projects / pmg-docs.git / blame
| Commit | Line | Data |
|---|---|---|
| b2d388d4 | 1 | [[chapter_deployment]] |
| 5c735ebd DM |
2 | Planning for Deployment |
| 3 | ======================= | |
| 4 | ||
| e485e1f8 | 5 | Easy Integration into Existing Email Server Architecture |
| 3fc72cc0 | 6 | -------------------------------------------------------- |
| 5c735ebd | 7 | |
| 09e283f2 DW |
8 | In this sample configuration, your email traffic (SMTP) arrives on |
| 9 | the firewall and will be directly forwarded to your email server. | |
| 5c735ebd | 10 | |
| 95f2ea5b | 11 | image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[] |
| 5c735ebd | 12 | |
| e485e1f8 DW |
13 | By using {pmg}, all your email traffic is forwarded to |
| 14 | the {pmg} instance, which filters the email traffic and | |
| 15 | removes unwanted emails. This allows you to manage incoming and outgoing mail | |
| 5c735ebd DM |
16 | traffic. |
| 17 | ||
| 95f2ea5b | 18 | image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[] |
| 5c735ebd DM |
19 | |
| 20 | ||
| e485e1f8 | 21 | Filtering Outgoing Emails |
| 3fc72cc0 | 22 | ------------------------- |
| 5c735ebd | 23 | |
| 09e283f2 DW |
24 | Many email filtering solutions do not scan outgoing mails. In contrast, {pmg} is |
| 25 | designed to scan both incoming and outgoing emails. This has two major | |
| bc1de76e | 26 | advantages: |
| 5c735ebd DM |
27 | |
| 28 | . {pmg} is able to detect viruses sent from an internal host. In many | |
| e485e1f8 | 29 | countries, you are liable for sending viruses to other |
| 09e283f2 | 30 | people. The outgoing email scanning feature is an additional |
| 5c735ebd DM |
31 | protection to avoid that. |
| 32 | ||
| 09e283f2 | 33 | . {pmg} can gather statistics about outgoing emails too. Statistics |
| e485e1f8 DW |
34 | about incoming emails may look nice, but they aren't necessarily helpful. |
| 35 | Consider two users; user-1 receives 10 emails from news | |
| 36 | portals and writes 1 email to an unknown individual, while | |
| 37 | user-2 receives 5 emails from customers and sends 5 emails | |
| 38 | in return. With this information, user-2 can be considered as the more active | |
| 39 | user, because they communicate more with your customers. {pmg} advanced address | |
| 40 | statistics can show you this important information, whereas a solution which | |
| 41 | does not scan outgoing email cannot do this. | |
| 42 | ||
| 43 | To enable outgoing email filtering, you simply need to send all outgoing | |
| 44 | emails through your {pmg} (usually by specifying {pmg} as | |
| 09e283f2 | 45 | "smarthost" on your email server). |
| 5c735ebd | 46 | |
| 90facef4 | 47 | [[firewall_settings]] |
| e485e1f8 | 48 | Firewall Settings |
| 5c735ebd DM |
49 | ----------------- |
| 50 | ||
| e485e1f8 DW |
51 | In order to pass email traffic to {pmg}, you need to allow traffic on the |
| 52 | SMTP port. Our software uses the Network Time Protocol (NTP), RAZOR, DNS, SSH, | |
| 53 | and HTTP, as well as port 8006 for the web-based management interface. | |
| 5c735ebd DM |
54 | |
| 55 | [options="header"] | |
| 56 | |====== | |
| 57 | |Service |Port |Protocol |From |To | |
| 58 | |SMTP |25 |TCP |Proxmox |Internet | |
| 59 | |SMTP |25 |TCP |Internet |Proxmox | |
| 60 | |SMTP |26 |TCP |Mailserver |Proxmox | |
| 61 | |NTP |123 |TCP/UDP |Proxmox |Internet | |
| 62 | |RAZOR |2703 |TCP |Proxmox |Internet | |
| 63 | |DNS |53 |TCP/UDP |Proxmox |DNS Server | |
| 64 | |HTTP |80 |TCP |Proxmox |Internet | |
| 65 | |GUI/API |8006 |TCP |Intranet |Proxmox | |
| 66 | |====== | |
| 67 | ||
