| | 1 | [[chapter_deployment]] |
| | 2 | Planning for Deployment |
| | 3 | ======================= |
| | 4 | |
| | 5 | Easy Integration into Existing Email Server Architecture |
| | 6 | -------------------------------------------------------- |
| | 7 | |
| | 8 | In this sample configuration, your email traffic (SMTP) arrives on |
| | 9 | the firewall and will be directly forwarded to your email server. |
| | 10 | |
| | 11 | image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[] |
| | 12 | |
| | 13 | By using {pmg}, all your email traffic is forwarded to |
| | 14 | the {pmg} instance, which filters the email traffic and |
| | 15 | removes unwanted emails. This allows you to manage incoming and outgoing mail |
| | 16 | traffic. |
| | 17 | |
| | 18 | image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[] |
| | 19 | |
| | 20 | |
| | 21 | Filtering Outgoing Emails |
| | 22 | ------------------------- |
| | 23 | |
| | 24 | Many email filtering solutions do not scan outgoing mails. In contrast, {pmg} is |
| | 25 | designed to scan both incoming and outgoing emails. This has two major |
| | 26 | advantages: |
| | 27 | |
| | 28 | . {pmg} is able to detect viruses sent from an internal host. In many |
| | 29 | countries, you are liable for sending viruses to other |
| | 30 | people. The outgoing email scanning feature is an additional |
| | 31 | protection to avoid that. |
| | 32 | |
| | 33 | . {pmg} can gather statistics about outgoing emails too. Statistics |
| | 34 | about incoming emails may look nice, but they aren't necessarily helpful. |
| | 35 | Consider two users; user-1 receives 10 emails from news |
| | 36 | portals and writes 1 email to an unknown individual, while |
| | 37 | user-2 receives 5 emails from customers and sends 5 emails |
| | 38 | in return. With this information, user-2 can be considered as the more active |
| | 39 | user, because they communicate more with your customers. {pmg} advanced address |
| | 40 | statistics can show you this important information, whereas a solution which |
| | 41 | does not scan outgoing email cannot do this. |
| | 42 | |
| | 43 | To enable outgoing email filtering, you simply need to send all outgoing |
| | 44 | emails through your {pmg} (usually by specifying {pmg} as |
| | 45 | "smarthost" on your email server). |
| | 46 | |
| | 47 | [[firewall_settings]] |
| | 48 | Firewall Settings |
| | 49 | ----------------- |
| | 50 | |
| | 51 | In order to pass email traffic to {pmg}, you need to allow traffic on the |
| | 52 | SMTP port. Our software uses the Network Time Protocol (NTP), RAZOR, DNS, SSH, |
| | 53 | and HTTP, as well as port 8006 for the web-based management interface. |
| | 54 | |
| | 55 | [options="header"] |
| | 56 | |====== |
| | 57 | |Service |Port |Protocol |From |To |
| | 58 | |SMTP |25 |TCP |Proxmox |Internet |
| | 59 | |SMTP |25 |TCP |Internet |Proxmox |
| | 60 | |SMTP |26 |TCP |Mailserver |Proxmox |
| | 61 | |NTP |123 |TCP/UDP |Proxmox |Internet |
| | 62 | |RAZOR |2703 |TCP |Proxmox |Internet |
| | 63 | |DNS |53 |TCP/UDP |Proxmox |DNS Server |
| | 64 | |HTTP |80 |TCP |Proxmox |Internet |
| | 65 | |HTTPS |443 |TCP |Proxmox |Internet |
| | 66 | |GUI/API |8006 |TCP |Intranet |Proxmox |
| | 67 | |====== |
| | 68 | |
| | 69 | CAUTION: It is recommended to restrict access to the GUI/API port as far |
| | 70 | as possible. |
| | 71 | |
| | 72 | The outgoing HTTP connection is mainly used by virus pattern updates, |
| | 73 | and can be configured to use a proxy instead of a direct internet |
| | 74 | connection. |
| | 75 | |
| | 76 | You can use the 'nmap' utility to test your firewall settings (see |
| | 77 | section xref:nmap[port scans]). |
| | 78 | |
| | 79 | |
| | 80 | [[system_requirements]] |
| | 81 | System Requirements |
| | 82 | ------------------- |
| | 83 | |
| | 84 | {pmg} can run on dedicated server hardware or inside a virtual machine on |
| | 85 | any of the following platforms: |
| | 86 | |
| | 87 | * Proxmox VE (KVM) |
| | 88 | |
| | 89 | * VMWare vSphere™ (open-vm tools are integrated in the ISO) |
| | 90 | |
| | 91 | * Hyper-V™ (Hyper-V Linux integration tools are integrated in the ISO) |
| | 92 | |
| | 93 | * KVM (virtio drivers are integrated, great performance) |
| | 94 | |
| | 95 | * VirtualBox™ |
| | 96 | |
| | 97 | * Citrix Hypervisor™ (former XenServer™) |
| | 98 | |
| | 99 | * LXC container |
| | 100 | |
| | 101 | * and others that support Debian Linux as a guest OS |
| | 102 | |
| | 103 | Please see https://www.proxmox.com for details. |
| | 104 | |
| | 105 | To benchmark your hardware, run 'pmgperf' after installation. |
| | 106 | |
| | 107 | |
| | 108 | Minimum System Requirements |
| | 109 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| | 110 | |
| | 111 | * CPU: 64bit (Intel EMT64 or AMD64) |
| | 112 | |
| | 113 | * 2 GiB RAM |
| | 114 | |
| | 115 | * Bootable CD-ROM-drive or USB boot support |
| | 116 | |
| | 117 | * Monitor with a minimum resolution of 1024x768 for the installation |
| | 118 | |
| | 119 | * Hard disk with at least 8 GB of disk space |
| | 120 | |
| | 121 | * Ethernet network interface card (NIC) |
| | 122 | |
| | 123 | |
| | 124 | Recommended System Requirements |
| | 125 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| | 126 | |
| | 127 | * Multi-core CPU: 64bit (Intel EMT64 or AMD64), + |
| | 128 | ** for use in a virtual machine, activate Intel VT/AMD-V CPU flag |
| | 129 | |
| | 130 | * 4 GiB RAM |
| | 131 | |
| | 132 | * Bootable CD-ROM-drive or USB boot support |
| | 133 | |
| | 134 | * Monitor with a minimum resolution of 1024x768 for the installation |
| | 135 | |
| | 136 | * 1 Gbps Ethernet network interface card (NIC) |
| | 137 | |
| | 138 | * Storage: at least 8 GB free disk space, best set up with redundancy, |
| | 139 | using a hardware RAID controller with battery backed write cache (``BBU'') or |
| | 140 | ZFS. ZFS is not compatible with hardware RAID controllers. For best |
| | 141 | performance, use enterprise-class SSDs with power loss protection. |
| | 142 | |
| | 143 | |
| | 144 | Supported web browsers for accessing the web interface |
| | 145 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| | 146 | |
| | 147 | To use the web interface, you need a modern browser. This includes: |
| | 148 | |
| | 149 | * Firefox, a release from the current year, or the latest Extended |
| | 150 | Support Release |
| | 151 | * Chrome, a release from the current year |
| | 152 | * Microsoft's currently supported version of Edge |
| | 153 | * Safari, a release from the current year |
projects / pmg-docs.git / blame_incremental