Djigzo uses the "From:" header of the mail to decide which sender
certificate to use. As the header is set by the MUA it is prone to
spoofing and therefore the decision which certificate to use may be
wrong. What is the reason to use the header in this case and not the
envelop sender (MAIL FROM) as it is the case for the recipient?
The database potentialy hold the private keys used for signing and
decryption and should therefore be secured as much as possible. In the
standard installation a default password is used and no obvious
warning is in the documentation that on should at least prevent remote
access to PostgreSQL. This is default for PostgreSQL in some cases but
not in all. If one change the password in hibernate.cfg.xml this file
is world-readable at least when installed by .deb files. Is it
possible to do the following change: Include a warning to protect
access with the Djigzo DB-user and maybe a option to use access
control based on the OS user which is "djigzo" anyway (local socket)
so no handling with passwords is required for the DB.
Is there any documentation which ports are used and what they are used
for? We have the following ports after std. .deb install:
15012 (localhost) --> no problem
9000 (*) --> ??
10025 (*) --> James Mailinput
8443 (*) --> Web-Interface
8282 (*) --> ??
So two ports might be unused but open.
I have tried the same, because I also need german "Umlauts" in some templates.
But it seems it does not work.
I have altered the same lines in the "successful encryption" Template but in the Umlauts "ä" "ö" "ü" appears as "?" in the received e-mail.
Did I have to do anything else to send status mails with special characters?
Date: Mon, 30 Nov 2009 11:46:52 +0100
Subject: [Djigzo users] Charset templates
Content-Type: text/plain; charset="iso-8859-1"
i have altered the templates for "failed encryption"/"successful
encryption" to use german umlauts in the messages.
We have done this by altering
Content-Type: text/plain; charset=UTF-8; format=flowed
I wonder if this has any drawbacks or if this could/should be the
default for all non ASCII languages?