I'm replying with my BlackBerry so I'll need to be brief :)
Outlook cannot handle smime protected calendar emails. The upcoming version of Djigzo allows you to disable signing and or encryption of calendar items. I hope to release the new version in the beginning of January. If you want to test the upcoming release you need to wait till I getback (I don't have the URLs here) or perhaps Andreas can post the URLs here.
Kind regards,
Martijn
-----Original message-----
As far as i know this is only available in the not-yet-released Djigzo
1.3 and later. From a "private" post regarding upcoming 1.3 version:
---
Djigzo open source email encryption
Hi all,
djigzo automaticly sets up the cert and encryption for individual emails based on the email address in the cert.
Is there a way to do this for the whole domain?
Since we only planning on using domain to domain encryption it would save us quite some work at least until we have the central cert directory.
Best regards
Andreas Behr
Diplom Informatiker (FH)
Krämer IT Solutions GmbH
Alte Koßmannschule
Koßmannstraße 7
66571 Eppelborn
Tel.: 0 68 81 / 9 36 29 - 70
Fax: 0 68 81 / 9 36 29 - 5 70
Email: andreas.behr(a)kraemer-it.de <mailto:andreas.behr@kraemer-it.de>
Homepage: kraemer-it.de <http://www.kraemer-it.de/>
News To Use Letter
Klicken Sie hier, um sich jetzt anzumelden <http://www.kraemer-it.de/news/newsletter.shtml>
Kennen Sie schon...
...unsere revolutionäre Netzwerk- und Serverüberwachung? server-eye.de <http://www.server-eye.de/>
...unser einfach zu bedienendes und finanzamtfreundliches Fahrtenbuch? kfz-fahrtenbuch.de <http://www.kfz-fahrtenbuch.de/>
...unsere einfache, sichere und schnelle Methode weltweit eine SMS zu verschicken? firmen-sms.de <http://www.firmen-sms.de/>
...unsere schlaue Datensicherung ohne Kompromisse? schlauer-sichern.de <http://www.schlauer-sichern.de/>
---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer
Hi all,
I noticed, that if I receive a Outlook appointment, the email is empty and the attached ics and the attached Outlook object are not accessible anymore.
Here the headers:
Microsoft Mail Internet Headers Version 2.0
Received: from XXX
by xxx (Postfix) with ESMTP id C813623EE
for <xxx(a)kraemer-it.de>; Mon, 21 Dec 2009 16:21:16 +0100 (CET)
Subject: Aktualisiert: Rathaussturm
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1;
boundary="----=_Part_105_24883274.1261408877179"
X-Original-To: xxx(a)kraemer-it.de
Delivered-To: mail(a)kraemer-it.de
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at pop.kraemer-it.de
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5.3 WHITELISTED tests=[]
autolearn=unavailable
Date: Mon, 21 Dec 2009 15:21:16 +0100
From: "xxx" <xxx(a)xxx.de>
To: <xxx(a)kraemer-it.de>
Message-ID: <5754652.93.1261405386535.JavaMail.djigzo@djigzo>
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Rathaussturm
Thread-Index: AcphJNtpRGvmLZcTQF+1rWEREgzuJg==
X-Djigzo-Info-Encryption-Algorithm-0: 3DES, Key size: 168
X-Djigzo-Info-Encryption-Recipient-0-0: EMAILADDRESS=intermediate(a)kraemer-it.eu,
CN=Intermediate
kraemer-it.eu/1259D191E93AF9BB3FB53F405026FAA//1.2.840.113549.1.1.1
X-Djigzo-Info-Signer-ID-0-1: EMAILADDRESS=intermediate(a)kraemer-it.eu,
CN=Intermediate kraemer-it.eu/12597DE5F3837E973C1C4A52080DD36/
X-Djigzo-Info-Signer-Verified-0-1: True
X-Djigzo-Info-Signer-Trusted-0-1: True
Return-Path: xxx(a)xxx.de
X-OriginalArrivalTime: 21 Dec 2009 14:22:08.0132 (UTC) FILETIME=[FA414C40:01CA8248]
------=_Part_105_24883274.1261408877179
Subject: Aktualisiert: Rathaussturm
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01CA8248.DBC531E8"
Content-class: urn:content-classes:calendarmessage
------_=_NextPart_001_01CA8248.DBC531E8
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
------_=_NextPart_001_01CA8248.DBC531E8
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
------_=_NextPart_001_01CA8248.DBC531E8
Content-class: urn:content-classes:calendarmessage
Content-Type: text/calendar;
name="meeting.ics";
method=REQUEST
Content-Transfer-Encoding: quoted-printable
------_=_NextPart_001_01CA8248.DBC531E8--
------=_Part_105_24883274.1261408877179
Content-Type: application/pkcs7-signature; name=smime.p7s; smime-type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
------=_Part_105_24883274.1261408877179-
The file size suggests the attachments being still there.
