Skip to content

Commit

Permalink
added in/outbound ports for requirements
Browse files Browse the repository at this point in the history
  • Loading branch information
@DerLinkman
DerLinkman committed Dec 4, 2024
1 parent fedf9c7 commit 5cbb6f5
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 56 deletions.
68 changes: 44 additions & 24 deletions docs/getstarted/prerequisite-system.de.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ Bevor Sie **mailcow: dockerized** ausführen, sollten Sie einige Voraussetzungen

Bitte stellen Sie sicher, dass Ihr System mindestens über die folgenden Ressourcen verfügt:

| Ressource | Minimale Anforderung |
| ----------------------- | ------------------------------------------------ |
| CPU | 1 GHz |
| RAM | **Minimum** 6 GiB + 1 GiB Swap (Standardkonfiguration) |
| Festplatte | 20 GiB (ohne Emails) |
| Ressource | Minimale Anforderung |
| ----------- | -------------------------------------------------------------------------------- |
| CPU | 1 GHz |
| RAM | **Minimum** 6 GiB + 1 GiB Swap (Standardkonfiguration) |
| Festplatte | 20 GiB (ohne Emails) |
| Architektur | x86_64, ARM64 :warning:{ title="Frisch Released, Fehler können noch existieren"} |

!!! failure "Nicht unterstützt"
Expand Down Expand Up @@ -49,13 +49,13 @@ Im Rahmen unseres Supports können wir Ihnen bei der korrekten Planung Ihres Set

Die folgende Tabelle enthält alle von uns offiziell unterstützten und getesteten Betriebssysteme (*Stand Juni 2024*):

| Betriebssystem | Kompatibilität |
| ----------------------- | ------------------------------------------------ |
| Alpine 3.16 und älter | [⚠️](https://www.alpinelinux.org/ "Eingeschränkt Kompatibel") |
| Debian 11, 12 | [](https://www.debian.org/index.de.html "Vollständig Kompatibel") |
| Ubuntu 20.04 - 24.04 | [](https://ubuntu.com/ "Vollständig Kompatibel")|
| Alma Linux 8 | [](https://almalinux.org/ "Vollständig Kompatibel") |
| Rocky Linux 9 | [](https://rockylinux.org/ "Vollständig Kompatibel") |
| Betriebssystem | Kompatibilität |
| --------------------- | ------------------------------------------------------------------ |
| Alpine 3.16 und älter | [⚠️](https://www.alpinelinux.org/ "Eingeschränkt Kompatibel") |
| Debian 11, 12 | [](https://www.debian.org/index.de.html "Vollständig Kompatibel") |
| Ubuntu 20.04 - 24.04 | [](https://ubuntu.com/ "Vollständig Kompatibel") |
| Alma Linux 8 | [](https://almalinux.org/ "Vollständig Kompatibel") |
| Rocky Linux 9 | [](https://rockylinux.org/ "Vollständig Kompatibel") |


!!! info "Legende"
Expand Down Expand Up @@ -86,26 +86,46 @@ netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'

Wenn dieser Befehl irgendwelche Ergebnisse liefert, entfernen oder stoppen Sie bitte die Anwendung, die auf diesem Port läuft. Sie können mailcows Ports auch über die Konfigurationsdatei `mailcow.conf` anpassen.

### Standard Ports
### Eingehende Ports

Wenn Sie eine Firewall vor mailcow haben, stellen Sie bitte sicher, dass diese Ports für eingehende Verbindungen offen sind:

