[[chapter_deployment]] Planning for Deployment ======================= Easy integration into existing e-mail server architecture --------------------------------------------------------- In this sample configuration, your e-mail traffic (SMTP) arrives on the firewall and will be directly forwarded to your e-mail server. image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[] By using the {pmg}, all your e-mail traffic is forwarded to the Proxmox Mail Gateway, which filters the e-mail traffic and removes unwanted e-mails. You can manage incoming and outgoing mail traffic. image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[] Filtering outgoing e-mails -------------------------- Many e-mail filtering solutions do not scan outgoing mails. In contrast, {pmg} is designed to scan both incoming and outgoing e-mails. This has two major advantages: . {pmg} is able to detect viruses sent from an internal host. In many countries you are liable for sending viruses to other people. The outgoing e-mail scanning feature is an additional protection to avoid that. . {pmg} can gather statistics about outgoing e-mails too. Statistics about incoming e-mails looks nice, but they are quite useless. Consider two users, user-1 receives 10 e-mails from news portals and wrote 1 e-mail to a person you never heard from. While user-2 receives 5 e-mails from a customer and sent 5 e-mails back. Which user do you consider more active? I am sure it's user-2, because he communicates with your customers. {pmg} advanced address statistics can show you this important information. A solution which does not scan outgoing e-mail cannot do that. To enable outgoing e-mail filtering you just need to send all outgoing e-mails through your {pmg} (usually by specifying Proxmox as "smarthost" on your e-mail server). [[firewall_settings]] Firewall settings ----------------- In order to pass e-mail traffic to the {pmg} you need to allow traffic on the SMTP port. Our software uses the Network Time Protocol (NTP) for time synchronization, RAZOR, DNS, SSH, HTTP and port 8006 for the web-based management interface. [options="header"] |====== |Service |Port |Protocol |From |To |SMTP |25 |TCP |Proxmox |Internet |SMTP |25 |TCP |Internet |Proxmox |SMTP |26 |TCP |Mailserver |Proxmox |NTP |123 |TCP/UDP |Proxmox |Internet |RAZOR |2703 |TCP |Proxmox |Internet |DNS |53 |TCP/UDP |Proxmox |DNS Server |HTTP |80 |TCP |Proxmox |Internet |GUI/API |8006 |TCP |Intranet |Proxmox |====== CAUTION: It is recommended to restrict access to the GUI/API port as far as possible. The outgoing HTTP connection is mainly used by virus pattern updates, and can be configured to use a proxy instead of a direct internet connection. You can use the 'nmap' utility to test your firewall settings (see section xref:nmap[port scans]). [[system_requirements]] System Requirements ------------------- The {pmg} can run on dedicated server hardware or inside a virtual machine on any of the following platforms: * Proxmox VE (KVM) * VMWare vSphere™ (open-vm tools are integrated in the ISO) * Hyper-V™ (Hyper-V Linux integration tools are integrated in the ISO) * KVM (virtio drivers are integrated, great performance) * VirtualBox™ * Citrix Hypervisor™ (former XenServer™) * LXC container * and others supporting Debian Linux as guest OS Please see https://www.proxmox.com for details. In order to get a benchmark from your hardware, just run 'pmgperf' after installation. Minimum System Requirements ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * CPU: 64bit (Intel EMT64 or AMD64) * 2 GB RAM * bootable CD-ROM-drive or USB boot support * Monitor with a resolution of 1024x768 for the installation * Hard disk with at least 8 GB of disk space * Ethernet network interface card Recommended System Requirements ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Multicore CPU: 64bit (Intel EMT64 or AMD64), + for use as virtual machine activate Intel VT/AMD-V CPU flag * 4 GB RAM * bootable CD-ROM-drive or USB boot support * Monitor with a resolution of 1024x768 for the installation * 1 Gbps Ethernet network interface card * Storage: at least 8 GB free disk space, best setup with redundancy, use hardware RAID controller with battery backed write cache (``BBU'') or ZFS. ZFS is not compatible with a hardware RAID controller. For best performance use Enterprise class SSD with power loss protection. Supported web browsers for accessing the web interface ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To use the web interface you need a modern browser, this includes: * Firefox, a release from the current year, or the latest Extended Support Release * Chrome, a release from the current year * Microsoft's currently supported version of Edge * Safari, a release from the current year