mirror of
https://git.proxmox.com/git/pmg-docs
synced 2025-08-03 12:00:49 +00:00
153 lines
4.9 KiB
Plaintext
153 lines
4.9 KiB
Plaintext
[[chapter_deployment]]
|
|
Planning for Deployment
|
|
=======================
|
|
|
|
Easy Integration into Existing Email Server Architecture
|
|
--------------------------------------------------------
|
|
|
|
In this sample configuration, your email traffic (SMTP) arrives on
|
|
the firewall and will be directly forwarded to your email server.
|
|
|
|
image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[]
|
|
|
|
By using {pmg}, all your email traffic is forwarded to
|
|
the {pmg} instance, which filters the email traffic and
|
|
removes unwanted emails. This allows you to manage incoming and outgoing mail
|
|
traffic.
|
|
|
|
image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[]
|
|
|
|
|
|
Filtering Outgoing Emails
|
|
-------------------------
|
|
|
|
Many email filtering solutions do not scan outgoing mails. In contrast, {pmg} is
|
|
designed to scan both incoming and outgoing emails. This has two major
|
|
advantages:
|
|
|
|
. {pmg} is able to detect viruses sent from an internal host. In many
|
|
countries, you are liable for sending viruses to other
|
|
people. The outgoing email scanning feature is an additional
|
|
protection to avoid that.
|
|
|
|
. {pmg} can gather statistics about outgoing emails too. Statistics
|
|
about incoming emails may look nice, but they aren't necessarily helpful.
|
|
Consider two users; user-1 receives 10 emails from news
|
|
portals and writes 1 email to an unknown individual, while
|
|
user-2 receives 5 emails from customers and sends 5 emails
|
|
in return. With this information, user-2 can be considered as the more active
|
|
user, because they communicate more with your customers. {pmg} advanced address
|
|
statistics can show you this important information, whereas a solution which
|
|
does not scan outgoing email cannot do this.
|
|
|
|
To enable outgoing email filtering, you simply need to send all outgoing
|
|
emails through your {pmg} (usually by specifying {pmg} as
|
|
"smarthost" on your email server).
|
|
|
|
[[firewall_settings]]
|
|
Firewall Settings
|
|
-----------------
|
|
|
|
In order to pass email traffic to {pmg}, you need to allow traffic on the
|
|
SMTP port. Our software uses the Network Time Protocol (NTP), RAZOR, DNS, SSH,
|
|
and HTTP, as well as port 8006 for the web-based management interface.
|
|
|
|
[options="header"]
|
|
|======
|
|
|Service |Port |Protocol |From |To
|
|
|SMTP |25 |TCP |Proxmox |Internet
|
|
|SMTP |25 |TCP |Internet |Proxmox
|
|
|SMTP |26 |TCP |Mailserver |Proxmox
|
|
|NTP |123 |TCP/UDP |Proxmox |Internet
|
|
|RAZOR |2703 |TCP |Proxmox |Internet
|
|
|DNS |53 |TCP/UDP |Proxmox |DNS Server
|
|
|HTTP |80 |TCP |Proxmox |Internet
|
|
|GUI/API |8006 |TCP |Intranet |Proxmox
|
|
|======
|
|
|
|
CAUTION: It is recommended to restrict access to the GUI/API port as far
|
|
as possible.
|
|
|
|
The outgoing HTTP connection is mainly used by virus pattern updates,
|
|
and can be configured to use a proxy instead of a direct internet
|
|
connection.
|
|
|
|
You can use the 'nmap' utility to test your firewall settings (see
|
|
section xref:nmap[port scans]).
|
|
|
|
|
|
[[system_requirements]]
|
|
System Requirements
|
|
-------------------
|
|
|
|
{pmg} can run on dedicated server hardware or inside a virtual machine on
|
|
any of the following platforms:
|
|
|
|
* Proxmox VE (KVM)
|
|
|
|
* VMWare vSphere™ (open-vm tools are integrated in the ISO)
|
|
|
|
* Hyper-V™ (Hyper-V Linux integration tools are integrated in the ISO)
|
|
|
|
* KVM (virtio drivers are integrated, great performance)
|
|
|
|
* VirtualBox™
|
|
|
|
* Citrix Hypervisor™ (former XenServer™)
|
|
|
|
* LXC container
|
|
|
|
* and others that support Debian Linux as a guest OS
|
|
|
|
Please see https://www.proxmox.com for details.
|
|
|
|
To benchmark your hardware, run 'pmgperf' after installation.
|
|
|
|
|
|
Minimum System Requirements
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
* CPU: 64bit (Intel EMT64 or AMD64)
|
|
|
|
* 2 GB RAM
|
|
|
|
* Bootable CD-ROM-drive or USB boot support
|
|
|
|
* Monitor with a minimum resolution of 1024x768 for the installation
|
|
|
|
* Hard disk with at least 8 GB of disk space
|
|
|
|
* Ethernet network interface card (NIC)
|
|
|
|
|
|
Recommended System Requirements
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
* Multi-core CPU: 64bit (Intel EMT64 or AMD64), +
|
|
** for use in a virtual machine, activate Intel VT/AMD-V CPU flag
|
|
|
|
* 4 GB RAM
|
|
|
|
* Bootable CD-ROM-drive or USB boot support
|
|
|
|
* Monitor with a minimum resolution of 1024x768 for the installation
|
|
|
|
* 1 Gbps Ethernet network interface card (NIC)
|
|
|
|
* Storage: at least 8 GB free disk space, best set up with redundancy,
|
|
using a hardware RAID controller with battery backed write cache (``BBU'') or
|
|
ZFS. ZFS is not compatible with hardware RAID controllers. For best
|
|
performance, use enterprise-class SSDs with power loss protection.
|
|
|
|
|
|
Supported web browsers for accessing the web interface
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
To use the web interface, you need a modern browser. This includes:
|
|
|
|
* Firefox, a release from the current year, or the latest Extended
|
|
Support Release
|
|
* Chrome, a release from the current year
|
|
* Microsoft's currently supported version of Edge
|
|
* Safari, a release from the current year
|