Users June 2009

users@lists.ciphermail.com

6 participants
8 discussions

by Dimitri Yioulos

As a test of Djigzo (and because some of our mail recipients use public, Web-based mail like Yahoo Mail and Gmail), I've created a Djigzo user (me) with a Gmail account. In the user's Djigzo profile, I created the Subject trigger "test". I sent a message to me(a)gmail.com with the subject "test". What I received was an email with no message, but an attachment labelled smime.p7m. The only option I have is to download it, but don't have any idea what the DL is or how to open it. BTW, I have the FireGPG plugin installed on my copy of Firefox, and it does work with Gmail. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

12 years, 3 months

[Djigzo users] Integrating Djigzo with Exchange Server 2007

by Hartlaub, Scott E.

Anyone with experience or advice on integrating Djigzo with MS Exchange Server? Thanks in advance. Scott

12 years, 3 months

Re: [Djigzo users] Customer experience

by Martijn Brinkers

Hi Dan, Dan Banach wrote: > Sorry it's taken some time to respond. We deal with a wide range of > email recipients (large companies, small offices, individuals, etc.) > with a wide range of email encryption knowledge, so the ideal encryption > solution for us would be very flexible. Not only flexible for outgoing > mail, but also incoming mail as well. Some users/business' use PGP, > others use certs and some use the various other options. Being able to > communicate with them all is very helpful. Right now now I'm working on Blackberry S/MIME support for BIS users (for BES users there is already S/MIME email). Once that is finished I will start working on new major features. There are some features I would like to start working on but I'm not sure which one that should be. Two main new features I was thinking about are: 1. PGP support 2. Client-less email encryption Nr 1 is clear. I will briefly explain nr 2. Client-less Currently Djigzo supports S/MIME and PDF encryption. Recipients that do not want are cannot receive S/MIME or encrypted PDFs are currently not supported. The new encryption functionality I would like to add is the following: If an email sent to an external recipient needs to be encrypted and the recipient cannot receive S/MIME email of an encrypted PDF the email will be converted to a .html file. The original plain-text message (and attachments) will be encrypted with a certificate for the external recipient and added to the .html. The .html will be added to a general message (which does not contain any sensitive information) and sent to the recipient. The recipient opens the .html message in the email client (can for example be hotmail). The .html will open a SSL connection to the companies Djigzo server (which can be a dedicated server just for the portal). The Djigzo server will show a login page. The recipient now has to login. After the login the recipients browser will push the encrypted 'blob' (contained in the HTML) to the portal. The portal will decrypt the message with the private key of the recipient (which is stored on the companies Djigzo server). The recipient can now read the message and download any attachments (the portal uses SSL for secure access). The main advantage is that the recipient only requires a browser. The encrypted data is stored locally on the recipients system (there is no long term copy on the Djigzo server). An attacker needs access to the locally stored .html file AND the portal password to read the message. The message is encrypted with the same algorithm as a S/MIME message. The only difference is that it's encoded inside a .html file. A disadvantage is that the Djigzo server needs to be accessible to external recipients. Right now I'm leaning towards implementing feature 2 but it could be that you or any other Djigzo user has another preference or request for a feature. If so I'm all ears :) > > I > think another great feature you could include would be to grant internal > users the ability to manage their own decryption profiles. They should > be able to add/create there own certs/keys and create their own > passwords. Ideally it is tied into the directory via ldap or something > so authentication and user information is seamless. > One problem is that currently the settings for an external user are shared by all internal users. So, if internal user A changes settings for external user E internal user B will also be affected. Do you want the user list to be different for each internal user? Right now you can add admins with different roles. You can add an admin that can add keys etc. but not change the MTA settings, Kind regards, Martijn

12 years, 3 months

Re: [Djigzo users] Outlook pfx import

by Dimitri Yioulos

Hi, Martijn, No, it continues to fail. When I create a cert for the user, I enter a password into the password bix, check the box to send by email, but don't check the box for SMS (we won't be using that). The user receives the email with the pfx, double-clicks it to start the import procedure, gets to the part where she is asked to provide the password, enters the password, but it fails. This just dawned on me - I'll have the user save the pfx to her desktop first, then try to import it. I've found that trying to work with files while they're still attached to an email causes problems. I'll have her try it out on Monday morning (GMT -5), and report back. If that works, then my bad, and I'll be completely embarrassed at wasting your time :-) . But, hey, it'll be progress! Best, Dimitri On Sat, 20 Jun 2009 10:04:16 +0200, Martijn Brinkers wrote > Hi Dimitri, > > Did you succeed in importing the pfx file? > > Kind regards, > > Martijn Brinkers > > Martijn Brinkers wrote: > > > via the "certificate import wizard", the password > > > that was created for the user in Djigzo isn't > > > > Do you mean the password for the pfx? or the password of the user > > preferences of the user? > > > > Could you resent the same certificate but now with a new password? > > > > > accepted. BTW, I have to tell the user what the > > > password is, as it's not being sent via SMS. > > > What am I doing wrong? > > > > The SMS functionality requires you to setup an account on > > www.clickatell.com. Clickatell is one of the biggest companies providing > > SMS gateway functionality. I picked Clickatell because it's one of the > > best known SMS gateway providers. As sending SMS is not free you will > > need to setup an pre-paid account online. SMS costs are something like > > $0.04 per SMS. For more info on the SMS gateway see page 40 of the > > administration guide. > > > > In principle it is possible to directly connect a Nokia mobile phone but > > this cannot be done with the Virtual appliance (it requires a valid USB > > port) but we advise you to use the Clickatell gateway. > > > > If you want to use a different SMS gateway we can see whether we can > > create SMS transport for it just as long as it provides a public > > accessible API. Currently Djigzo supports a direct Nokia connection and > > Clickatell gateway but any SMS gateway can be integrated. > > > > If you need more info on setting up a Clickatell account I can write > > some more detailed guide on setting up the account. > > > > Kind regards, > > > > Martijn > > > > > > Dimitri Yioulos wrote: > >> I've gotten Djigzo to send a new user's pfx via email. However, when > >> the user tries to import it via the "certificate import wizard", the > >> password that was created for the user in Djigzo isn't accepted. BTW, > >> I have to tell the user what the password is, as it's not being sent > >> via SMS. What am I doing wrong? > >> > >> Thanks. > >> > >> Dimitri > >> > > > > > > -- > Djigzo open source email encryption > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- Dimitri Yioulos, CIO First 1 Financial Corporation 600 Cordwainer Dr. Norwell, MA 02061 781-871-4220 x1007 dyioulos(a)firstbhph.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

