]>
Commit | Line | Data |
---|---|---|
b2d388d4 | 1 | [[chapter_deployment]] |
5c735ebd DM |
2 | Planning for Deployment |
3 | ======================= | |
4 | ||
e485e1f8 | 5 | Easy Integration into Existing Email Server Architecture |
3fc72cc0 | 6 | -------------------------------------------------------- |
5c735ebd | 7 | |
09e283f2 DW |
8 | In this sample configuration, your email traffic (SMTP) arrives on |
9 | the firewall and will be directly forwarded to your email server. | |
5c735ebd | 10 | |
95f2ea5b | 11 | image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[] |
5c735ebd | 12 | |
e485e1f8 DW |
13 | By using {pmg}, all your email traffic is forwarded to |
14 | the {pmg} instance, which filters the email traffic and | |
15 | removes unwanted emails. This allows you to manage incoming and outgoing mail | |
5c735ebd DM |
16 | traffic. |
17 | ||
95f2ea5b | 18 | image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[] |
5c735ebd DM |
19 | |
20 | ||
e485e1f8 | 21 | Filtering Outgoing Emails |
3fc72cc0 | 22 | ------------------------- |
5c735ebd | 23 | |
09e283f2 DW |
24 | Many email filtering solutions do not scan outgoing mails. In contrast, {pmg} is |
25 | designed to scan both incoming and outgoing emails. This has two major | |
bc1de76e | 26 | advantages: |
5c735ebd DM |
27 | |
28 | . {pmg} is able to detect viruses sent from an internal host. In many | |
e485e1f8 | 29 | countries, you are liable for sending viruses to other |
09e283f2 | 30 | people. The outgoing email scanning feature is an additional |
5c735ebd DM |
31 | protection to avoid that. |
32 | ||
09e283f2 | 33 | . {pmg} can gather statistics about outgoing emails too. Statistics |
e485e1f8 DW |
34 | about incoming emails may look nice, but they aren't necessarily helpful. |
35 | Consider two users; user-1 receives 10 emails from news | |
36 | portals and writes 1 email to an unknown individual, while | |
37 | user-2 receives 5 emails from customers and sends 5 emails | |
38 | in return. With this information, user-2 can be considered as the more active | |
39 | user, because they communicate more with your customers. {pmg} advanced address | |
40 | statistics can show you this important information, whereas a solution which | |
41 | does not scan outgoing email cannot do this. | |
42 | ||
43 | To enable outgoing email filtering, you simply need to send all outgoing | |
44 | emails through your {pmg} (usually by specifying {pmg} as | |
09e283f2 | 45 | "smarthost" on your email server). |
5c735ebd | 46 | |
90facef4 | 47 | [[firewall_settings]] |
e485e1f8 | 48 | Firewall Settings |
5c735ebd DM |
49 | ----------------- |
50 | ||
e485e1f8 DW |
51 | In order to pass email traffic to {pmg}, you need to allow traffic on the |
52 | SMTP port. Our software uses the Network Time Protocol (NTP), RAZOR, DNS, SSH, | |
53 | and HTTP, as well as port 8006 for the web-based management interface. | |
5c735ebd DM |
54 | |
55 | [options="header"] | |
56 | |====== | |
57 | |Service |Port |Protocol |From |To | |
58 | |SMTP |25 |TCP |Proxmox |Internet | |
59 | |SMTP |25 |TCP |Internet |Proxmox | |
60 | |SMTP |26 |TCP |Mailserver |Proxmox | |
61 | |NTP |123 |TCP/UDP |Proxmox |Internet | |
62 | |RAZOR |2703 |TCP |Proxmox |Internet | |
63 | |DNS |53 |TCP/UDP |Proxmox |DNS Server | |
64 | |HTTP |80 |TCP |Proxmox |Internet | |
ba290ad4 | 65 | |HTTPS |443 |TCP |Proxmox |Internet |
5c735ebd DM |
66 | |GUI/API |8006 |TCP |Intranet |Proxmox |
67 | |====== | |
68 | ||
