMTP filter.
- dkim-use-domain: <envelope | header> (default = envelope)
-
Whether to sign using the address from the header or the envelope.
- dkim_selector: <string>
-
Default DKIM selector
- dkim_sign: <boolean> (default = 0)
-
DKIM sign outbound mails with the configured Selector.
- dkim_sign_all_mail: <boolean> (default = 0)
-
DKIM sign all outgoing mails irrespective of the Envelope From domain.
- email: <string> (default = admin@domain.tld)
-
Administrator E-Mail address.
- http_proxy: http://.*
-
Specify external http proxy which is used for downloads (example: http://username:password@host:port/)
- statlifetime: <integer> (1 - N) (default = 7)
-
User Statistics Lifetime (days)
- archiveblockencrypted: <boolean> (default = 0)
-
Whether to mark encrypted archives and documents as heuristic virus match. A match does not necessarily result in an immediate block, it just raises the Spam Score by clamav_heuristic_score.
- archivemaxfiles: <integer> (0 - N) (default = 1000)
-
Number of files to be scanned within an archive, a document, or any other kind of container. Warning: disabling this limit or setting it too high may result in severe damage to the system.
- archivemaxrec: <integer> (1 - N) (default = 5)
-
Nested archives are scanned recursively, e.g. if a ZIP archive contains a TAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. Warning: setting this limit too high may result in severe damage to the system.
- archivemaxsize: <integer> (1000000 - N) (default = 25000000)
-
Files larger than this limit (in bytes) won’t be scanned.
- dbmirror: <string> (default = database.clamav.net)
-
ClamAV database mirror server.
- maxcccount: <integer> (0 - N) (default = 0)
-
This option sets the lowest number of Credit Card or Social Security numbers found in a file to generate a detect.
- maxscansize: <integer> (1000000 - N) (default = 100000000)
-
Sets the maximum amount of data (in bytes) to be scanned for each input file.
- safebrowsing: <boolean> (default = 0)
-
Enables support for Google Safe Browsing. (deprecated option, will be ignored)
- scriptedupdates: <boolean> (default = 1)
-
Enables ScriptedUpdates (incremental download of signatures)
- banner: <string> (default = ESMTP Proxmox)
-
ESMTP banner.
- before_queue_filtering: <boolean> (default = 0)
-
Enable before queue filtering by pmg-smtp-filter
- conn_count_limit: <integer> (0 - N) (default = 50)
-
How many simultaneous connections any client is allowed to make to this service. To disable this feature, specify a limit of 0.
- conn_rate_limit: <integer> (0 - N) (default = 0)
-
The maximal number of connection attempts any client is allowed to make to this service per minute. To disable this feature, specify a limit of 0.
- dnsbl_sites: <string>
-
Optional list of DNS white/blacklist domains (postfix option postscreen_dnsbl_sites).
- dnsbl_threshold: <integer> (0 - N) (default = 1)
-
The inclusive lower bound for blocking a remote SMTP client, based on its combined DNSBL score (postfix option postscreen_dnsbl_threshold).
- dwarning: <integer> (0 - N) (default = 4)
-
SMTP delay warning time (in hours). (postfix option delay_warning_time)
- ext_port: <integer> (1 - 65535) (default = 25)
-
SMTP port number for incoming mail (untrusted). This must be a different number than int_port.
- filter-timeout: <integer> (2 - 86400) (default = 600)
-
Timeout for the processing of one mail (in seconds) (postfix option smtpd_proxy_timeout and lmtp_data_done_timeout)
- greylist: <boolean> (default = 1)
-
Use Greylisting for IPv4.
- greylist6: <boolean> (default = 0)
-
Use Greylisting for IPv6.
- greylistmask4: <integer> (0 - 32) (default = 24)
-
Netmask to apply for greylisting IPv4 hosts
- greylistmask6: <integer> (0 - 128) (default = 64)
-
Netmask to apply for greylisting IPv6 hosts
- helotests: <boolean> (default = 0)
-
Use SMTP HELO tests. (postfix option smtpd_helo_restrictions)
- hide_received: <boolean> (default = 0)
-
Hide received header in outgoing mails.
- int_port: <integer> (1 - 65535) (default = 26)
-
SMTP port number for outgoing mail (trusted).
- max_filters: <integer> (3 - 40) (default = 25)
-
Maximum number of pmg-smtp-filter processes.
- max_policy: <integer> (2 - 10) (default = 5)
-
Maximum number of pmgpolicy processes.
- max_smtpd_in: <integer> (3 - 100) (default = 100)
-
Maximum number of SMTP daemon processes (in).
- max_smtpd_out: <integer> (3 - 100) (default = 100)
-
Maximum number of SMTP daemon processes (out).
