Requirements
System Requirements
CPU |
Intel/AMD 64-bit 4 cores min./8+ cores vCPU |
RAM |
16 GB min., 32+ GB recommended |
Disk space (Operating system and Carbonio) |
40 GB |
These requirements are valid for each Node in a Carbonio Installation and may vary depending on the size on the infrastructure, which includes the number of mailboxes and the services running on each node.
VMware vSphere 6.x |
VMware vSphere 7.x |
XenServer |
KVM |
Virtualbox (testing purposes only) |
Software Requirements
Carbonio is available for 64-bit CPUs only and can be installed on top of any vanilla Ubuntu 20.04 LTS Server Edition or RHEL 8 installation.
The following requirements must be satisfied before attempting to install Carbonio.
-
valid DNS resolution for both the domain (
MX
andA
records) and the FQDN (A
record)Warning
If the FQDN is not correctly configured, the installation will be temporarily suspended to allow the change of the hostname
Python 3, latest version available on the Operating System chosen
Perl, latest version available on the Operating System chosen
IPv6 must be disabled. Make also sure that the
/etc/hosts
does not contain any IPv6 entries.
See the dedicated box below for details and examples.
Support for other distributions will be announced in due course when it becomes available.
Additional Requirements
Acquaintance with the use of CLI is necessary. All
carbonio
commands must be executed as thezextras
user (these commands will feature azextras$
prompt), while all other commands must be issued as theroot
user, unless stated otherwise.Commands or groups of commands may be different between Ubuntu and RHEL 8. This is shown by blue tabs: click on the tab of your choice to find the correct command.
When no such tabs are given, the commands to run are the same on Ubuntu and RHEL 8.
Firewall Ports
For Carbonio to operate properly, it is necessary to allow network communication on specific ports. On a Single-Server installation, only ports in the External Connections must be opened, because all the remaining traffic does not leave the Server.
In Multi-Server installation, ports listed in the Internal Connections and Carbonio Mesh must be opened on all nodes, while those in the External Connections only on the node on which the service runs. For example, port 443 should be opened only on the node hosting the Proxy Role.
TCP External Connections
Port |
Service |
---|---|
25 |
Postfix incoming mail |
80 |
unsecured connection to the Carbonio web client |
110 |
external POP3 services |
143 |
external IMAP services |
443 |
secure connection to the Carbonio web client |
465 |
deprecated SMTP authentication relay [1] |
587 |
Port for SMTP autenticated relay, requires STARTTLS (or opportunistic SSL/TLS) |
993 |
external IMAP secure access |
995 |
external POP3 secure access |
6071 |
secure access to the Admin Panel |
8636 |
access to LDAP address books |
Warning
SMTP, IMAP, POP3, and 6071 ports should be exposed only if really needed, and preferably only accessible from a VPN tunnel, if possible, to reduce the attack surface.
TCP Internal Connections
Port |
Service |
---|---|
22 |
SSH access |
389 |
unsecure LDAP connection |
636 |
secure LDAP connection |
3310 |
ClamAV antivirus access |
6071 |
secure access to the Admin Panel |
7025 |
local mail exchange using the LMTP protocol |
7026 |
bind address of the Milter service |
7071 |
Port for SOAP services communication |
7072 |
NGINX discovery and authentication |
7073 |
SASL discovery and authentication |
7110 |
internal POP3 services |
7143 |
internal IMAP services |
7171 |
access Carbonio configuration daemon (zmconfigd) |
7306 |
MySQL access |
7993 |
internal IMAP secure access |
7995 |
internal POP3 secure access |
8080 |
internal HTTP services access |
8735 |
Internal mailbox mailbox communication |
8742 |
internal HTTP services |
8743 |
internal HTTPS services |
10024 |
Amavis Postfix |
10025 |
Amavis OpenDKIM |
10026 |
configuring Amavis policies |
10028 |
Amavis content filter |
10029 |
Postfix archives access |
10032 |
Amavis SpamAssassin |
23232 |
internal Amavis services access |
23233 |
SNMP-responder access |
11211 |
memcached access |
Ports Used by Carbonio Mesh
These ports are used by Carbonio Mesh internally.
Port |
Protocol |
Service |
---|---|---|
8300 |
TCP Only |
management of incoming requests from other agents |
8301 |
TCP and UDP |
management of gossip protocol [3] in the LAN |
8600 |
TCP and UDP |
DNS resolutions |
8500 |
TCP Only |
clients access to HTTP API |
21000-21255 |
TCP range only |
Automatical Sidecar service registrations |
The Gossip protocol is an encrypted communication protocol used by Carbonio Mesh for message broadcasting and membership management.
Ports Used by Carbonio VideoServer
If you install the Carbonio VideoServer, you need to open these additional ports:
Port |
Protocol |
Service |
---|---|---|
8188 |
TCP |
Internal connection |
20000-40000 |
UDP |
Client connections for the audio and video streams |
Ports Used by Carbonio Monitoring
The Carbonio Monitoring component requires the following ports to be accessible by the server. Each port must be opened on the Node on which the corresponding exporter is installed.
Note
If you plan to allow access to Carbonio Monitoring from external networks, make sure that port 9090 TCP on the Carbonio Monitoring server is reachable.
Port |
Protocol |
Package/Exporter |
---|---|---|
9115 |
TCP |
carbonio-prometheus-blackbox-exporter |
9107 |
TCP |
carbonio-prometheus-consul-exporter |
9104 |
TCP |
carbonio-prometheus-mysqld-exporter |
9113 |
TCP |
carbonio-prometheus-nginx-exporter |
9100 |
TCP |
carbonio-prometheus-node-exporter |
9330 |
TCP |
carbonio-prometheus-openldap-exporter |
9187 |
TCP |
carbonio-prometheus-postgres-exporter |
9256 |
TCP |
carbonio-prometheus-process-exporter |