| Dienst | Protokoll | Port | Container | Variable |
| --------------------|:--------:|:-------|:------------------|----------------------------------|
| Postfix SMTP | TCP | 25 | postfix-mailcow | `${SMTP_PORT}` |
| Postfix SMTPS | TCP | 465 | postfix-mailcow | `${SMTPS_PORT}` |
| Postfix Submission | TCP | 587 | postfix-mailcow | `${SUBMISSION_PORT}` |
| Dovecot IMAP | TCP | 143 | dovecot-mailcow | `${IMAP_PORT}` |
| Dovecot IMAPS | TCP | 993 | dovecot-mailcow | `${IMAPS_PORT}` |
| Dovecot POP3 | TCP | 110 | dovecot-mailcow | `${POP_PORT}` |
| Dovecot POP3S | TCP | 995 | dovecot-mailcow | `${POPS_PORT}` |
| Dovecot ManageSieve | TCP | 4190 | dovecot-mailcow | `${SIEVE_PORT}` |
| HTTP(S) | TCP | 80/443 | nginx-mailcow | `${HTTP_PORT}` / `${HTTPS_PORT}` |
| Dienst | Protokoll | Port | Container | Variable |
| ------------------- | :-------: | :----- | :-------------- | -------------------------------- |
| Postfix SMTP | TCP | 25 | postfix-mailcow | `${SMTP_PORT}` |
| Postfix SMTPS | TCP | 465 | postfix-mailcow | `${SMTPS_PORT}` |
| Postfix Submission | TCP | 587 | postfix-mailcow | `${SUBMISSION_PORT}` |
| Dovecot IMAP | TCP | 143 | dovecot-mailcow | `${IMAP_PORT}` |
| Dovecot IMAPS | TCP | 993 | dovecot-mailcow | `${IMAPS_PORT}` |
| Dovecot POP3 | TCP | 110 | dovecot-mailcow | `${POP_PORT}` |
| Dovecot POP3S | TCP | 995 | dovecot-mailcow | `${POPS_PORT}` |
| Dovecot ManageSieve | TCP | 4190 | dovecot-mailcow | `${SIEVE_PORT}` |
| HTTP(S) | TCP | 80/443 | nginx-mailcow | `${HTTP_PORT}` / `${HTTPS_PORT}` |

Um einen Dienst an eine IP-Adresse zu binden, können Sie die IP-Adresse wie folgt voranstellen: `SMTP_PORT=1.2.3.4:25`

**Wichtig**: Sie können keine IP:PORT-Bindungen in HTTP_PORT und HTTPS_PORT verwenden. Bitte verwenden Sie stattdessen `HTTP_PORT=1234` und `HTTP_BIND=1.2.3.4`.

### Ausgehende Ports/Hosts

Für die Nutzung von mailcow werden einige ausgehende Verbindungen benötigt. Stellen Sie sicher, dass mailcow mit folgenden Hosts oder auf folgenden Ports nach außen kommunizieren kann:

| Dienst | Protokoll | Port | Ziel | Grund |
| ---------------- | ------------- | ------- | ------------------------------------- | ------------------------------------------------------------------------------------------------ |
| Clamd | TCP | 873 | rsync.sanesecurity.net | Download ClamAV Signaturen (Prebundled in mailcow) |
| Dovecot | TCP | 443 | spamassassin.heinlein-support.de | Herunterladen von Spamassasin Regeln, die Rspamd verarbeitet, Download erfolgt über Dovecot |
| mailcow Prozesse | TCP | 80/443 | github.com | Download von mailcow Updates (Code Basiert) |
| mailcow Prozesse | TCP | 443 | hub.docker.com | Download von Docker Images (direkt von Docker Hub) |
| mailcow Prozesse | TCP | 443 | asn-check.mailcow.email | API Abfrage auf Prüfung BAD ASN (für Spamhaus Free Blocklists) |
| mailcow Prozesse | TCP | 80 | ip4.mailcow.email & ip6.mailcow.email | Ermittelung der eigenen öffentlichen IP Adresse zur Anzeige in UI (**optional**) |
| Postfix | TCP | 25, 465 | Beliebig / Any | Ausgehende Verbindung MTA |
| Rspamd | TCP | 80 | fuzzy.mailcow.email | Download von Bad Subject Regex Maps (Trainiert von Servercow) |
| Rspamd | TCP | 443 | bazaar.abuse.ch | Download von Mailware MD5 Prüfsummen zur Erkennung von Rspamd |
| Rspamd | TCP | 443 | urlhaus.abuse.ch | Download von Malware Downloads Links zur Erkennung in Rspamd |
| Rspamd | UDP | 11445 | fuzzy.mailcow.email | Anbindung an Globalen mailcow Fuzzy (Trainiert von Servercow + Community) |
| Rspamd | UDP | 11335 | fuzzy1.rspamd.com & fuzzy2.rspamd.com | Anbindung an Globalen Rspamd Fuzzy (Trainiert vom Rspamd Team) |
| Unbound | TCP **&** UDP | 53 | Beliebig / Any | DNS Auflösung für mailcow Stack (Zur Validierung von DNSSEC und Abruf von Spamlistinformationen) |

