Network architecture

The CipherMail gateway is typically installed as a store and forward server. There are multiple ways the gateway can be placed within the existing infrastructure. The following two setups are the most typical setups.

After content scanner

In this setup the CipherMail gateway is placed between the content scanner and the Internet. This allows outgoing email to be scanned, for example for viruses, SPAM and sensitive or confidential information, before the email gets encrypted and incoming email to be scanned after decryption.


These are the two most typical setups. Different setup are however supported as long as the connected systems use SMTP.

Encryption after content scanner, decryption before content scanner

Content scanner with redirect

In this setup the CipherMail gateway is placed below the content scanner. If the content scanner detects that email must be encrypted, for example because of deep email inspection, the content scanner sends the email to the CipherMail gateway for encryption. The CipherMail gateway, after encryption, sends the email back to the content scanner. The content scanner then sends the email to the final recipient. Incoming email which is S/MIME or PGP encrypted will first be delivered to the CipherMail gateway for decryption. The CipherMail gateway will then send the email back to the content scanner where it will be scanned and if approved, it will be delivered to the internal user’s inbox.

Encryption and decryption controlled by content scanner.


For simplicity, the above examples do not show how multiple gateway’s can be configured in a high availability cluster. A HA cluster is however supported.