Skip to content

System Requirements

Mailborder V6 requires specific hardware, software, and network configurations to operate effectively. This page outlines the requirements for successful deployment.

Supported Operating Systems

Mailborder V6 is officially supported on:

  • Debian 11 (Bullseye) - Recommended
  • Debian 12 (Bookworm) - Supported
  • Debian 10 (Buster) - End of life, upgrade recommended

Ubuntu Linux (Supported)

  • Ubuntu 20.04 LTS - Supported
  • Ubuntu 22.04 LTS - Supported
  • Ubuntu 24.04 LTS - Expected support

Note

Mailborder is developed and tested primarily on Debian. Ubuntu deployments are supported but may require additional dependency resolution.

Architecture

  • x86_64 (AMD64) - Required
  • ARM architectures are not currently supported

Hardware Requirements

Hardware requirements vary based on email volume and user count.

Minimum Configuration (Testing/Small Office)

Suitable for up to 50 users or 5,000 messages per day:

  • CPU: 2 cores (2.0 GHz or faster)
  • RAM: 4 GB
  • Storage: 40 GB SSD
  • Network: 100 Mbps

Warning

Minimum configuration is suitable for testing or very small deployments only. Production environments should use recommended specifications or higher.

Suitable for 50-500 users or up to 50,000 messages per day:

  • CPU: 4 cores (2.4 GHz or faster)
  • RAM: 8 GB
  • Storage: 100 GB SSD
  • Network: 1 Gbps

Production Configuration (Medium to Large)

Suitable for 500-2,000 users or up to 200,000 messages per day:

  • CPU: 8 cores (2.8 GHz or faster)
  • RAM: 16 GB
  • Storage: 250 GB SSD
  • Network: 1 Gbps (redundant NICs recommended)

Enterprise Configuration

Suitable for 2,000+ users or 200,000+ messages per day:

  • CPU: 16+ cores (3.0 GHz or faster)
  • RAM: 32 GB or more
  • Storage: 500 GB+ SSD (NVMe recommended)
  • Network: 10 Gbps (redundant NICs)

Clustering

For very large deployments (10,000+ users, millions of messages per day), consider a clustered configuration:

  • Master Node: 8 cores, 16 GB RAM, 250 GB SSD
  • Child Nodes: 8-16 cores, 32 GB RAM, 100 GB SSD each
  • Add child nodes as needed for capacity

Storage Considerations

Operating System: 20 GB minimum

Database: Size depends on log retention - 1 month retention: ~5 GB per 10,000 messages/day - 6 month retention: ~30 GB per 10,000 messages/day - 1 year retention: ~60 GB per 10,000 messages/day

Quarantine: Size depends on spam volume and retention - Estimate 5-10% of daily volume held - Average email size: 50-100 KB - Example: 10,000 messages/day × 5% × 100 KB × 7 days = ~350 MB/week

Logs: Highly variable based on verbosity - Typical: 500 MB to 2 GB per month - With debug logging: 10 GB+ per month

Signature Updates: Virus and spam signatures - ClamAV: ~200 MB - Rspamd: ~50 MB - Updates several times daily

Storage Recommendations

  • Use SSD storage for database and Redis for best performance
  • Separate /var/log and /var/spool to dedicated partitions
  • Monitor disk usage and set up alerts at 80% capacity
  • Plan for 6-12 months of growth when sizing storage

Software Requirements

Required System Packages

Mailborder installation requires these system components:

Core System - SystemD init system - OpenSSL 1.1.1+ or 3.0+ - GNU C Library (glibc) 2.28+ - Bash 4.4+

Mail Transport - Postfix 3.5+ (installed automatically)

Databases - MariaDB 10.5+ or MySQL 8.0+ (installed automatically) - Redis 6.0+ (installed automatically)

Scanning Engines - Rspamd 3.0+ (installed automatically) - ClamAV 0.103+ (installed automatically)

Web Server - Nginx 1.18+ (installed automatically) - PHP 8.1+ with PHP-FPM (installed automatically)

PHP Extensions - php-fpm - php-mysql (PDO) - php-redis - php-mbstring - php-gd - php-curl - php-xml - php-zip - php-bcmath - php-gmp (for WebAuthn/Passkey)

Note

The Mailborder .deb package declares all dependencies. APT will automatically install required packages during installation.

Network Requirements

Ports

Mailborder requires these network ports:

Inbound (must be accessible from Internet): - TCP 25 (SMTP) - Email reception from Internet - TCP 587 (Submission) - Email submission from mail clients (optional)

Inbound (must be accessible from internal network): - TCP 443 (HTTPS) - Web administration interface - TCP 80 (HTTP) - Redirect to HTTPS (optional)

Outbound (must be accessible to Internet): - TCP 25 (SMTP) - Email delivery to destination mail servers - TCP 80 (HTTP) - Signature updates, RBL queries - TCP 443 (HTTPS) - Signature updates, license validation - UDP 53 (DNS) - DNS resolution (critical)

Localhost only (no external access): - TCP 3306 - MariaDB (bound to 127.0.0.1) - TCP 6379 - Redis (bound to 127.0.0.1) - TCP 11333 - Rspamd (bound to 127.0.0.1) - TCP 3310 - ClamAV (bound to 127.0.0.1) - Unix sockets - Internal service communication

Firewall Configuration

  • Only expose ports 25, 80, and 443 to external networks
  • Never expose MariaDB, Redis, Rspamd, or ClamAV ports externally
  • Use host-based firewall (iptables/nftables) for defense in depth
  • Consider fail2ban for brute-force protection

DNS Requirements

Critical DNS functionality:

  • Forward DNS (A/AAAA records) - Resolve hostnames to IPs
  • Reverse DNS (PTR records) - Your sending IP must have valid PTR record
  • MX Records - Properly configured for your domain
  • SPF Records - Configure SPF for your domain
  • DKIM Records - Publish DKIM keys for your domain (optional but recommended)
  • DMARC Records - Configure DMARC policy (optional but recommended)

Reverse DNS Required

Most mail servers will reject or heavily penalize email from servers without valid reverse DNS. Ensure your ISP or hosting provider has configured PTR records for your mail server IP.