### Wichtig für Hetzner Firewalls

Ich zitiere https://github.com/chermsen über https://github.com/mailcow/mailcow-dockerized/issues/497#issuecomment-469847380 (DANKE!):
Expand Down
84 changes: 52 additions & 32 deletions docs/getstarted/prerequisite-system.en.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ Before you run **mailcow: dockerized**, there are a few requirements that you sh

Please make sure that your system has at least the following resources:

| Resource | Minimal Requirement |
| ----------------------- | ------------------------------------------------ |
| CPU | 1 GHz |
| RAM | **Minimum** 6 GiB + 1 GiB swap (default config) |
| Disk | 20 GiB (without emails) |
| Architecture | x86_64, ARM64 :warning:{ title="Recently released. Issues may persist."} |
| Resource | Minimal Requirement |
| ------------ | ------------------------------------------------------------------------ |
| CPU | 1 GHz |
| RAM | **Minimum** 6 GiB + 1 GiB swap (default config) |
| Disk | 20 GiB (without emails) |
| Architecture | x86_64, ARM64 :warning:{ title="Recently released. Issues may persist."} |

!!! failure "Not supported"
**OpenVZ, Virtuozzo and LXC**
Expand All @@ -47,13 +47,13 @@ We can help to correctly plan your setup as part of our support.

The following table contains all operating systems officially supported and tested by us (*as of June 2024*):

| OS | Compatibility |
| ----------------------- | ------------------------------------------------ |
| Alpine since 3.17 | [⚠️](https://www.alpinelinux.org/ "Limited Compatibility") |
| Debian 11, 12 | [](https://www.debian.org/index.html "Fully Compatible") |
| Ubuntu 20.04 - 24.04 | [](https://ubuntu.com/ "Fully Compatible")|
| Alma Linux 8 | [](https://almalinux.org/ "Fully Compatible") |
| Rocky Linux 9 | [](https://rockylinux.org/ "Fully Compatible") |
| OS | Compatibility |
| -------------------- | --------------------------------------------------------- |
| Alpine since 3.17 | [⚠️](https://www.alpinelinux.org/ "Limited Compatibility") |
| Debian 11, 12 | [](https://www.debian.org/index.html "Fully Compatible") |
| Ubuntu 20.04 - 24.04 | [](https://ubuntu.com/ "Fully Compatible") |
| Alma Linux 8 | [](https://almalinux.org/ "Fully Compatible") |
| Rocky Linux 9 | [](https://rockylinux.org/ "Fully Compatible") |


!!! info "Legend"
Expand Down Expand Up @@ -84,25 +84,45 @@ netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'

If this command returns any results please remove or stop the application running on that port. You may also adjust mailcows ports via the `mailcow.conf` configuration file.

### Default Ports

If you have a firewall in front of mailcow, please make sure that these ports are open for incoming connections:

| Service | Protocol | Port | Container | Variable |
| --------------------|:--------:|:-------|:------------------|----------------------------------|
| Postfix SMTP | TCP | 25 | postfix-mailcow | `${SMTP_PORT}` |
| Postfix SMTPS | TCP | 465 | postfix-mailcow | `${SMTPS_PORT}` |
| Postfix Submission | TCP | 587 | postfix-mailcow | `${SUBMISSION_PORT}` |
| Dovecot IMAP | TCP | 143 | dovecot-mailcow | `${IMAP_PORT}` |
| Dovecot IMAPS | TCP | 993 | dovecot-mailcow | `${IMAPS_PORT}` |
| Dovecot POP3 | TCP | 110 | dovecot-mailcow | `${POP_PORT}` |
| Dovecot POP3S | TCP | 995 | dovecot-mailcow | `${POPS_PORT}` |
| Dovecot ManageSieve | TCP | 4190 | dovecot-mailcow | `${SIEVE_PORT}` |
| HTTP(S) | TCP | 80/443 | nginx-mailcow | `${HTTP_PORT}` / `${HTTPS_PORT}` |

