We are happy to announce a new release of the CipherMail Email
Encryption Gateway. The virtual appliance images in this release are
based on RHEL 8 and CentOS Stream 8.
NOTE: this release is signed with our new signing key
0x2DBD8E4AB2C1485AE00194E8704B4819C58C56D3. This key has been signed by
our old key.
CipherMail Email Encryption Gateway 5.0.2 release notes:
- The TLS settings used by Postfix now exclude configurations that are
deemed insufficient by NCSC-NL, like the SSLv3 protocol and RC4
encryption algorithm. Ref: NCSC-NL TLS Guidelines
- Patched JQuery 1.12.4 to fix all open security issues.
- PAM authentication added to the administrative web interface.
Administrators can now log in with their Unix credentials. PAM
authentication can be disabled from the Admin page (after logging in)
or by adding the properties file conf/djigzo.properties.d/disable-
pam.properties with content pam.enabled=false.
- The enterprise virtual appliance is now based on RHEL 8. [PRO/ENT]
- The community virtual appliance is now based on CentOS Stream 8.
- CipherMail core packages (djigzo, djigzo-web) now require the
ciphermail-core-os package. There are two packages that provide the new
ciphermail-core-os dependency: ciphermail-core-os-no-deps and
ciphermail-core-os-rhel8. When installing on RHEL 8 or CentOS Stream 8,
you should use ciphermail-core-os-rhel8. In other cases, use
- The back-end log file is now written to /var/log/ciphermail-gateway-
- The front-end log file is now written to /var/log/ciphermail-webmail-
- A default built-in administrative user is no longer created on first
start. Administrators should log in with their Unix account after which
they can configure new administrative users if needed.
- The IP filter properties file (for the Web GUI) was moved from
/etc/djigzo/ip-filter.properties to /etc/ciphermail/ip-filter/ip-
- Replaced service commands with systemctl in all scripts. The back-end
should now be started with systemctl restart ciphermail-gateway-backend
and the front-end should be started with systemctl restart ciphermail-
- The graphs to show on the admin homepage are now read from a json
- Add option to import/export root certificates with the CertStore tool
(use --root-store option).
- The Fetchmail service is no longer enabled by default.
- The restore function of the backup page is now only enabled if the
user is logged in via PAM. i.e., with a Unix account. The additional
system password field for restoring has been removed.
- Files from the application directory are now by default owned by
root. Files and directories that should be owned by the back-end user
- There is now only one build of the console app which is shared by the
gateway and webmail messenger.
- The Certbot manage script could no longer detect whether or not a
Let's Encrypt certificate was available or not because the text
returned by Certbot was changed. We now check whether the dir
/etc/letsencrypt/live/ciphermail exists or not. [PRO/ENT]
- Fix PGP key expiration logic. If a key signature has no expiration
date and is the most recent signature, the key should never expire even
if there are older signatures that expire.
- Some password fields are now configured with autocomplete="new-
password" to prevent autofilling.
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF encryption and Webmail Messenger.
T: +31 20 290 00 88