I assume Outlook, does not like its file tampered with.
Any idea what could be done here?
Best regards
Andreas Behr
Diplom Informatiker (FH)
Krämer IT Solutions GmbH
Alte Koßmannschule
Koßmannstraße 7
66571 Eppelborn
Tel.: 0 68 81 / 9 36 29 - 70
Fax: 0 68 81 / 9 36 29 - 5 70
Email: andreas.behr(a)kraemer-it.de <mailto:andreas.behr@kraemer-it.de>
Homepage: kraemer-it.de <http://www.kraemer-it.de/>
News To Use Letter
Klicken Sie hier, um sich jetzt anzumelden <http://www.kraemer-it.de/news/newsletter.shtml>
Kennen Sie schon...
...unsere revolutionäre Netzwerk- und Serverüberwachung? server-eye.de <http://www.server-eye.de/>
...unser einfach zu bedienendes und finanzamtfreundliches Fahrtenbuch? kfz-fahrtenbuch.de <http://www.kfz-fahrtenbuch.de/>
...unsere einfache, sichere und schnelle Methode weltweit eine SMS zu verschicken? firmen-sms.de <http://www.firmen-sms.de/>
...unsere schlaue Datensicherung ohne Kompromisse? schlauer-sichern.de <http://www.schlauer-sichern.de/>
---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer
Is there a way to alter the subject line of an encrypted message?
We would like to provide the receiver of the email with some kind of feedback that the message was encrypted.
Andreas Behr
Diplom Informatiker (FH)
Krämer IT Solutions GmbH
Alte Koßmannschule
Koßmannstraße 7
66571 Eppelborn
---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer
Zitat von Andreas Behr - Krämer IT Solutions <andreas.behr(a)kraemer-it.de>:
> Hi everbody,
>
>
>
> we are planing to roll out a Djigzo based box to our customers.
>
> Since we do not want to go to all boxes and add certs whenever a new
> customer buys the box we are looking into a way to distribute the
> certs.
>
> I do believe a central directory service is the way to go.
Not sure if i understand correctly. Your customers need a box with
"pre-populated" external public S/MIME certificates, or do you refer
to the root-CA certificates?
>
> So we are willing to contribute to building such a system. (Since we
> would build one for our customers anyways)
>
If you have Java programers at hand i guess Martijn Brinkers would be
glad to get the help..
Regards
Andreas
Hi everbody,
we are planing to roll out a Djigzo based box to our customers.
Since we do not want to go to all boxes and add certs whenever a new customer buys the box we are looking into a way to distribute the certs.
I do believe a central directory service is the way to go.
So we are willing to contribute to building such a system. (Since we would build one for our customers anyways)
Mit freundlichen Grüßen
Andreas Behr
Diplom Informatiker (FH)
Krämer IT Solutions GmbH
Alte Koßmannschule
Koßmannstraße 7
66571 Eppelborn
Tel.: 0 68 81 / 9 36 29 - 70
Fax: 0 68 81 / 9 36 29 - 5 70
Email: andreas.behr(a)kraemer-it.de <mailto:andreas.behr@kraemer-it.de>
Homepage: kraemer-it.de <http://www.kraemer-it.de/>
News To Use Letter
Klicken Sie hier, um sich jetzt anzumelden <http://www.kraemer-it.de/news/newsletter.shtml>
Kennen Sie schon...
