What do you mean with "additionally signed"? I have just tried it and
Djigzo was able to decrypt the message. Are you sure it wasn't
decrypted? Outlook express signs the message opaque (as opposed to clear
signed). An opaque signed message can only be read with a S/MIME capable
email client. Could it be that the resulting message is not encrypted
but is (opaque) signed?
Kind regards,
Martijn Brinkers
lst_hoe02(a)kwsoft.de wrote:
> _______________________________________________
> Users mailing list
> Users(a)lists.djigzo.com
> http://lists.djigzo.com/lists/listinfo/users
>
>
> ------------------------------------------------------------------------
>
> Subject:
> [Djigzo users] Crypted & Signed from Outlook Express
> From:
> lst_hoe02(a)kwsoft.de
> Date:
> Thu, 26 Nov 2009 13:57:39 +0100
> To:
> users(a)lists.djigzo.com
>
> To:
> users(a)lists.djigzo.com
>
>
> Hello
>
> today i discovered that e-mail send from Outlook Express (Vers. 6 /
> XP-SP3) are not decrypted by Djigzo when they are additionally signed.
> The same e-mail Signed & Crypted from Thunderbird works as expected.
> The header are as follow :
>
> Outlook
> Content-Type: application/x-pkcs7-mime;
> smime-type=enveloped-data;
> boundary="----=_NextPart_000_0022_01CA6E9B.53470530";
> name="smime.p7m"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
> filename="smime.p7m"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.5843
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
>
>
>
> Thunderbird
> Content-Type: application/x-pkcs7-mime; name="smime.p7m"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="smime.p7m"
> Content-Description: S/MIME Encrypted Message
>
>
> I guess its OE doing nasty things but the question is, if there is
> something Djigzo can do to decrypt the message anyway.
>
> Many Thanks
>
> Andreas
>
--
Djigzo open source email encryption
Hello
today i discovered that e-mail send from Outlook Express (Vers. 6 /
XP-SP3) are not decrypted by Djigzo when they are additionally signed.
The same e-mail Signed & Crypted from Thunderbird works as expected.
The header are as follow :
Outlook
Content-Type: application/x-pkcs7-mime;
smime-type=enveloped-data;
boundary="----=_NextPart_000_0022_01CA6E9B.53470530";
name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7m"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Thunderbird
Content-Type: application/x-pkcs7-mime; name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
Content-Description: S/MIME Encrypted Message
I guess its OE doing nasty things but the question is, if there is
something Djigzo can do to decrypt the message anyway.
Many Thanks
Andreas
Hello
after some days of testing for our internal mailsystem i list all the
things we have found or find useful to add/change:
- As provided in a private patch from Martijn Brinkers the splitting
in two output Queues is very helpful and it would be nice to see this
in the standard release in the future.
- A sort-option to only show user certificates or intermediate CAs in
the certificate list would be nice to have.
- The option to not alter the message-ID, so it is possible for the
mailclient to keep track of replys is really important.
- It would be nice to have some read only interface to query if for a
given recpient address a matching certificate is in the store.
- To integrate in a existing Postfix installation it could be handy to
set some parameter (relay IP, max. connections/threads..) of the
builtin james-server with the GUI and to set the Postfix config to
disable.
But in anyway many thanks for the very useful Software.
Regards
Andreas
Hello
today i found that james until version 2.3.1 did alter the message-ID
by default of all messages passing by. This is undesired for a MTA as
it prevents correlating messages and there answers (reply). More
information can be found here:
http://issues.apache.org/jira/browse/JAMES-875
As far as i can tell Djigzo uses james 2.3.1 which by default
re-create the ID. Is it easily possible to update james to 2.3.2
without the need for a new Djigzo release?
Many Thanks
Andreas
I found similar reports (see
https://bugs.freenetproject.org/view.php?id=2062) where the JVM could
not be restarted by Java wrapper when it got stuck. The JVM should not
have crashed. This could be caused by some JVM bug. The wrapper however
should have been able to restart Djigzo. It could be that the default
restart delay time is not long enough for all situations.
