NTACurrent en:System Requirements
Aus Cryptshare Documentation
The Cryptshare Mail Gateway is the central component of Cryptshare for NTA 7516. See Overview for more details.
(Virtual) Hardware
The hardware requirements strongly depend on how many emails the system has to handle in a given time. Please note that all outgoing and a part of the incoming emails must be processed by the Cryptshare Mail Gateway.
The following requirements apply as a minimum:
- 4 GB RAM
- 2 GHz x86 dual core processor (64 bit)
- 10 GB free hard disk space
In general, a fast hard disk setup, for example using SSD or RAID-10, is recommended.
Operating System and Configuration
- Debian 11.X (Bullseye) Linux: The Cryptshare Mail Gateway software package is made to be installed on a fresh Debian 11.X (Bullseye) Linux, 64 bit (x86 architecture). During the installation, other required software is pulled from the package sources.
- Hard disk encryption: To ensure the security of the data in rest that is handled by the Cryptshare Mail Gateway, hard disk encryption is required. We recommend to choose the appropriate hard disk setup during the OS installation ("encrypted LVM").
- Server TLS certificate: To allow incoming SMTP traffic that is secured by TLS, a server certificate is required. This should be issued by a commonly trusted CA. The certificate needs to have a minimum key length of 3072 bits, to comply to the technical agreements for NTA 7516.
- Client TLS certificate: Some NTA 7516 compliant organizations require the authentication with a client certificate during SMTP communication. This client certificate is issued to you during the licensing process.
Network
- Public IP address: Messages that are sent by other NTA 7516 compliant parties are routed to the Cryptshare Mail Gateway. This requires a separate public IP address that can be assigned to it.
- Firewall configuration: The table below shows the network traffic that has to be permitted to/from the Cryptshare Mail Gateway.
| Port # | Service | Direction | Source/Destination | Purpose |
|---|---|---|---|---|
| 25 | SMTP | Inbound | Internet | Receive incoming email from foreign mail servers. |
| 25 | SMTP | Inbound | Mail server(s) | Receive outgoing email from the own mail server(s). |
| 25 | SMTP | Outbound | Internet | Send outgoing emails to foreign mail servers. |
| 25 | SMTP | Outbound | Mail server(s) | Send incoming emails to the own mail server(s). |
| 53 | DNS | Outbound | Internet | Query DNS records. Please note that Cryptshare Mail Gateway contains a local DNS resolver. |
| 22 | SSH | Inbound | Administrative clients | Maintenance shell access for administrators. |
| 443 | HTTPS | Outbound | Internet | Fetch software packages and updates from package sources. |
| 80 | HTTP | Outbound | Internet | Fetch software packages and updates from package sources. |
Cryptshare for NTA 7516 involves other Cryptshare products. Please refer to the following table to find the required versions.
| Product | Required Version |
|---|---|
| Cryptshare for Outlook | 2.3.0 or higher |
| Cryptshare Server | All versions |