Hi Martjin,
maybe you can help me with the following issues:
On incoming signed E-Mails, Djigzo puts the CN of the sender's
intermediate CA next to the "X-Djigzo-Info-Signer-ID-0-1"-header.
Shouldn't it be the CN of the sender's user certificate which is displayed?
Same thing happens with the "
X-Djigzo-Info-Encryption-Recipient-0-0"-Header in incoming encrypted
E-Mails.
Is there a way to use the value of the FROM-header instead of the
default CN ("persona non-validated" by default) for automatically
generated certificates?
As long as outgoing emails have their source in my trusted environment,
this would make things easier without representing a security issue.
Is it possible to use end-to-end encryption for specific users, so that
a specific user has it's own private key stored on his client and djigzo
only passes through the encrypted email?
I tried to do so. But as I don't have any CA except Djigzo's built-in
CA, i created the internal user and its certificate with the built-in
CA, exported the key to the client, deleted the user, but Djigzo still
decrypts incoming E-Mail for this user before. Is this a bug or working
as intended?
Kind regards,
Bernhard
Is it permissible to add our company logo to the Login page of the Djigzo
system?
If it is, where/how can this be done? I did not find the "logo.png" file on
the system.
Thanks.
I have Djigzo up and PDF encrypting 'normal' email without any issue ( using
the VM ). When I attach any documents etc. Djigzo throws errors and does not
encrypt the email.
The error I am seeing is:
ERROR Unhandled exception.
(mitm.apllication.djigzo.james.mailets.PDFEncrypt) [Spool Thread #1]
javax.mail.MessagingException: Unable to infer MimeType from contentType:
application/pdf; charset="Windows-1252" name=<the document name is here>
I get the same error when attaching an Office Word .Doc and any other file I
attach.
I would appreciate any guidance anyone could share with me on correcting
this.
Just found Djigzo and am looking at potentially using it as part of a DLP
solution. The way I am envisioning it is this:
DLP detects something that should be encrypted and inserts an X-Header
DLP hands the email off to our MTA, which is configured to route any email
with the X-Header in it to the Djigzo to be encrypted as an encrypted PDF.
ANY email sent to Djigso will be PDF encrypted and sent outbound. We may or
may not allow reply, most likely not.
What would be the best way to accomplish this? Djigzo will not need a
"trigger" as anything it gets should be PDF encrypted and sent out.
We don't want to have to specify senders or recipients... again, everything
will get PDF encrypted.
Is this easy to do? I've read the manuals but did not see any scenarios like
this addressed.
Thanks.
Hello
we have a problem with certificates used by some customers which are
basically valid (certificate and sub CA) but have expired root-CA. We
have deleted the expired root-CA some time ago and now all user
certificates are invalid.
Is it even PKI conform to have sub-CA and certificates with longer
validity than the root-CA?
The problem CA is from
https://www.trustcenter.de/infocenter/root_certificates.htm#1432
The sub-CA is for example
https://www.trustcenter.de/infocenter/root_certificates.htm#2031
Many Thanks
Andreas
hi,
i've got 2 questions:
issue 1:
i set up my evaluation scenario with the following values for my internal
domain as well as gobal settings:
encrypt mode: allow
password - send to originator: true
pdf encryption: true
given the case that i'm sending an email without the trigger in the subject
line from an internal address to an external address, i'd like djigzo to:
- encrypt the email if there is a encryption certificate availabe for the
given external adress
- send the email unencrypted if there is no certificate availabe
pdf encryption shall only be used if there is the trigger in the subject
line but no certificate available. with the settings mentioned above unkown
external addresses receive an encryptet pdf.
in other words: how to automatically encrypt emails if there is a
certificate available and only use pdf encryption if the trigger is used?
issue2:
is there feature to publish crls automatically upen creation or is it
necesarry to copy crls manually (or scripted) to the specified url
distribution point?
many thanks in advance!