To bind a service to an IP address, you can prepend the IP like this: `SMTP_PORT=1.2.3.4:25`

**Important**: You cannot use IP:PORT bindings in HTTP_PORT and HTTPS_PORT. Please use `HTTP_PORT=1234` and `HTTP_BIND=1.2.3.4` instead.
### Incoming Ports

If you have a firewall in front of mailcow, please ensure that these ports are open for incoming connections:

| Service | Protocol | Port | Container | Variable |
| ------------------- | :------: | :----- | :-------------- | -------------------------------- |
| Postfix SMTP | TCP | 25 | postfix-mailcow | `${SMTP_PORT}` |
| Postfix SMTPS | TCP | 465 | postfix-mailcow | `${SMTPS_PORT}` |
| Postfix Submission | TCP | 587 | postfix-mailcow | `${SUBMISSION_PORT}` |
| Dovecot IMAP | TCP | 143 | dovecot-mailcow | `${IMAP_PORT}` |
| Dovecot IMAPS | TCP | 993 | dovecot-mailcow | `${IMAPS_PORT}` |
| Dovecot POP3 | TCP | 110 | dovecot-mailcow | `${POP_PORT}` |
| Dovecot POP3S | TCP | 995 | dovecot-mailcow | `${POPS_PORT}` |
| Dovecot ManageSieve | TCP | 4190 | dovecot-mailcow | `${SIEVE_PORT}` |
| HTTP(S) | TCP | 80/443 | nginx-mailcow | `${HTTP_PORT}` / `${HTTPS_PORT}` |

To bind a service to an IP address, you can prefix the IP address as follows: `SMTP_PORT=1.2.3.4:25`

**Important**: You cannot use IP:PORT bindings for `HTTP_PORT` and `HTTPS_PORT`. Please use `HTTP_PORT=1234` and `HTTP_BIND=1.2.3.4` instead.

### Outgoing Ports/Hosts

Some outgoing connections are required to use mailcow. Ensure that mailcow can communicate with the following hosts or ports:

| Service | Protocol | Port | Target | Reason |
| ----------------- | ------------- | ------- | ------------------------------------- | -------------------------------------------------------------------------------------------- |
| Clamd | TCP | 873 | rsync.sanesecurity.net | Download ClamAV signatures (prebundled in mailcow) |
| Dovecot | TCP | 443 | spamassassin.heinlein-support.de | Download Spamassassin rules processed by Rspamd, downloaded via Dovecot |
| mailcow Processes | TCP | 80/443 | github.com | Download mailcow updates (code-based) |
| mailcow Processes | TCP | 443 | hub.docker.com | Download Docker images (directly from Docker Hub) |
| mailcow Processes | TCP | 443 | asn-check.mailcow.email | API request for BAD ASN checks (for Spamhaus Free Blocklists) |
| mailcow Processes | TCP | 80 | ip4.mailcow.email & ip6.mailcow.email | Retrieve public IP address for display in UI (**optional**) |
| Postfix | TCP | 25, 465 | Any | Outgoing connection for MTA |
| Rspamd | TCP | 80 | fuzzy.mailcow.email | Download bad subject regex maps (trained by Servercow) |
| Rspamd | TCP | 443 | bazaar.abuse.ch | Download malware MD5 checksums for detection by Rspamd |
| Rspamd | TCP | 443 | urlhaus.abuse.ch | Download malware download links for detection in Rspamd |
| Rspamd | UDP | 11445 | fuzzy.mailcow.email | Connection to global mailcow fuzzy (trained by Servercow + community) |
| Rspamd | UDP | 11335 | fuzzy1.rspamd.com & fuzzy2.rspamd.com | Connection to global Rspamd fuzzy (trained by the Rspamd team) |
| Unbound | TCP **&** UDP | 53 | Any | DNS resolution for the mailcow stack (for DNSSEC validation and retrieval of spam list info) |

### Important for Hetzner firewalls

Expand Down

0 comments on commit 5cbb6f5

Please sign in to comment.