Planning for Deployment
=======================
-Easy integration into existing e-mail server architecture
----------------------------------------------------------
+Easy Integration into Existing Email Server Architecture
+--------------------------------------------------------
-In this sample configuration, your e-mail traffic (SMTP) arrives on
-the firewall and will be directly forwarded to your e-mail server.
+In this sample configuration, your email traffic (SMTP) arrives on
+the firewall and will be directly forwarded to your email server.
-image::images/infrasturcture_without_proxmox_big.jpg[]
+image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[]
-By using the {pmg}, all your e-mail traffic is forwarded to the
-Proxmox Mail Gateway, which filters the whole e-mail traffic and
-removes unwanted e-mails. You can manage incoming and outgoing mail
+By using {pmg}, all your email traffic is forwarded to
+the {pmg} instance, which filters the email traffic and
+removes unwanted emails. This allows you to manage incoming and outgoing mail
traffic.
-image::images/infrasturcture_with_proxmox_big.jpg[]
+image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[]
-Filtering outgoing e-mails
---------------------------
+Filtering Outgoing Emails
+-------------------------
-Many e-mail filter solutions do not scan outgoing mails. Opposed to
-that {pmg} is designed to scan both incoming and outgoing
-e-mails. This has two major advantages:
+Many email filtering solutions do not scan outgoing mails. In contrast, {pmg} is
+designed to scan both incoming and outgoing emails. This has two major
+advantages:
. {pmg} is able to detect viruses sent from an internal host. In many
-countries you are liable for not sending viruses to other
-people. {pmg} outgoing e-mail scanning feature is an additional
+countries, you are liable for sending viruses to other
+people. The outgoing email scanning feature is an additional
protection to avoid that.
-. {pmg} can gather statistics about outgoing e-mails too. Statistics
-about incoming e-mails looks nice, but they are quite
-useless. Consider two users, user-1 receives 10 e-mails from news
-portals and wrote 1 e-mail to a person you never heard from. While
-user-2 receives 5 e-mails from a customer and sent 5 e-mails
-back. Which user do you consider more active? I am sure its user-2,
-because he communicates with your customers. {pmg} advanced address
-statistics can show you this important information. Solution which
-does not scan outgoing e-mail cannot do that.
+. {pmg} can gather statistics about outgoing emails too. Statistics
+about incoming emails may look nice, but they aren't necessarily helpful.
+Consider two users; user-1 receives 10 emails from news
+portals and writes 1 email to an unknown individual, while
+user-2 receives 5 emails from customers and sends 5 emails
+in return. With this information, user-2 can be considered as the more active
+user, because they communicate more with your customers. {pmg} advanced address
+statistics can show you this important information, whereas a solution which
+does not scan outgoing email cannot do this.
-To enable outgoing e-mail filtering you just need to send all outgoing
-e-mails through your {png} (usually by specifying Proxmox as
-"smarthost" on your e-mail server.
+To enable outgoing email filtering, you simply need to send all outgoing
+emails through your {pmg} (usually by specifying {pmg} as
+"smarthost" on your email server).
[[firewall_settings]]
-Firewall settings
+Firewall Settings
-----------------
-In order to pass e-mail traffic to the {pmg} you need to allow traffic
-on the SMTP the port. Our servers use the Network Time Protocol (NTP)
-for time synchronization, RAZOR, DNS, SSH, HTTP and port 8006 for the web
-based management interface.
+In order to pass email traffic to {pmg}, you need to allow traffic on the
+SMTP port. Our software uses the Network Time Protocol (NTP), RAZOR, DNS, SSH,
+and HTTP, as well as port 8006 for the web-based management interface.
[options="header"]
|======
|RAZOR |2703 |TCP |Proxmox |Internet
|DNS |53 |TCP/UDP |Proxmox |DNS Server
|HTTP |80 |TCP |Proxmox |Internet
+|HTTPS |443 |TCP |Proxmox |Internet
|GUI/API |8006 |TCP |Intranet |Proxmox
|======
-CAUTION: It is advisable to restrict access to the GUI/API port as far
+CAUTION: It is recommended to restrict access to the GUI/API port as far
as possible.
The outgoing HTTP connection is mainly used by virus pattern updates,
System Requirements
-------------------
-{pmg} needs dedicated server hardware but can also run inside a
-virtual machine on any of the following plattforms:
+{pmg} can run on dedicated server hardware or inside a virtual machine on
+any of the following platforms:
* Proxmox VE (KVM)
* KVM (virtio drivers are integrated, great performance)
-* Virtual box™
+* VirtualBox™
-* Citrix XenServer™
+* Citrix Hypervisor™ (former XenServer™)
-Please see http://www.proxmox.com for details.
+* LXC container
-In order to get a benchmark from your hardware, just run 'pmgperf'
-after installation.
+* and others that support Debian Linux as a guest OS
+
+Please see https://www.proxmox.com for details.
+
+To benchmark your hardware, run 'pmgperf' after installation.
Minimum System Requirements
* CPU: 64bit (Intel EMT64 or AMD64)
-* 2 GB RAM
+* 2 GiB RAM
-* bootable CD-ROM-drive or USB boot support
+* Bootable CD-ROM-drive or USB boot support
-* 1024x768 capable VGA/Monitor for Installer
+* Monitor with a minimum resolution of 1024x768 for the installation
-* Hard disk 8 GB - ATA/SATA/SCSI/NVME
+* Hard disk with at least 8 GiB of disk space
-* Ethernet Network interface card
+* Ethernet network interface card (NIC)
Recommended System Requirements
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-* Multicore CPU: 64bit (Intel EMT64 or AMD64)
+* Multi-core CPU: 64bit (Intel EMT64 or AMD64), +
+** for use in a virtual machine, activate Intel VT/AMD-V CPU flag
+
+* 4 GiB RAM
+
+* Bootable CD-ROM-drive or USB boot support
+
+* Monitor with a minimum resolution of 1024x768 for the installation
-* 4 GB RAM
+* 1 Gbps Ethernet network interface card (NIC)
-* bootable CD-ROM-drive or USB boot support
+* Storage: at least 8 GiB free disk space, best set up with redundancy,
+ using a hardware RAID controller with battery backed write cache (``BBU'') or
+ ZFS. ZFS is not compatible with hardware RAID controllers. For best
+ performance, use enterprise-class SSDs with power loss protection.
-* 1024x768 capable VGA/Monitor for Installer
-* 1 GBps Ethernet Network interface card
+Supported web browsers for accessing the web interface
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-* Hardware RAID1 or RAID10, Raid Controllers need write cache with
- batteries backup module for best performance
+To use the web interface, you need a modern browser. This includes:
-* Enterprise class SSD with power loss protection (e.g. Intel SSD DC
- 35xx/36xx/37xx)
+* Firefox, a release from the current year, or the latest Extended
+Support Release
+* Chrome, a release from the current year
+* Microsoft's currently supported version of Edge
+* Safari, a release from the current year