12 years, 3 months

[Djigzo users] Outlook pfx import

by Dimitri Yioulos

I've gotten Djigzo to send a new user's pfx via email. However, when the user tries to import it via the "certificate import wizard", the password that was created for the user in Djigzo isn't accepted. BTW, I have to tell the user what the password is, as it's not being sent via SMS. What am I doing wrong? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

12 years, 3 months

[Djigzo users] Newbie set-up help

by Dimitri Yioulos

Hello to anyone listening. I'm excited about Djigzo, and would like to implement it in our 65-person shop. I DL'd, and successfully installed the latest VM version on VMware Server 1.0.9. I also added the latest version of VMware Tools. I've read all of the manuals, and have a general idea of what I need to do to make this all work. But, I can't seem to get my head completely around it. Someone's help in setting up and getting it running would be much appreciated. Here's my present email set-up: latest sendmail, as well as MailScanner, MailWatch, clamav, Bit Defender, and spamassassin (which have been in place, and running well, for five years) in DMZ. I'd like to place Djigzo in front of my current mail server, and use self-created certificates. Again, help would be appreciated. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

12 years, 3 months

[Djigzo users] New version of Djigzo released (1.2.2)

by Martijn Brinkers

Hi, I'm happy to announce a new release of Djigzo. Djigzo now has a built-in CA which you can use to issue certificates for internal and external users. A certificate and private key can be securely sent to an external user. The external user can use the certificate with any S/MIME capable email client. The message sent to the external recipient contains a link to a page with help on how to install the pfx file www.djigzo.com/help/import_pfx.html Why issuing certificates to external users? My experience is that users find it hard to get their own certificates (from Comodo, Thawte etc.). Another problem is that users will lose their certificates (and private key) because of a system crash etc. The Djigzo CA server can function as a "key escrow" for these users because the administrator can sent a copy of the certificate and key. Users that do not trust or do not want to use the build-in CA can get their own certificate from a commercial certificate vendor. Regards, Martijn Brinkers Change log 1.2.2: * [Djigzo] New: built-in CA added. The CA can issue certificates for internal and external users * [Djigzo] New: Telephone numbers specified on the subject can be used as for the SMS Text message number * [Djigzo] Improvement: BB add-on. Attachment not supported by the Blackberry are stripped. HTML only mail is converted to text * [Djigzo] Improvement: BB add-on. Large attachment are now supported * [Djigzo] Improvement: Root certificate is added when exporting certificates and when signing messages * [Djigzo] Improvement: CRLDistPointCertPathChecker added to certificate path builder. Critical CRL dist points are now accepted * [Djigzo] Improvement: Force "encrypt mode" added which overrules noEncryption * [Djigzo] Fix: mail.mime.parameters.strict system property added. This is a workaround for mail created by Apple mac. The Apple mac mailer 'forgets' to quote filenames containing spaces * [Djigzo] Change: SMS Text message now expires in 24 hours if not sent (was 4 hours) * [Djigzo] Change: PDF reply allowed is now false by default * [Djigzo] Change: Default S/MIME encryption algorithm is now 3DES because not all Windows versions support AES * [Djigzo-Web] Improvement: Administrator can see who (user, domain) is using a certificate * [Djigzo-Web] Improvement: Rows per page for the grids can be set using a system property * [Djigzo-Web] Improvement: Certificate and CRL algorithms and more properties can now be viewed * [Djigzo-Web] Improvement: CRL certificate entries (the revoked serial numbers) can be downloaded as a text file * [Djigzo-Web] Change: Password validity interval should now be set in minutes (old settings are converted) * [Djigzo-Web] Change: Some user properties moved to advanced properties * [Djigzo-VM] New: VMware tools can be rebuild from menu * [Djigzo-VM] Improvement: Dialog shown on network configuration error * [Djigzo-VM] Change: Jetty upgraded to 6.1.17 -- Djigzo open source email encryption gateway www.djigzo.com

12 years, 4 months

[Djigzo users] Customer experience

by Scott Chapman

We are currently using Zixit and looking for an alternative. With Zix when a customer is sent an encrypted email they receive a link to a website where they create an account and then see the email. What is the customer experience with Djigzo? Thanks, Scott -- "Rebellion to tyrants is obedience to God." --Thomas Jefferson

12 years, 4 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users June 2009