...unsere revolutionäre Netzwerk- und Serverüberwachung? server-eye.de <http://www.server-eye.de/>
...unser einfach zu bedienendes und finanzamtfreundliches Fahrtenbuch? kfz-fahrtenbuch.de <http://www.kfz-fahrtenbuch.de/>
...unsere einfache, sichere und schnelle Methode weltweit eine SMS zu verschicken? firmen-sms.de <http://www.firmen-sms.de/>
...unsere schlaue Datensicherung ohne Kompromisse? schlauer-sichern.de <http://www.schlauer-sichern.de/>
---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer
Hi,
I tried to install the tar.gz on Mac OS X, but the ant call fails with:
init-wrapper:
init:
[echo] Trying to load 'wrapper.dist.Mac OS X.i386.properties'
BUILD FAILED
/Users/rainer/Projects/djigzo/djigzo/build.xml:96: The following error occurred while executing this line:
/Users/rainer/Projects/djigzo/djigzo/wrapper/build.xml:12: wrapper.dist.tar cannot be determined. Does the property file 'wrapper.dist.Mac OS X.i386.properties' exist?
As djigzo is advertized with "Djigzo runs on all systems that support Java and Postfix", I think it should be possible to make this work, and I want to try that. I'm a Java developer, and familiar with and, so a rough guide on what to modify in the ant files would be enough for me.
So: what wrapper is this (original download), what is it used for, and is it possible to make djigzo work without it (e.g. directly starting any Java class)?
Thanks
Rainer Frey
Hello
after playing around since more than two years we finally got S/MIME
on the way for our corporate mail. Two main reasons for the start:
- Very cheap (free) recognized S/MIME certs from www.startssl.com to
get S/MIME certificates for all of our users.
- S/MIME Gateway (Djigzo :-) which lower the administrative burden
significantly and save us from difficult handling at the user desktop.
Our company is a smaller ISV with around 100 employees and customers
mostly in the assurance business. After two weeks with around 400
incoming mails/day we have the following number of external certs
taken from incoming e-mail in our Djigzo store:
- 15 from Mailing-Lists (mostly because of djigzo and startssl list)
- 5 from newsletters (finance)
- 2 with more private background (freemailer)
- 3 business related
This clearly shows one of the major problems for encrypted mail: There
are simply no certs available...
So for the idea of a project "yellow pages" for certificates
integrated in Djigzo i would say we urgently need it.
Regards
Andreas
lst_hoe02(a)kwsoft.de wrote:
> There is really a long way to go. We received today the following
> (correspondingly) answer from a german bank to our inquiry to use
> S/MIME further on to secure confidential mail:
>
>
> "The requested way to secure mail is not wide-spread today and we
> therefore do not support it. We use the follwoing with our Business
> Partners: Include all sensible data in an encrypted ZIP-Archiv
> (AES-256) and send the information attached to the mail."
>
>
> This was from the CIO of the IT department of the bank :-(
> -No further comment-
wow...
That person probably has a note attached to the doorpost of their home:
"key is under the doormat".
I do believe that there's more ignorance in this matter among CIO's and
managers than among tech people in the field.
dagdag
Christine
--
dagdag is just a two-character rotation of byebye.
lst_hoe02(a)kwsoft.de wrote:
> There are some other questions to solve:
> - Should this be public available or Djigzo/Sign-in only?
I think it should be publicly available.
> - It should only allow full e-mail address direct matching, no wildcards
> etc. to prevent address harvesting
Yes, protecting email addresses is important.
>
> But beside this it would solve one of the biggest S/MIME problems today.
> It would be somewhat similar to the mentioned www.bridge-ca.org, but
> without paied membership?
Our view is that email encryption can only be a success when it becomes
a commodity so I think that such feature should be freely accessible.
Kind regards,
Martijn
--
Djigzo open source email encryption