]>
Commit | Line | Data |
---|---|---|
1 | [[chapter_deployment]] | |
2 | Planning for Deployment | |
3 | ======================= | |
4 | ||
5 | Easy Integration into Existing Email Server Architecture | |
6 | -------------------------------------------------------- | |
7 | ||
8 | In this sample configuration, your email traffic (SMTP) arrives on | |
9 | the firewall and will be directly forwarded to your email server. | |
10 | ||
11 | image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[] | |
12 | ||
13 | By using {pmg}, all your email traffic is forwarded to | |
14 | the {pmg} instance, which filters the email traffic and | |
15 | removes unwanted emails. This allows you to manage incoming and outgoing mail | |
16 | traffic. | |
17 | ||
18 | image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[] | |
19 | ||
20 | ||
21 | Filtering Outgoing Emails | |
22 | ------------------------- | |
23 | ||
24 | Many email filtering solutions do not scan outgoing mails. In contrast, {pmg} is | |
25 | designed to scan both incoming and outgoing emails. This has two major | |
26 | advantages: | |
27 | ||
28 | . {pmg} is able to detect viruses sent from an internal host. In many | |
29 | countries, you are liable for sending viruses to other | |
30 | people. The outgoing email scanning feature is an additional | |
31 | protection to avoid that. | |
32 | ||
33 | . {pmg} can gather statistics about outgoing emails too. Statistics | |
34 | about incoming emails may look nice, but they aren't necessarily helpful. | |
35 | Consider two users; user-1 receives 10 emails from news | |
36 | portals and writes 1 email to an unknown individual, while | |
37 | user-2 receives 5 emails from customers and sends 5 emails | |
38 | in return. With this information, user-2 can be considered as the more active | |
39 | user, because they communicate more with your customers. {pmg} advanced address | |
40 | statistics can show you this important information, whereas a solution which | |
41 | does not scan outgoing email cannot do this. | |
42 | ||
43 | To enable outgoing email filtering, you simply need to send all outgoing | |
44 | emails through your {pmg} (usually by specifying {pmg} as | |
45 | "smarthost" on your email server). | |
46 | ||
47 | [[firewall_settings]] | |
48 | Firewall Settings | |
49 | ----------------- | |
50 | ||
51 | In order to pass email traffic to {pmg}, you need to allow traffic on the | |
52 | SMTP port. Our software uses the Network Time Protocol (NTP), RAZOR, DNS, SSH, | |
53 | and HTTP, as well as port 8006 for the web-based management interface. | |
54 | ||
55 | [options="header"] | |
56 | |====== | |
57 | |Service |Port |Protocol |From |To | |
58 | |SMTP |25 |TCP |Proxmox |Internet | |
59 | |SMTP |25 |TCP |Internet |Proxmox | |
60 | |SMTP |26 |TCP |Mailserver |Proxmox | |
61 | |NTP |123 |TCP/UDP |Proxmox |Internet | |
62 | |RAZOR |2703 |TCP |Proxmox |Internet | |
63 | |DNS |53 |TCP/UDP |Proxmox |DNS Server | |
64 | |HTTP |80 |TCP |Proxmox |Internet | |
65 | |HTTPS |443 |TCP |Proxmox |Internet | |
66 | |GUI/API |8006 |TCP |Intranet |Proxmox | |
67 | |====== | |
68 | ||
69 | CAUTION: It is recommended to restrict access to the GUI/API port as far | |
70 | as possible. | |
71 | ||
72 | The outgoing HTTP connection is mainly used by virus pattern updates, | |
73 | and can be configured to use a proxy instead of a direct internet | |
74 | connection. | |
75 | ||
76 | You can use the 'nmap' utility to test your firewall settings (see | |
77 | section xref:nmap[port scans]). | |
78 | ||
79 | ||
80 | [[system_requirements]] | |
81 | System Requirements | |
82 | ------------------- | |
83 | ||
84 | {pmg} can run on dedicated server hardware or inside a virtual machine on | |
85 | any of the following platforms: | |
86 | ||
87 | * Proxmox VE (KVM) | |
88 | ||
89 | * VMWare vSphere™ (open-vm tools are integrated in the ISO) | |
90 | ||
91 | * Hyper-V™ (Hyper-V Linux integration tools are integrated in the ISO) | |
92 | ||
93 | * KVM (virtio drivers are integrated, great performance) | |
94 | ||
95 | * VirtualBox™ | |
96 | ||
97 | * Citrix Hypervisor™ (former XenServer™) | |
98 | ||
99 | * LXC container | |
100 | ||
101 | * and others that support Debian Linux as a guest OS | |
102 | ||
103 | Please see https://www.proxmox.com for details. | |
104 | ||
105 | To benchmark your hardware, run 'pmgperf' after installation. | |
106 | ||
107 | ||
108 | Minimum System Requirements | |
109 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
110 | ||
111 | * CPU: 64bit (Intel EMT64 or AMD64) | |
112 | ||
113 | * 2 GiB RAM | |
114 | ||
115 | * Bootable CD-ROM-drive or USB boot support | |
116 | ||
117 | * Monitor with a minimum resolution of 1024x768 for the installation | |
118 | ||
119 | * Hard disk with at least 8 GB of disk space | |
120 | ||
121 | * Ethernet network interface card (NIC) | |
122 | ||
123 | ||
124 | Recommended System Requirements | |
125 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
126 | ||
127 | * Multi-core CPU: 64bit (Intel EMT64 or AMD64), + | |
128 | ** for use in a virtual machine, activate Intel VT/AMD-V CPU flag | |
129 | ||
130 | * 4 GiB RAM | |
131 | ||
132 | * Bootable CD-ROM-drive or USB boot support | |
133 | ||
134 | * Monitor with a minimum resolution of 1024x768 for the installation | |
135 | ||
136 | * 1 Gbps Ethernet network interface card (NIC) | |
137 | ||
138 | * Storage: at least 8 GB free disk space, best set up with redundancy, | |
139 | using a hardware RAID controller with battery backed write cache (``BBU'') or | |
140 | ZFS. ZFS is not compatible with hardware RAID controllers. For best | |
141 | performance, use enterprise-class SSDs with power loss protection. | |
142 | ||
143 | ||
144 | Supported web browsers for accessing the web interface | |
145 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
146 | ||
147 | To use the web interface, you need a modern browser. This includes: | |
148 | ||
149 | * Firefox, a release from the current year, or the latest Extended | |
150 | Support Release | |
151 | * Chrome, a release from the current year | |
152 | * Microsoft's currently supported version of Edge | |
153 | * Safari, a release from the current year |