pmg-planning-deployment.adoc

   1 [[chapter_deployment]]
   2 Planning for Deployment
   3 =======================
   4
   5 Easy Integration into Existing Email Server Architecture
   6 --------------------------------------------------------
   7
   8 In this sample configuration, your email traffic (SMTP) arrives on
   9 the firewall and will be directly forwarded to your email server.
  10
  11 image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[]
  12
  13 By using {pmg}, all your email traffic is forwarded to
  14 the {pmg} instance, which filters the email traffic and
  15 removes unwanted emails. This allows you to manage incoming and outgoing mail
  16 traffic.
  17
  18 image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[]
  19
  20
  21 Filtering Outgoing Emails
  22 -------------------------
  23
  24 Many email filtering solutions do not scan outgoing mails. In contrast, {pmg} is
  25 designed to scan both incoming and outgoing emails. This has two major
  26 advantages:
  27
  28 . {pmg} is able to detect viruses sent from an internal host. In many
  29 countries, you are liable for sending viruses to other
  30 people. The outgoing email scanning feature is an additional
  31 protection to avoid that.
  32
  33 . {pmg} can gather statistics about outgoing emails too. Statistics
  34 about incoming emails may look nice, but they aren't necessarily helpful.
  35 Consider two users; user-1 receives 10 emails from news
  36 portals and writes 1 email to an unknown individual, while
  37 user-2 receives 5 emails from customers and sends 5 emails
  38 in return. With this information, user-2 can be considered as the more active
  39 user, because they communicate more with your customers. {pmg} advanced address
  40 statistics can show you this important information, whereas a solution which
  41 does not scan outgoing email cannot do this.
  42
  43 To enable outgoing email filtering, you simply need to send all outgoing
  44 emails through your {pmg} (usually by specifying {pmg} as
  45 "smarthost" on your email server).
  46
  47 [[firewall_settings]]
  48 Firewall Settings
  49 -----------------
  50
  51 In order to pass email traffic to {pmg}, you need to allow traffic on the
  52 SMTP port. Our software uses the Network Time Protocol (NTP), RAZOR, DNS, SSH,
  53 and HTTP, as well as port 8006 for the web-based management interface.
  54
  55 [options="header"]
  56 |======
  57 |Service |Port    |Protocol |From       |To
  58 |SMTP    |25      |TCP      |Proxmox    |Internet
  59 |SMTP    |25      |TCP      |Internet   |Proxmox
  60 |SMTP    |26      |TCP      |Mailserver |Proxmox
  61 |NTP     |123     |TCP/UDP  |Proxmox    |Internet
  62 |RAZOR   |2703    |TCP      |Proxmox    |Internet
  63 |DNS     |53      |TCP/UDP  |Proxmox    |DNS Server
  64 |HTTP    |80      |TCP      |Proxmox    |Internet
  65 |HTTPS   |443     |TCP      |Proxmox    |Internet
  66 |GUI/API |8006    |TCP      |Intranet   |Proxmox
  67 |======
  68
  69 CAUTION: It is recommended to restrict access to the GUI/API port as far
  70 as possible.
  71
  72 The outgoing HTTP connection is mainly used by virus pattern updates,
  73 and can be configured to use a proxy instead of a direct internet
  74 connection.
  75
  76 You can use the 'nmap' utility to test your firewall settings (see
  77 section xref:nmap[port scans]).
  78
  79
  80 [[system_requirements]]
  81 System Requirements
  82 -------------------
  83
  84 {pmg} can run on dedicated server hardware or inside a virtual machine on
  85 any of the following platforms:
  86
  87 * Proxmox VE (KVM)
  88
  89 * VMWare vSphere&trade; (open-vm tools are integrated in the ISO)
  90
  91 * Hyper-V&trade; (Hyper-V Linux integration tools are integrated in the ISO)
  92
  93 * KVM (virtio drivers are integrated, great performance)
  94
  95 * VirtualBox&trade;
  96
  97 * Citrix Hypervisor&trade; (former XenServer&trade;)
  98
  99 * LXC container
 100
 101 * and others that support Debian Linux as a guest OS
 102
 103 Please see https://www.proxmox.com for details.
 104
 105 To benchmark your hardware, run 'pmgperf' after installation.
 106
 107
 108 [[install_minimal_requirements]]
 109 Minimum System Requirements
 110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 111
 112 * CPU: 64bit (Intel EMT64 or AMD64)
 113
 114 * 2 GiB RAM
 115
 116 * Bootable CD-ROM-drive or USB boot support
 117
 118 * Monitor with a minimum resolution of 1024x768 for the installation
 119
 120 * Hard disk with at least 8 GB of disk space
 121
 122 * Ethernet network interface card (NIC)
 123
 124
 125 Recommended System Requirements
 126 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 127
 128 * Multi-core CPU: 64bit (Intel EMT64 or AMD64), +
 129 ** for use in a virtual machine, activate Intel VT/AMD-V CPU flag
 130
 131 * 4 GiB RAM
 132
 133 * Bootable CD-ROM-drive or USB boot support
 134
 135 * Monitor with a minimum resolution of 1024x768 for the installation
 136
 137 * 1 Gbps Ethernet network interface card (NIC)
 138
 139 * Storage: at least 8 GB free disk space, best set up with redundancy,
 140   using a hardware RAID controller with battery backed write cache (``BBU'') or
 141   ZFS. ZFS is not compatible with hardware RAID controllers. For best
 142   performance, use enterprise-class SSDs with power loss protection.
 143
 144
 145 Supported web browsers for accessing the web interface
 146 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 147
 148 To use the web interface, you need a modern browser. This includes:
 149
 150 * Firefox, a release from the current year, or the latest Extended
 151 Support Release
 152 * Chrome, a release from the current year
 153 * Microsoft's currently supported version of Edge
 154 * Safari, a release from the current year