]>
Commit | Line | Data |
---|---|---|
b2d388d4 | 1 | [[chapter_deployment]] |
5c735ebd DM |
2 | Planning for Deployment |
3 | ======================= | |
4 | ||
5 | Easy integration into existing e-mail server architecture | |
6 | --------------------------------------------------------- | |
7 | ||
8 | In this sample configuration, your e-mail traffic (SMTP) arrives on | |
9 | the firewall and will be directly forwarded to your e-mail server. | |
10 | ||
95f2ea5b | 11 | image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[] |
5c735ebd DM |
12 | |
13 | By using the {pmg}, all your e-mail traffic is forwarded to the | |
14 | Proxmox Mail Gateway, which filters the whole e-mail traffic and | |
15 | removes unwanted e-mails. You can manage incoming and outgoing mail | |
16 | traffic. | |
17 | ||
95f2ea5b | 18 | image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[] |
5c735ebd DM |
19 | |
20 | ||
21 | Filtering outgoing e-mails | |
22 | -------------------------- | |
23 | ||
24 | Many e-mail filter solutions do not scan outgoing mails. Opposed to | |
25 | that {pmg} is designed to scan both incoming and outgoing | |
26 | e-mails. This has two major advantages: | |
27 | ||
28 | . {pmg} is able to detect viruses sent from an internal host. In many | |
7748e808 | 29 | countries you are liable for sending viruses to other |
f6c7468d | 30 | people. The {pmg} outgoing e-mail scanning feature is an additional |
5c735ebd DM |
31 | protection to avoid that. |
32 | ||
33 | . {pmg} can gather statistics about outgoing e-mails too. Statistics | |
34 | about incoming e-mails looks nice, but they are quite | |
35 | useless. Consider two users, user-1 receives 10 e-mails from news | |
36 | portals and wrote 1 e-mail to a person you never heard from. While | |
37 | user-2 receives 5 e-mails from a customer and sent 5 e-mails | |
f6c7468d | 38 | back. Which user do you consider more active? I am sure it's user-2, |
5c735ebd | 39 | because he communicates with your customers. {pmg} advanced address |
f6c7468d | 40 | statistics can show you this important information. A solution which |
5c735ebd DM |
41 | does not scan outgoing e-mail cannot do that. |
42 | ||
43 | To enable outgoing e-mail filtering you just need to send all outgoing | |
44 | e-mails through your {png} (usually by specifying Proxmox as | |
303ee757 | 45 | "smarthost" on your e-mail server. |
5c735ebd | 46 | |
90facef4 | 47 | [[firewall_settings]] |
5c735ebd DM |
48 | Firewall settings |
49 | ----------------- | |
50 | ||
51 | In order to pass e-mail traffic to the {pmg} you need to allow traffic | |
52 | on the SMTP the port. Our servers use the Network Time Protocol (NTP) | |
53 | for time synchronization, RAZOR, DNS, SSH, HTTP and port 8006 for the web | |
54 | based management interface. | |
55 | ||
56 | [options="header"] | |
57 | |====== | |
58 | |Service |Port |Protocol |From |To | |
59 | |SMTP |25 |TCP |Proxmox |Internet | |
60 | |SMTP |25 |TCP |Internet |Proxmox | |
61 | |SMTP |26 |TCP |Mailserver |Proxmox | |
62 | |NTP |123 |TCP/UDP |Proxmox |Internet | |
63 | |RAZOR |2703 |TCP |Proxmox |Internet | |
64 | |DNS |53 |TCP/UDP |Proxmox |DNS Server | |
65 | |HTTP |80 |TCP |Proxmox |Internet | |
66 | |GUI/API |8006 |TCP |Intranet |Proxmox | |
67 | |====== | |
68 | ||
69 | CAUTION: It is advisable to restrict access to the GUI/API port as far | |
70 | as possible. | |
71 | ||
72 | The outgoing HTTP connection is mainly used by virus pattern updates, | |
73 | and can be configured to use a proxy instead of a direct internet | |
74 | connection. | |
75 | ||
76 | You can use the 'nmap' utility to test your firewall settings (see | |
77 | section xref:nmap[port scans]). | |
78 | ||
79 | ||
80 | [[system_requirements]] | |
81 | System Requirements | |
82 | ------------------- | |
83 | ||
95d4fc6c AA |
84 | The {pmg} can run on dedicated server hardware or inside a virtual machine on |
85 | any of the following plattforms: | |
5c735ebd DM |
86 | |
87 | * Proxmox VE (KVM) | |
88 | ||
89 | * VMWare vSphere™ (open-vm tools are integrated in the ISO) | |
90 | ||
91 | * Hyper-V™ (Hyper-V Linux integration tools are integrated in the ISO) | |
92 | ||
93 | * KVM (virtio drivers are integrated, great performance) | |
94 | ||
95 | * Virtual box™ | |
96 | ||
95d4fc6c AA |
97 | * Citrix Hypervisor™ (former XenServer™) |
98 | ||
99 | * LXC container | |
100 | ||
101 | * and others supporting Debian Linux as guest OS | |
5c735ebd DM |
102 | |
103 | Please see http://www.proxmox.com for details. | |
104 | ||
105 | In order to get a benchmark from your hardware, just run 'pmgperf' | |
106 | after installation. | |
107 | ||
108 | ||
109 | Minimum System Requirements | |
110 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
111 | ||
112 | * CPU: 64bit (Intel EMT64 or AMD64) | |
113 | ||
0527a7a5 | 114 | * 2 GB RAM |
5c735ebd DM |
115 | |
116 | * bootable CD-ROM-drive or USB boot support | |
117 | ||
95d4fc6c | 118 | * Monitor with a resolution of 1024x768 for the installation |
5c735ebd | 119 | |
95d4fc6c | 120 | * Hard disk with at least 8 GB of disk space |
5c735ebd | 121 | |
95d4fc6c | 122 | * Ethernet network interface card |
5c735ebd DM |
123 | |
124 | ||
125 | Recommended System Requirements | |
126 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
127 | ||
95d4fc6c AA |
128 | * Multicore CPU: 64bit (Intel EMT64 or AMD64), + |
129 | for use as virtual machine activate Intel VT/AMD-V CPU flag | |
5c735ebd DM |
130 | |
131 | * 4 GB RAM | |
132 | ||
133 | * bootable CD-ROM-drive or USB boot support | |
134 | ||
95d4fc6c | 135 | * Monitor with a resolution of 1024x768 for the installation |
5c735ebd | 136 | |
95d4fc6c | 137 | * 1 Gbps Ethernet network interface card |
5c735ebd | 138 | |
937c6a22 | 139 | * Storage: at least 8 GB free disk space, best setup with redundancy, |
95d4fc6c AA |
140 | use hardware RAID controller with battery backed write cache (``BBU'') or |
141 | ZFS. ZFS is not compatible with a hardware RAID controller. For best | |
142 | performance use Enterprise class SSD with power loss protection. |