gophish icon indicating copy to clipboard operation
gophish copied to clipboard

Published 20 hours ago verified publisher icon gophish

Server Requirement for about 12k users

Open KallyYang opened this issue 2 years ago • 8 comments

Server specs for launching a test for about 12k users CPU?RAM?Bandwidth?

KallyYang avatar Sep 20 '22 14:09 KallyYang

Gophish is pretty lightweight, but these are the two main limitations you'd run into:

https://github.com/gophish/gophish/issues/2602

I'd recommend breaking that 12k into 12 x 1k and you'll be fine on 4GB RAM on a modern CPU.

glennzw avatar Sep 21 '22 08:09 glennzw

I am planning to deploy a 4core 8G B server,and split 12k to 3 groups so that send about 4k emails each day(evenly in several hours). How do you think?> Gophish is pretty lightweight, but these are the two main limitations you'd run into:

https://github.com/gophish/gophish/issues/2602

I'd recommend breaking that 12k into 12 x 1k and you'll be fine on 4GB RAM on a modern CPU.

KallyYang avatar Sep 21 '22 15:09 KallyYang

You can just use the built-in functionality to spread sending over a couple of hours. We're running a 4 core 8GB VPS but the primary motivation for those specs is that the AV uses a lot of resources for the mailserver.

Miesvanderlippe avatar Sep 26 '22 15:09 Miesvanderlippe

You can just use the built-in functionality to spread sending over a couple of hours. We're running a 4 core 8GB VPS but the primary motivation for those specs is that the AV uses a lot of resources for the mailserver.

I will also choose the same specs, while I will use additional SMTP service so maybe my server will custom less resource?

KallyYang avatar Sep 26 '22 16:09 KallyYang

I haven't found an e-mail provider that allows phishing simulations yet. Having said that, yes an external mailserver would relieve a fair bit of load from your GoPhish server compared to my setup. The bandwidth consumption would be roughly the same though.

Miesvanderlippe avatar Sep 26 '22 16:09 Miesvanderlippe

@KallyYang I'd recommend setting up your own SMTP server; as @Miesvanderlippe says, no providers I'm come across either allow phishing emails in their ToS (even simulated ones).

glennzw avatar Sep 30 '22 11:09 glennzw

@KallyYang I'd recommend setting up your own SMTP server; as @Miesvanderlippe says, no providers I'm come across either allow phishing emails in their ToS (even simulated ones).

Hi, what do you recommend to create my own SMTP Server? Can Postfix handle the simulations configured properly for 2k+ users ?

zJvco avatar Jun 25 '24 23:06 zJvco

I run docker-mailserver. Always spread out campaigns (this is a GoPhish setting) over a 100 recipients, the receiving mailserver will drop you otherwise. About 1 mail every 2 seconds is fine.

Miesvanderlippe avatar Jun 26 '24 10:06 Miesvanderlippe