| bc1de76e | 68 | CAUTION: It is recommended to restrict access to the GUI/API port as far |
| 5c735ebd DM |
69 | as possible. |
| 70 | ||
| 71 | The outgoing HTTP connection is mainly used by virus pattern updates, | |
| 72 | and can be configured to use a proxy instead of a direct internet | |
| 73 | connection. | |
| 74 | ||
| 75 | You can use the 'nmap' utility to test your firewall settings (see | |
| 76 | section xref:nmap[port scans]). | |
| 77 | ||
| 78 | ||
| 79 | [[system_requirements]] | |
| 80 | System Requirements | |
| 81 | ------------------- | |
| 82 | ||
| e485e1f8 | 83 | {pmg} can run on dedicated server hardware or inside a virtual machine on |
| bc1de76e | 84 | any of the following platforms: |
| 5c735ebd DM |
85 | |
| 86 | * Proxmox VE (KVM) | |
| 87 | ||
| 88 | * VMWare vSphere™ (open-vm tools are integrated in the ISO) | |
| 89 | ||
| 90 | * Hyper-V™ (Hyper-V Linux integration tools are integrated in the ISO) | |
| 91 | ||
| 92 | * KVM (virtio drivers are integrated, great performance) | |
| 93 | ||
| bc1de76e | 94 | * VirtualBox™ |
| 5c735ebd | 95 | |
| 95d4fc6c AA |
96 | * Citrix Hypervisor™ (former XenServer™) |
| 97 | ||
| 98 | * LXC container | |
| 99 | ||
| e485e1f8 | 100 | * and others that support Debian Linux as a guest OS |
| 5c735ebd | 101 | |
| e9fb7667 | 102 | Please see https://www.proxmox.com for details. |
| 5c735ebd | 103 | |
| e485e1f8 | 104 | To benchmark your hardware, run 'pmgperf' after installation. |
| 5c735ebd DM |
105 | |
| 106 | ||
| 107 | Minimum System Requirements | |
| 108 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 109 | ||
| 110 | * CPU: 64bit (Intel EMT64 or AMD64) | |
| 111 | ||
| 0527a7a5 | 112 | * 2 GB RAM |
| 5c735ebd | 113 | |
| e485e1f8 | 114 | * Bootable CD-ROM-drive or USB boot support |
| 5c735ebd | 115 | |
| e485e1f8 | 116 | * Monitor with a minimum resolution of 1024x768 for the installation |
| 5c735ebd | 117 | |
| 95d4fc6c | 118 | * Hard disk with at least 8 GB of disk space |
| 5c735ebd | 119 | |
| e485e1f8 | 120 | * Ethernet network interface card (NIC) |
| 5c735ebd DM |
121 | |
| 122 | ||
| 123 | Recommended System Requirements | |
| 124 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 125 | ||
| e485e1f8 DW |
126 | * Multi-core CPU: 64bit (Intel EMT64 or AMD64), + |
| 127 | ** for use in a virtual machine, activate Intel VT/AMD-V CPU flag | |
| 5c735ebd DM |
128 | |
| 129 | * 4 GB RAM | |
| 130 | ||
| e485e1f8 | 131 | * Bootable CD-ROM-drive or USB boot support |
| 5c735ebd | 132 | |
| e485e1f8 | 133 | * Monitor with a minimum resolution of 1024x768 for the installation |
| 5c735ebd | 134 | |
| e485e1f8 | 135 | * 1 Gbps Ethernet network interface card (NIC) |
| 5c735ebd | 136 | |
| e485e1f8 DW |
137 | * Storage: at least 8 GB free disk space, best set up with redundancy, |
| 138 | using a hardware RAID controller with battery backed write cache (``BBU'') or | |
| 139 | ZFS. ZFS is not compatible with hardware RAID controllers. For best | |
| 140 | performance, use enterprise-class SSDs with power loss protection. | |
| 0fcf4fde DC |
141 | |
| 142 | ||
| 143 | Supported web browsers for accessing the web interface | |
| 144 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 145 | ||
| e485e1f8 | 146 | To use the web interface, you need a modern browser. This includes: |
| 0fcf4fde DC |
147 | |
| 148 | * Firefox, a release from the current year, or the latest Extended | |
| 149 | Support Release | |
| 150 | * Chrome, a release from the current year | |
| bc1de76e | 151 | * Microsoft's currently supported version of Edge |
| 0fcf4fde | 152 | * Safari, a release from the current year |