Server Requirements

Table of contents

  1. Mailcow
  2. WordPress
  3. NGinX
  4. We want
  5. Infos
    1. Domain

Mailcow

  minimal empfohlen
CPU 1 GHz  
RAM 6 GB + 1 GB swap  
Disk 20 GB (without mails)  

Ports

Incoming

Service Protocol Port Container Variable
Postfix SMTP TCP 25 postfix-mailcow ${SMTP_PORT}
Postfix SMTPS TCP 465 postfix-mailcow ${SMTPS_PORT}
Postfix Submission TCP 587 postfix-mailcow ${SUBMISSION_PORT}
Dovecot IMAP TCP 143 dovecot-mailcow ${IMAP_PORT}
Dovecot IMAPS TCP 993 dovecot-mailcow ${IMAPS_PORT}
Dovecot POP3 TCP 110 dovecot-mailcow ${POP_PORT}
Dovecot POP3S TCP 995 dovecot-mailcow ${POPS_PORT}
Dovecot ManageSieve TCP 4190 dovecot-mailcow ${SIEVE_PORT}
HTTP(S) TCP 80/443 nginx-mailcow ${HTTP_PORT} / ${HTTPS_PORT}

Outgoing

Service Protocol Port Target Reason
Clamd TCP 873 rsync.sanesecurity.net Download ClamAV signatures (prebundled in mailcow)
Dovecot TCP 443 spamassassin.heinlein-support.de Download Spamassassin rules processed by Rspamd, downloaded via Dovecot
mailcow Processes TCP 80/443 github.com Download mailcow updates (code-based)
mailcow Processes TCP 443 hub.docker.com Download Docker images (directly from Docker Hub)
mailcow Processes TCP 443 asn-check.mailcow.email API request for BAD ASN checks (for Spamhaus Free Blocklists)
mailcow Processes TCP 80 ip4.mailcow.email & ip6.mailcow.email Retrieve public IP address for display in UI (optional)
Postfix TCP 25, 465 Any Outgoing connection for MTA
Rspamd TCP 80 fuzzy.mailcow.email Download bad subject regex maps (trained by Servercow)
Rspamd TCP 443 bazaar.abuse.ch Download malware MD5 checksums for detection by Rspamd
Rspamd TCP 443 urlhaus.abuse.ch Download malware download links for detection in Rspamd
Rspamd UDP 11445 fuzzy.mailcow.email Connection to global mailcow fuzzy (trained by Servercow + community)
Rspamd UDP 11335 fuzzy1.rspamd.com & fuzzy2.rspamd.com Connection to global Rspamd fuzzy (trained by the Rspamd team)
Unbound TCP & UDP 53 Any DNS resolution for the mailcow stack (for DNSSEC validation and retrieval of spam list info)

WordPress

  minimal empfohlen
CPU   1 Kern
RAM   4 GB
Disk   50 GB

Ports

Hab ich nichts richtig dazu gefunden

Outgoing

Service Protocol Port
HTTP   80
HTTPS   443

NGinX

Standard NGINX Configuration Deployments

The following sizing guidelines are for Instance Manager deployments with data plane instances that have standard configurations; that is, up to 40 upstream servers with associated location and server blocks and up to 350 associated certificates. We recommend using solid-state drives (SSDs) for better storage performance.

# of Data Plane Instances CPU Memory Network Storage
10 2 vCPU 4 GB RAM 1 GbE NIC 100 GB
100 2 vCPU 4 GB RAM 1 GbE NIC 1 TB
1000 4 vCPU 8 GB RAM 1 GbE NIC 3 TB

We want

The Mail we sent to Martin Kramer

Hallo Martin,

wir haben uns das ganze Ausmaß jetzt mal angeschaut und sind auf folgende Anforderungen gekommen:

Wir würden gerne Debian nutzen,

mit folgenden Ressourcen:

6 cores 8 GB Ram
100 GB Speicher

Ebenfalls sollten folgende Ports geöffnet werden:

Incoming:

TCP 25
TCP 465
TCP 587
TCP 143
TCP 993
TCP 110
TCP 995
TCP 4190
HTTP(S) TCP 80/443

Outgoing:

TCP 873
TCP 443 spamassassin.heinlein-support.de
TCP 80/443 github.com
TCP 443 hub.docker.com
TCP 443 asn-check.mailcow.email
TCP 80 ip4.mailcow.email & ip6.mailcow.email
TCP 25, 465
TCP 80 fuzzy.mailcow.email
TCP 443 bazaar.abuse.ch
TCP 443 urlhaus.abuse.ch
UDP 11445 fuzzy.mailcow.email
UDP 11335 fuzzy1.rspamd.com & fuzzy2.rspamd.com
TCP & UDP 53

Dazu sollten wir (aber ich glaub das ist an dem Punkt verständlich) die Möglichkeit haben per SSH auf den Server drauf zu können.

Fragen:

Sollte eine Ressource nicht ausreichen, kann man die im Nachgang “hotpatchen” oder ist das fest ?
Brauchst du auch die DNS der Domaine in irgendeiner Art ?

Vielen Dank

Mit freundlichen Grüßen
Christian Zeidler,
Dominik Meurer

Infos

Domain

Welche?

  • bf-performance.org
  • bfperformance.org
  • blackforestperformance.de
  • bfp-racing.de

bfp-racing.de is the domain we bought.