Proxmox Mail Gateway 9.0 released

Software 43918 Published by

Proxmox Server Solutions has released Proxmox Mail Gateway 9.0, built on top of Debian GNU/Linux 13.1 "Trixie" with a default Linux kernel of 6.14.11-2. The latest version includes updated components such as ZFS 2.3.4, PostgreSQL 17, SpamAssassin 4.0.2, and ClamAV 1.4.3 for enhanced email security. Key features in Proxmox Mail Gateway 9.0 include a modern Quarantine UI on mobile browsers, improved Single-Sign-On functionality, and postfix configuration template synchronization with upstream recommendations. 





Proxmox Mail Gateway 9.0 released

Proxmox Server Solutions has released Proxmox Mail Gateway 9.0. Built on top of Debian GNU/Linux 13.1 "Trixie" with a default Linux kernel of 6.14.11-2, this new iteration boasts cutting-edge features and improvements.

Screenshot_from_2025_02_27_19_55_55

The latest versions of several essential components have been integrated into Proxmox Mail Gateway 9.0, including ZFS 2.3.4, PostgreSQL 17, SpamAssassin 4.0.2 (with updated rulesets), and ClamAV 1.4.3. This enhanced foundation provides an even more robust email security solution.

Some notable features and improvements in Proxmox Mail Gateway 9.0 include:

The introduction of a modern Quarantine UI on mobile browsers, developed using the Rust-based Yew framework, offering an improved user experience. Significant enhancements to Single-Sign-On (SSO) with OpenID Connect and multiple authentication realms for PMG, based on customer feedback and community input. Synchronization of postfix configuration templates with upstream recommendations for optimal performance and security.

In addition to these major updates, numerous performance enhancements and bug fixes have been implemented to provide an even smoother user experience. For a comprehensive list of changes, please refer to the release notes.

Proxmox Mail Gateway 9.0 is now available for download, based on Debian Trixie (13.1) with SpamAssassin 4.0.2, ClamAV 1.4.3, PostgreSQL 17, and a Linux kernel of 6.14.11-2 as the new default.

Key Features:

A major release built on top of the excellent Debian Trixie. An improved Quarantine UI for mobile browsers using the modern Rust-based Yew framework. Seamless upgrades from Proxmox Mail Gateway 8.2 are now possible; please refer to the upgrade instructions for more information.

The new Single-Sign-On (SSO) feature with OpenID Connect and multiple authentication realms has been significantly improved, thanks to customer feedback and community input.

Postfix configuration templates have been synchronized with upstream recommendations to enhance performance and security.

Content-Type filters have been updated to reflect changes in MIME-type names for Microsoft executable formats.

A comprehensive changelog is available that highlights key enhancements, bug fixes, and other notable changes.

Major Updates:

The Web Interface (GUI) has seen significant improvements:

  • A new Quarantine UI has been implemented on mobile browsers using the Rust-based Yew framework.
  • The old Framework7-based Quarantine UI is now deprecated in favor of the modern Yew-based version.
  • Non-mobile users can switch to the mobile version of the Quarantine UI for improved usability.

An XSS vulnerability in the HTTP proxy setting has been fixed, and a corresponding security advisory (PSA-2025-00015-1) is available for more information.

Authentication realms can now be configured using the GUI, including username claims and default roles for auto-created users.

Labels containing "blacklist" and "whitelist" have been renamed to "blocklist" and "welcomelist," respectively.

Multiple mail selections in Postfix queue administration widgets are now possible for delivery or deletion.

DNSBL site configuration has been improved, making it easier to display DNSBL sites in the Mail Proxy (postscreen_dnsbl_sites).

The SpamInfo text can be selected in the Spam Quarantine interface.

Translations have seen significant improvements:

  • Support for plural forms and ngettext usage has been added.
  • Translations can now contain comments that provide context for the translator.
  • Updated translations are available, including Czech (new!), Arabic, Bulgarian, French, German, Italian, Japanese, Korean, Polish, Russian, Simplified Chinese, Spanish, Swedish, Traditional Chinese, Ukrainian.

Enhancements in the Mail Gateway API Backend:

OpenID Connect realms have been significantly improved, addressing customer feedback and community input.

The validation for the OIDC client ID and key has been aligned with relevant RFCs.

A PMG realm is no longer hard-coded as the default realm; users can now select a different default realm.

The pmgqm utility used to send spam reports to users now supports timespans between 1 and 24 hours, in addition to today, yesterday, and week (issue 2452).

An issue where disallowed values for the Destination TLS policy were accepted by the backend has been fixed.

The rule system has trimmed the leading and trailing whitespace in the MSGID macro.

TLS-inbound domains are now added to the Proxmox Mail Gateway system report used in Enterprise support.

Mails generated by Proxmox Mail Gateway now include a Date header, allowing for valid DKIM signatures.

The Date header for autogenerated mails is set with a fixed locale to comply with RFC5322.

An issue where pmgtunnel exited with errors due to changes in the network information parsing code has been fixed.

Proxmox Mail Gateway 9 ships with AppArmor version 4.1, which may lead to regressions in packages or software not part of the core distribution (e.g., CUPS printing daemon).

Most issues can be resolved by configuring AppArmor to use the 3.0 ABI.

systemd logs "System is tainted: unmerged-bin" after boot:

It's recommended to ignore this message; see the Debian Trixie release notes for more details.

Known Issues & Breaking Changes

The repository previously known as pmgtest has now been renamed to pmg-test for consistency with existing repositories.

For consistency with existing repositories, the pmgtest repository has been renamed to pmg-test.

Breaking Changes in the Proxmox Mail Gateway API:

  • The "Google Safe Browsing" option for ClamAV (deprecated since PMG 7.0) has been dropped from pmg.conf.
  • Fields network_address and prefix_size returned by the /config/mynetworks API call have been dropped, as cidr contains the same information.
  • The ReportSpam, Attach, and Counter actions (which have not been exposed since at least PMG 5.0 and are deprecated in PMG 7.2) have been dropped from the database handling code.
  • Changing a user's password via PUT /access/users/{userid} has been replaced by the /access/password API call; the GUI has used this API since at least 2017.

Potential changes in network interface names:

Proxmox Mail Gateway 9 can now handle many changes to network interface names transparently. However, in some cases, manual reconfiguration after upgrade may still be necessary.

Before upgrading, use the proxmox-network-interface-pinning CLI tool to pin network interfaces to custom names; see reference documentation for details.

Download and Release Notes

Proxmox Mail Gateway 9.0 can be downloaded from here. For detailed release notes, please refer to the provided link.

ASRock Phantom Gaming X870 Nova Wi-Fi Review and more

OWASP CRS 4.19.0 released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...