bc1de76e | 69 | CAUTION: It is recommended to restrict access to the GUI/API port as far |
5c735ebd DM |
70 | as possible. |
71 | ||
72 | The outgoing HTTP connection is mainly used by virus pattern updates, | |
73 | and can be configured to use a proxy instead of a direct internet | |
74 | connection. | |
75 | ||
76 | You can use the 'nmap' utility to test your firewall settings (see | |
77 | section xref:nmap[port scans]). | |
78 | ||
79 | ||
80 | [[system_requirements]] | |
81 | System Requirements | |
82 | ------------------- | |
83 | ||
e485e1f8 | 84 | {pmg} can run on dedicated server hardware or inside a virtual machine on |
bc1de76e | 85 | any of the following platforms: |
5c735ebd DM |
86 | |
87 | * Proxmox VE (KVM) | |
88 | ||
89 | * VMWare vSphere™ (open-vm tools are integrated in the ISO) | |
90 | ||
91 | * Hyper-V™ (Hyper-V Linux integration tools are integrated in the ISO) | |
92 | ||
93 | * KVM (virtio drivers are integrated, great performance) | |
94 | ||
bc1de76e | 95 | * VirtualBox™ |
5c735ebd | 96 | |
95d4fc6c AA |
97 | * Citrix Hypervisor™ (former XenServer™) |
98 | ||
99 | * LXC container | |
100 | ||
e485e1f8 | 101 | * and others that support Debian Linux as a guest OS |
5c735ebd | 102 | |
e9fb7667 | 103 | Please see https://www.proxmox.com for details. |
5c735ebd | 104 | |
e485e1f8 | 105 | To benchmark your hardware, run 'pmgperf' after installation. |
5c735ebd DM |
106 | |
107 | ||
108 | Minimum System Requirements | |
109 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
110 | ||
111 | * CPU: 64bit (Intel EMT64 or AMD64) | |
112 | ||
0527a7a5 | 113 | * 2 GB RAM |
5c735ebd | 114 | |
e485e1f8 | 115 | * Bootable CD-ROM-drive or USB boot support |
5c735ebd | 116 | |
e485e1f8 | 117 | * Monitor with a minimum resolution of 1024x768 for the installation |
5c735ebd | 118 | |
95d4fc6c | 119 | * Hard disk with at least 8 GB of disk space |
5c735ebd | 120 | |
e485e1f8 | 121 | * Ethernet network interface card (NIC) |
5c735ebd DM |
122 | |
123 | ||
124 | Recommended System Requirements | |
125 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
126 | ||
e485e1f8 DW |
127 | * Multi-core CPU: 64bit (Intel EMT64 or AMD64), + |
128 | ** for use in a virtual machine, activate Intel VT/AMD-V CPU flag | |
5c735ebd DM |
129 | |
130 | * 4 GB RAM | |
131 | ||
e485e1f8 | 132 | * Bootable CD-ROM-drive or USB boot support |
5c735ebd | 133 | |
e485e1f8 | 134 | * Monitor with a minimum resolution of 1024x768 for the installation |
5c735ebd | 135 | |
e485e1f8 | 136 | * 1 Gbps Ethernet network interface card (NIC) |
5c735ebd | 137 | |
e485e1f8 DW |
138 | * Storage: at least 8 GB free disk space, best set up with redundancy, |
139 | using a hardware RAID controller with battery backed write cache (``BBU'') or | |
140 | ZFS. ZFS is not compatible with hardware RAID controllers. For best | |
141 | performance, use enterprise-class SSDs with power loss protection. | |
0fcf4fde DC |
142 | |
143 | ||
144 | Supported web browsers for accessing the web interface | |
145 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
146 | ||
e485e1f8 | 147 | To use the web interface, you need a modern browser. This includes: |
0fcf4fde DC |
148 | |
149 | * Firefox, a release from the current year, or the latest Extended | |
150 | Support Release | |
151 | * Chrome, a release from the current year | |
bc1de76e | 152 | * Microsoft's currently supported version of Edge |
0fcf4fde | 153 | * Safari, a release from the current year |