- maxsize: <integer> (1024 - N) (default = 10485760)
-
Maximum email size. Larger mails are rejected. (postfix option message_size_limit)
- message_rate_limit: <integer> (0 - N) (default = 0)
-
The maximal number of message delivery requests that any client is allowed to make to this service per minute.To disable this feature, specify a limit of 0.
- ndr_on_block: <boolean> (default = 0)
-
Send out NDR when mail gets blocked
- rejectunknown: <boolean> (default = 0)
-
Reject unknown clients. (postfix option reject_unknown_client_hostname)
- rejectunknownsender: <boolean> (default = 0)
-
Reject unknown senders. (postfix option reject_unknown_sender_domain)
- relay: <string>
-
The default mail delivery transport (incoming mails).
- relaynomx: <boolean> (default = 0)
-
Disable MX lookups for default relay (SMTP only, ignored for LMTP).
- relayport: <integer> (1 - 65535) (default = 25)
-
SMTP/LMTP port number for relay host.
- relayprotocol: <lmtp | smtp> (default = smtp)
-
Transport protocol for relay host.
- smarthost: <string>
-
When set, all outgoing mails are deliverd to the specified smarthost. (postfix option default_transport)
- smarthostport: <integer> (1 - 65535) (default = 25)
-
SMTP port number for smarthost. (postfix option default_transport)
- smtputf8: <boolean> (default = 1)
-
Enable SMTPUTF8 support in Postfix and detection for locally generated mail (postfix option smtputf8_enable)
- spf: <boolean> (default = 1)
-
Use Sender Policy Framework.
- tls: <boolean> (default = 0)
-
Enable TLS.
- tlsheader: <boolean> (default = 0)
-
Add TLS received header.
- tlslog: <boolean> (default = 0)
-
Enable TLS Logging.
- verifyreceivers: <450 | 550>
-
Enable receiver verification. The value specifies the numerical reply code when the Postfix SMTP server rejects a recipient address. (postfix options reject_unknown_recipient_domain, reject_unverified_recipient, and unverified_recipient_reject_code)
- bounce_score: <integer> (0 - 1000) (default = 0)
-
Additional score for bounce mails.
- clamav_heuristic_score: <integer> (0 - 1000) (default = 3)
-
Score for ClamAV heuristics (Encrypted Archives/Documents, PhishingScanURLs, …).
- extract_text: <boolean> (default = 0)
-
Extract text from attachments (doc, pdf, rtf, images) and scan for spam.
- languages: (all|([a-z][a-z])+( ([a-z][a-z])+)*) (default = all)
-
This option is used to specify which languages are considered OK for incoming mail.
- maxspamsize: <integer> (64 - N) (default = 262144)
-
Maximum size of spam messages in bytes.
- rbl_checks: <boolean> (default = 1)
-
Enable real time blacklists (RBL) checks.
- use_awl: <boolean> (default = 0)
-
Use the Auto-Whitelist plugin.
- use_bayes: <boolean> (default = 0)
-
Whether to use the naive-Bayesian-style classifier.
- use_razor: <boolean> (default = 1)
-
Whether to use Razor2, if it is available.
- wl_bounce_relays: <string>
-
Whitelist legitimate bounce relays.
- allowhrefs: <boolean> (default = 1)
-
Allow to view hyperlinks.
- authmode: <ldap | ldapticket | ticket> (default = ticket)
-
Authentication mode to access the quarantine interface. Mode ticket allows login using tickets sent with the daily spam report. Mode ldap requires to login using an LDAP account. Finally, mode ldapticket allows both ways.
- hostname: <string>
-
Quarantine Host. Useful if you run a Cluster and want users to connect to a specific host.
- lifetime: <integer> (1 - N) (default = 7)
-
Quarantine life time (days)
- mailfrom: <string>
-
Text for From header in daily spam report mails.
- port: <integer> (1 - 65535) (default = 8006)
-
Quarantine Port. Useful if you have a reverse proxy or port forwarding for the webinterface. Only used for the generated Spam report.
- protocol: <http | https> (default = https)
-
Quarantine Webinterface Protocol. Useful if you have a reverse proxy for the webinterface. Only used for the generated Spam report.
- quarantinelink: <boolean> (default = 0)
-
Enables user self-service for Quarantine Links. Caution: this is accessible without authentication
- reportstyle: <custom | none | short | verbose> (default = verbose)
-
Spam report style.
- viewimages: <boolean> (default = 1)
-
Allow to view images.
- allowhrefs: <boolean> (default = 1)
-
Allow to view hyperlinks.
- lifetime: <integer> (1 - N) (default = 7)
-
Quarantine life time (days)
- viewimages: <boolean> (default = 1)
-
Allow to view images.
Copyright and Disclaimer
Copyright © 2007-2024 Proxmox Server Solutions GmbH
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/