I will change the restart delay to 30 seconds for the new release. You
can add the following value to:
/usr/share/djigzo/wrapper/djigzo.wrapper.conf
wrapper.restart.delay=30
When the Java wrapper process detects that the JVM hangs it kills the
JVM and waits 30 seconds before restarting Djigzo.
Why the JVM got stuck in your case that remains a mystery. I have never
seen it happen.
Kind regards,
Martijn Brinkers
Andreas Schubert wrote:
> i use your Djigzo VMware virtual appliance.
>
> in the syslog from yesterday i cannot find any relevant information.
> the kern.log has only entries after the today reboot.
>
> :-(
>
> Mit freundlichen Grüßen
>
> Andreas Schubert
> Dipl.-Ing. (FH)
> Leiter EDV
> Tel. +49 7121 9463-360
> Fax +49 7121 9463-150
> Transline Deutschland Dr.-Ing. Sturz GmbH
>
> Transline Deutschland ist ein Unternehmen der Sturz Gruppe (www.sturz-gruppe.de)
>
>
>
> Martijn Brinkers
> <martijn(a)djigzo.com
> > To
> Sent by: users(a)lists.djigzo.com
> users-bounces@lists cc
> .djigzo.com
> Subject
> Re: [Djigzo users] djigzo does not
> 06.11.2009 11:13 deliver mails
>
>
>
>
>
>
>
>
>
> Somehow the Java Virtual Machine got stuck which normally should not
> happen (perhaps a JVM bug?).
>
> Java wrapper which is used to start Djigzo 'injects' a Java process into
> the JVM and periodically checks whether the JVM still responds. Java
> wrapper itself is a Linux application (written in C). It detected that
> the JVM was no longer responding and tried to restart the JVM. Somehow
> Java wrapper was unable to restart Djigzo.
>
> JVM appears hung: Timed out waiting for signal from JVM.
> JVM did not exit on request, terminated
> JVM exited in response to signal SIGKILL (9).
> Unable to start a JVM
> <-- Wrapper Stopped
> --> Wrapper Started as Console
>
> You test that the wrapper process restarts Djigzo after an unexpected
> exit by killing the Djigzo java process (using killl -9)
>
> If I explicitly kill the Djigzo Java process Djigzo is automatically
> restarted by the wrapper process. djigzo.log after killing the Djigzo
> process:
>
> JVM exited unexpectedly.
> JVM exited in response to signal SIGKILL (9).
> Launching a JVM...
>
> In your case the Java wrapper was unable to restart Djigzo so it seems
> that there were problems with your Linux system. The big question is
> what kind of problems.
>
> Is there anything relevant in syslog or kernel.log?
>
> Kind regards,
>
> Martijn Brinkers
>
>
> Andreas Schubert wrote:
>> hello,
>>
>> yesterday we had a strange behavior.
>>
>> djigzo accepts all emails but did not deliver anyone.
>> in the syslog i find entries like this:
>> "......lost connection with 127.0.0.1[127.0.0.1] while receiving the initial
>> server greeting"
>> and later in the syslog many entries
>> "connect to 127.0.0.1 .... connection refused"
>>
>> i tried to open http-management interface, but i got this error message:
>> (See attached file: check.htm)
>>
>> has someone an idea what has happend and what can we do to prevent this
>> behavior?
>>
>> regards
>>
>> Andreas Schubert
>>
>> Transline Deutschland Dr.-Ing. Sturz GmbH
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)lists.djigzo.com
>> http://lists.djigzo.com/lists/listinfo/users
>
>
> --
> Djigzo open source email encryption
> _______________________________________________
> Users mailing list
> Users(a)lists.djigzo.com
> http://lists.djigzo.com/lists/listinfo/users
>
>
>
--
Djigzo open source email encryption