Bandwidth Requirements

Estimate bandwidth based on email volume:

  • Average email size: 50-100 KB
  • 10,000 messages/day ≈ 500 MB - 1 GB/day
  • Add 20% overhead for SMTP protocol, retries, etc.
  • Signature updates: ~10-50 MB/day

For 50,000 messages/day: - ~2.5-5 GB/day inbound+outbound email - ~75-150 GB/month - Recommend 10 Mbps sustained, 100 Mbps burst

Time Synchronization

Accurate time is critical for:

  • Email timestamp validation
  • DKIM signature verification
  • Certificate validation
  • Log correlation
  • Authentication tokens (TOTP)

Requirements: - NTP client configured and running - Time within ±5 minutes of actual time - Recommend multiple NTP servers for redundancy

Configure NTP: 

apt install systemd-timesyncd
timedatectl set-ntp true
timedatectl status

Network Architecture

Deployment Topology

Option 1: MX Record (Direct from Internet)

Internet → Mailborder (MX record) → Internal Mail Server
  • Mailborder's IP is in domain's MX records
  • All Internet email delivered directly to Mailborder
  • Mailborder forwards clean email to internal mail server

Option 2: Smart Host (Behind Existing Gateway)

Internet → Existing Gateway → Mailborder → Internal Mail Server
  • Existing firewall or gateway receives email first
  • Forwards to Mailborder for scanning
  • Mailborder delivers to internal mail server

Option 3: Outbound Gateway

Internal Mail Server → Mailborder → Internet
  • Internal mail server sends outbound email to Mailborder
  • Mailborder scans and relays to Internet
  • Protects against internal compromise sending spam

Option 4: Bidirectional Gateway

Internet ⇄ Mailborder ⇄ Internal Mail Server
  • Handles both inbound and outbound email
  • Most common deployment model
  • Comprehensive protection

Network Addressing

Static IP Required - Mailborder should have static IP address - Do not use DHCP in production

Hostname Requirements - Fully qualified domain name (FQDN) - Valid forward DNS (A record) - Valid reverse DNS (PTR record) - Example: mailborder.example.com

IP Reputation - Use clean IP address (not previously used for spam) - Check IP against RBLs before deployment - Monitor IP reputation regularly

Browser Requirements (Admin Interface)

The web administration interface requires a modern browser:

Supported Browsers: - Chrome 90+ (recommended) - Firefox 88+ - Safari 14+ - Edge 90+

Required Features: - JavaScript enabled - Cookies enabled - TLS 1.2+ support - WebAuthn support (for passkey authentication)

Screen Resolution: - Minimum: 1280×720 - Recommended: 1920×1080 or higher

Note

Mobile browsers are supported for monitoring and basic tasks, but full administration is best performed from a desktop browser.

Virtualization

Mailborder supports deployment on virtual machines:

Supported Hypervisors: - VMware ESXi 6.5+ - Proxmox VE 6+ - KVM/QEMU - Hyper-V 2016+ - VirtualBox (testing only)

VM Configuration: - Allocate dedicated CPU cores (not shared) - Allocate dedicated RAM (not overcommitted) - Use SSD storage or SAN with SSD cache - Use virtio drivers for best performance (KVM/Proxmox) - Use VMXNET3 network adapter (VMware)

Not Recommended: - CPU overcommitment (affects spam scanning performance) - RAM overcommitment (causes swapping, severe performance issues) - Network overcommitment (causes email delays)

Cloud Deployment

Mailborder can be deployed on cloud infrastructure:

Supported Platforms: - AWS EC2 - Google Compute Engine - Microsoft Azure VMs - DigitalOcean Droplets - Linode - Vultr

Instance Recommendations: - AWS: t3.medium (small), c5.xlarge (production) - GCP: n2-standard-2 (small), n2-standard-4 (production) - Azure: Standard_B2s (small), Standard_D4s_v3 (production)

Important Cloud Considerations: - Elastic/floating IPs required for consistent sender reputation - Reverse DNS configuration (may require provider support ticket) - Port 25 often blocked by default (requires provider request to unblock) - Consider cloud email relay services if port 25 cannot be opened - Data transfer costs (estimate email volume × $0.05-0.10/GB)

Cloud Port 25 Restrictions

Many cloud providers block outbound port 25 by default to prevent spam. This must be unblocked to send email. Some providers require: - Support ticket requesting unblock - Account review for abuse prevention - May take 24-48 hours - AWS: Request to Remove Email Sending Limitations - GCP: Generally open, but subject to rate limits on new accounts

Pre-Installation Checklist

Before beginning installation, verify:

  • [ ] Operating system is Debian 11+ or Ubuntu 20.04+
  • [ ] System is updated: apt update && apt upgrade
  • [ ] Hardware meets recommended specifications for your email volume
  • [ ] Static IP address assigned
  • [ ] Hostname configured (FQDN)
  • [ ] DNS A record created pointing to server IP
  • [ ] DNS PTR record created (reverse DNS)
  • [ ] MX record updated (if direct from Internet) or smart host configured
  • [ ] Firewall rules configured (allow 25, 80, 443)
  • [ ] Port 25 outbound is not blocked
  • [ ] NTP time synchronization configured
  • [ ] Root or sudo access available
  • [ ] Internet connectivity confirmed
  • [ ] Valid license key obtained (if required)

Next Steps

With requirements confirmed, proceed to: