Users January 2011

users@lists.ciphermail.com

4 participants
7 discussions

[Djigzo users] header information, ca settings and end-to-end encryption

by Bernhard Heinzle

Hi Martjin, maybe you can help me with the following issues: On incoming signed E-Mails, Djigzo puts the CN of the sender's intermediate CA next to the "X-Djigzo-Info-Signer-ID-0-1"-header. Shouldn't it be the CN of the sender's user certificate which is displayed? Same thing happens with the " X-Djigzo-Info-Encryption-Recipient-0-0"-Header in incoming encrypted E-Mails. Is there a way to use the value of the FROM-header instead of the default CN ("persona non-validated" by default) for automatically generated certificates? As long as outgoing emails have their source in my trusted environment, this would make things easier without representing a security issue. Is it possible to use end-to-end encryption for specific users, so that a specific user has it's own private key stored on his client and djigzo only passes through the encrypted email? I tried to do so. But as I don't have any CA except Djigzo's built-in CA, i created the internal user and its certificate with the built-in CA, exported the key to the client, deleted the user, but Djigzo still decrypts incoming E-Mail for this user before. Is this a bug or working as intended? Kind regards, Bernhard

10 years, 8 months

[Djigzo users] Adding Company Logo

by Chuck Wagon

Is it permissible to add our company logo to the Login page of the Djigzo system? If it is, where/how can this be done? I did not find the "logo.png" file on the system. Thanks.

10 years, 8 months

[Djigzo users] Errors on encrypting

by Chuck Wagon

I have Djigzo up and PDF encrypting 'normal' email without any issue ( using the VM ). When I attach any documents etc. Djigzo throws errors and does not encrypt the email. The error I am seeing is: ERROR Unhandled exception. (mitm.apllication.djigzo.james.mailets.PDFEncrypt) [Spool Thread #1] javax.mail.MessagingException: Unable to infer MimeType from contentType: application/pdf; charset="Windows-1252" name=<the document name is here> I get the same error when attaching an Office Word .Doc and any other file I attach. I would appreciate any guidance anyone could share with me on correcting this.

10 years, 8 months

[Djigzo users] Question on use with DLP

by Chuck Wagon

Just found Djigzo and am looking at potentially using it as part of a DLP solution. The way I am envisioning it is this: DLP detects something that should be encrypted and inserts an X-Header DLP hands the email off to our MTA, which is configured to route any email with the X-Header in it to the Djigzo to be encrypted as an encrypted PDF. ANY email sent to Djigso will be PDF encrypted and sent outbound. We may or may not allow reply, most likely not. What would be the best way to accomplish this? Djigzo will not need a "trigger" as anything it gets should be PDF encrypted and sent out. We don't want to have to specify senders or recipients... again, everything will get PDF encrypted. Is this easy to do? I've read the manuals but did not see any scenarios like this addressed. Thanks.

10 years, 8 months

[Djigzo users] Expired CA root with valid sub CA

by lst_hoe02＠kwsoft.de

Hello we have a problem with certificates used by some customers which are basically valid (certificate and sub CA) but have expired root-CA. We have deleted the expired root-CA some time ago and now all user certificates are invalid. Is it even PKI conform to have sub-CA and certificates with longer validity than the root-CA? The problem CA is from https://www.trustcenter.de/infocenter/root_certificates.htm#1432 The sub-CA is for example https://www.trustcenter.de/infocenter/root_certificates.htm#2031 Many Thanks Andreas

10 years, 9 months

[Djigzo users] 2 questions on encrypt mode and crl distribution

by Bernhard Heinzle

hi, i've got 2 questions: issue 1: i set up my evaluation scenario with the following values for my internal domain as well as gobal settings: encrypt mode: allow password - send to originator: true pdf encryption: true given the case that i'm sending an email without the trigger in the subject line from an internal address to an external address, i'd like djigzo to: - encrypt the email if there is a encryption certificate availabe for the given external adress - send the email unencrypted if there is no certificate availabe pdf encryption shall only be used if there is the trigger in the subject line but no certificate available. with the settings mentioned above unkown external addresses receive an encryptet pdf. in other words: how to automatically encrypt emails if there is a certificate available and only use pdf encryption if the trigger is used? issue2: is there feature to publish crls automatically upen creation or is it necesarry to copy crls manually (or scripted) to the specified url distribution point? many thanks in advance! kind regards, bernhard

10 years, 9 months

[Djigzo users] Unhandled RuntimeException with Djigzo 1.4.0-5

by lst_hoe02＠kwsoft.de

Hello today we got the following in the logs for an outgoing mail: 12 Jan 2011 09:32:24 | INFO decryptKeepSignature | MailID: c1186b0f-e855-4dc9-9077-a5c402f3f97e; Sender: xxxx(a)satzundmedien.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] 12 Jan 2011 09:32:24 | WARN Don't know how to handle the extracted content. Class: javax.mail.util.SharedByteArrayInputStream (mitm.common.mail.BodyPartUtils) [Spool Thread #0] 12 Jan 2011 09:32:24 | ERROR Unhandled RuntimeException. (mitm.application.djigzo.james.mailets.SMIMEHandler) [Spool Thread #0] org.apache.commons.lang.NullArgumentException: part must not be null. at mitm.common.util.Check.notNull(Check.java:45) at mitm.common.security.smime.SMIMEInspectorImpl.<init>(SMIMEInspectorImpl.java:60) at mitm.common.security.smime.handler.SMIMEHandler.handlePart(SMIMEHandler.java:341) at mitm.common.security.smime.handler.RecursiveSMIMEHandler.internalHandlePart(RecursiveSMIMEHandler.java:183) at mitm.common.security.smime.handler.RecursiveSMIMEHandler.access$000(RecursiveSMIMEHandler.java:46) at mitm.common.security.smime.handler.RecursiveSMIMEHandler$AttachedPartHandler.handlePart(RecursiveSMIMEHandler.java:247) at mitm.common.security.smime.handler.AttachedSMIMEHandler.onPart(AttachedSMIMEHandler.java:142) at mitm.common.security.smime.handler.AttachedSMIMEHandler.access$000(AttachedSMIMEHandler.java:73) at mitm.common.security.smime.handler.AttachedSMIMEHandler$1.onPart(AttachedSMIMEHandler.java:277) at mitm.common.mail.PartScanner.scanPart(PartScanner.java:135) at mitm.common.mail.PartScanner.scanPart(PartScanner.java:119) at mitm.common.mail.PartScanner.scanPart(PartScanner.java:88) at mitm.common.security.smime.handler.AttachedSMIMEHandler.handlePart(AttachedSMIMEHandler.java:286) at mitm.common.security.smime.handler.RecursiveSMIMEHandler.internalHandlePart(RecursiveSMIMEHandler.java:216) at mitm.common.security.smime.handler.RecursiveSMIMEHandler.handlePart(RecursiveSMIMEHandler.java:232) at mitm.application.djigzo.james.mailets.SMIMEHandler.handleMessageAction(SMIMEHandler.java:352) at mitm.application.djigzo.james.mailets.SMIMEHandler.access$200(SMIMEHandler.java:82) at mitm.application.djigzo.james.mailets.SMIMEHandler$1.doAction(SMIMEHandler.java:286) at mitm.application.djigzo.james.mailets.SMIMEHandler$1.doAction(SMIMEHandler.java:277) at mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:64) at mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:112) at mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:104) at mitm.application.djigzo.james.mailets.SMIMEHandler.serviceMail(SMIMEHandler.java:276) at mitm.application.djigzo.james.mailets.AbstractDjigzoMailet.service(AbstractDjigzoMailet.java:239) at org.apache.james.transport.LinearProcessor.service(LinearProcessor.java:424) at org.apache.james.transport.JamesSpoolManager.process(JamesSpoolManager.java:405) at org.apache.james.transport.JamesSpoolManager.run(JamesSpoolManager.java:309) at java.lang.Thread.run(Thread.java:636) 12 Jan 2011 09:32:24 | INFO postDecrypt | MailID: c1186b0f-e855-4dc9-9077-a5c402f3f97e; Sender: xxxx(a)satzundmedien.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] The mail seems to go out anyway, but i wonder why this happend. The system has ECC RAM, Ubuntu 8.04 LTS + latest fixes and Djigzo 1.4.0-5 running. No other errors logged for the time of the event. Many Thanks Andreas

10 years, 9 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users January 2011