2 Planning for Deployment
3 =======================
5 Easy Integration into Existing Email Server Architecture
6 --------------------------------------------------------
8 In this sample configuration, your email traffic (SMTP) arrives on
9 the firewall and will be directly forwarded to your email server.
11 image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[]
13 By using {pmg}, all your email traffic is forwarded to
14 the {pmg} instance, which filters the email traffic and
15 removes unwanted emails. This allows you to manage incoming and outgoing mail
18 image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[]
21 Filtering Outgoing Emails
22 -------------------------
24 Many email filtering solutions do not scan outgoing mails. In contrast, {pmg} is
25 designed to scan both incoming and outgoing emails. This has two major
28 . {pmg} is able to detect viruses sent from an internal host. In many
29 countries, you are liable for sending viruses to other
30 people. The outgoing email scanning feature is an additional
31 protection to avoid that.
33 . {pmg} can gather statistics about outgoing emails too. Statistics
34 about incoming emails may look nice, but they aren't necessarily helpful.
35 Consider two users; user-1 receives 10 emails from news
36 portals and writes 1 email to an unknown individual, while
37 user-2 receives 5 emails from customers and sends 5 emails
38 in return. With this information, user-2 can be considered as the more active
39 user, because they communicate more with your customers. {pmg} advanced address
40 statistics can show you this important information, whereas a solution which
41 does not scan outgoing email cannot do this.
43 To enable outgoing email filtering, you simply need to send all outgoing
44 emails through your {pmg} (usually by specifying {pmg} as
45 "smarthost" on your email server).
51 In order to pass email traffic to {pmg}, you need to allow traffic on the
52 SMTP port. Our software uses the Network Time Protocol (NTP), RAZOR, DNS, SSH,
53 and HTTP, as well as port 8006 for the web-based management interface.
57 |Service |Port |Protocol |From |To
58 |SMTP |25 |TCP |Proxmox |Internet
59 |SMTP |25 |TCP |Internet |Proxmox
60 |SMTP |26 |TCP |Mailserver |Proxmox
61 |NTP |123 |TCP/UDP |Proxmox |Internet
62 |RAZOR |2703 |TCP |Proxmox |Internet
63 |DNS |53 |TCP/UDP |Proxmox |DNS Server
64 |HTTP |80 |TCP |Proxmox |Internet
65 |HTTPS |443 |TCP |Proxmox |Internet
66 |GUI/API |8006 |TCP |Intranet |Proxmox
69 CAUTION: It is recommended to restrict access to the GUI/API port as far
72 The outgoing HTTP connection is mainly used by virus pattern updates,
73 and can be configured to use a proxy instead of a direct internet
76 You can use the 'nmap' utility to test your firewall settings (see
77 section xref:nmap[port scans]).
80 [[system_requirements]]
84 {pmg} can run on dedicated server hardware or inside a virtual machine on
85 any of the following platforms:
89 * VMWare vSphere™ (open-vm tools are integrated in the ISO)
91 * Hyper-V™ (Hyper-V Linux integration tools are integrated in the ISO)
93 * KVM (virtio drivers are integrated, great performance)
97 * Citrix Hypervisor™ (former XenServer™)
101 * and others that support Debian Linux as a guest OS
103 Please see https://www.proxmox.com for details.
105 To benchmark your hardware, run 'pmgperf' after installation.
108 [[install_minimal_requirements]]
109 Minimum System Requirements
110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
112 * CPU: 64bit (Intel EMT64 or AMD64)
116 * Bootable CD-ROM-drive or USB boot support
118 * Monitor with a minimum resolution of 1024x768 for the installation
120 * Hard disk with at least 8 GB of disk space
122 * Ethernet network interface card (NIC)
125 Recommended System Requirements
126 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
128 * Multi-core CPU: 64bit (Intel EMT64 or AMD64), +
129 ** for use in a virtual machine, activate Intel VT/AMD-V CPU flag
133 * Bootable CD-ROM-drive or USB boot support
135 * Monitor with a minimum resolution of 1024x768 for the installation
137 * 1 Gbps Ethernet network interface card (NIC)
139 * Storage: at least 8 GB free disk space, best set up with redundancy,
140 using a hardware RAID controller with battery backed write cache (``BBU'') or
141 ZFS. ZFS is not compatible with hardware RAID controllers. For best
142 performance, use enterprise-class SSDs with power loss protection.
145 Supported web browsers for accessing the web interface
146 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
148 To use the web interface, you need a modern browser. This includes:
150 * Firefox, a release from the current year, or the latest Extended
152 * Chrome, a release from the current year
153 * Microsoft's currently supported version of Edge
154 * Safari, a release from the current year