Regigate information

From regify WIKI
Jump to navigation Jump to search


The regigate appliance delivers enterprise-grade encryption and decryption services with regimail technology in an efficient, all-in-one solution. regigate relies on regify’s data security-audited technology. regigate enables best-in-class automation by seamlessly integrating into the existing e-mail transport flow and ensuring compliance with corporate policies. In conjunction with your regify provider, it offers fully automatic regimail encryption and decryption working as an SMTP enabled MTA (Mail Transfer Agent). It encrypts any outgoing standard e-mail message and decrypts any incoming regimail message, thereby resolving the major issues for trusted e-mail communication:

  • Freedom to choose between regigate-driven automation and end-to-end encryption
  • Comprehensive transaction register through regify technology
  • Seamless integration into the existing infrastructure


regigate is based on a software appliance that offers you all needed technical functions to easily integrate to your infrastructure:

  1. Software appliance, based on a special Linux version (comes as an ISO image).
  2. Hardened for 24/7 internet availability and security
    1. Built-in firewall blocking all unused ports.
    2. All unused services, users and groups are removed or stopped.
    3. Continuously updated by "check for updates" function including all operating system and application components (Kernel, OpenSSL etc).
    4. Appliance management is only available by SSH from internal IP address range or (optional) from dedicated external IP addresses.
  3. Offering high availability mode with real-time fail-over using floating IP technology.
  4. Supports unlimited routes for in- and outgoing messages (based on ports and/or IP addresses).
  5. Opportunistic TLS encryption of any MTA traffic.
  6. Built-in rule engine for rule based encryption and decryption or transparent forwarding.
    1. Individual decisions for encryption and decryption.
    2. Based on sender, recipients, recipients domains, subject, attachment names and any other email header.
    3. Mark encrypted/decrypted messages in either subject or by adding/changing mime headers
  7. Secure and certificate based connection to the regify (sub)provider.
  8. Automatic time-synchronisation using NTP.
  9. Supporting NAGIOS monitoring (client modules available).
  10. Allows easy and automatic updates.
  11. Does not need any advanced Linux knowledge.


regigate scheme detailed

The regigate appliance flexibly integrates into your message flow without requiring major changes to your existing solutions for filtering, content checking, virus scanning, data protection or other applications for data protection and security. The regigate appliance acts as a MTA in your message flow and therefore works with any other SMTP appliance and mail-servers that you are using. You can define the policies for encryption and decryption in your existing applications by utilizing their individual functionality such as policy engines or use the regigate built-in rule engine. When processed, the messages are returned into the existing message flow or sent to the Internet (outgoing).

Implementation options

There are two ways to integrate regigate into your existing infrastructure and connecting to the regify provider.

  1. Direct
    • This means you are running both a regigate appliance and a regify provider in-house.
    • All data stays in-house and you are in full control of the regify provider.
  2. Distributed
    • The regify provider is not in-house but regigate is.
    • The end-point regify provider needs to be at least a sub-provider.
    • regigate is using a secured and encrypted protocol to talk to the regify (sub)provider.
    • Port 443 to the regify provider has to be available (internet access or VPN tunnel).
    • E-mail data is not leaving your house for encryption/decryption. Only encryption data is transferred through the provider connection. Therefore, there is only very little traffic on the provider connection, independent of message sizes.
  3. Outsourced
    • It is possible to host regigate on third party environment if your email server is also hosted there.
    • But please note the Regigate_requirements that have to be met.

Please find Information about the regigate hardware requirements here.