kind regards,
bernhard
Hello
today we got the following in the logs for an outgoing mail:
12 Jan 2011 09:32:24 | INFO decryptKeepSignature | MailID:
c1186b0f-e855-4dc9-9077-a5c402f3f97e; Sender: xxxx(a)satzundmedien.de;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
12 Jan 2011 09:32:24 | WARN Don't know how to handle the extracted
content. Class: javax.mail.util.SharedByteArrayInputStream
(mitm.common.mail.BodyPartUtils) [Spool Thread #0]
12 Jan 2011 09:32:24 | ERROR Unhandled RuntimeException.
(mitm.application.djigzo.james.mailets.SMIMEHandler) [Spool Thread #0]
org.apache.commons.lang.NullArgumentException: part must not be null.
at mitm.common.util.Check.notNull(Check.java:45)
at
mitm.common.security.smime.SMIMEInspectorImpl.<init>(SMIMEInspectorImpl.java:60)
at
mitm.common.security.smime.handler.SMIMEHandler.handlePart(SMIMEHandler.java:341)
at
mitm.common.security.smime.handler.RecursiveSMIMEHandler.internalHandlePart(RecursiveSMIMEHandler.java:183)
at
mitm.common.security.smime.handler.RecursiveSMIMEHandler.access$000(RecursiveSMIMEHandler.java:46)
at
mitm.common.security.smime.handler.RecursiveSMIMEHandler$AttachedPartHandler.handlePart(RecursiveSMIMEHandler.java:247)
at
mitm.common.security.smime.handler.AttachedSMIMEHandler.onPart(AttachedSMIMEHandler.java:142)
at
mitm.common.security.smime.handler.AttachedSMIMEHandler.access$000(AttachedSMIMEHandler.java:73)
at
mitm.common.security.smime.handler.AttachedSMIMEHandler$1.onPart(AttachedSMIMEHandler.java:277)
at mitm.common.mail.PartScanner.scanPart(PartScanner.java:135)
at mitm.common.mail.PartScanner.scanPart(PartScanner.java:119)
at mitm.common.mail.PartScanner.scanPart(PartScanner.java:88)
at
mitm.common.security.smime.handler.AttachedSMIMEHandler.handlePart(AttachedSMIMEHandler.java:286)
at
mitm.common.security.smime.handler.RecursiveSMIMEHandler.internalHandlePart(RecursiveSMIMEHandler.java:216)
at
mitm.common.security.smime.handler.RecursiveSMIMEHandler.handlePart(RecursiveSMIMEHandler.java:232)
at
mitm.application.djigzo.james.mailets.SMIMEHandler.handleMessageAction(SMIMEHandler.java:352)
at
mitm.application.djigzo.james.mailets.SMIMEHandler.access$200(SMIMEHandler.java:82)
at
mitm.application.djigzo.james.mailets.SMIMEHandler$1.doAction(SMIMEHandler.java:286)
at
mitm.application.djigzo.james.mailets.SMIMEHandler$1.doAction(SMIMEHandler.java:277)
at
mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:64)
at
mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:112)
at
mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:104)
at
mitm.application.djigzo.james.mailets.SMIMEHandler.serviceMail(SMIMEHandler.java:276)
at
mitm.application.djigzo.james.mailets.AbstractDjigzoMailet.service(AbstractDjigzoMailet.java:239)
at
org.apache.james.transport.LinearProcessor.service(LinearProcessor.java:424)
at
org.apache.james.transport.JamesSpoolManager.process(JamesSpoolManager.java:405)
at
org.apache.james.transport.JamesSpoolManager.run(JamesSpoolManager.java:309)
at java.lang.Thread.run(Thread.java:636)
12 Jan 2011 09:32:24 | INFO postDecrypt | MailID:
c1186b0f-e855-4dc9-9077-a5c402f3f97e; Sender: xxxx(a)satzundmedien.de;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
The mail seems to go out anyway, but i wonder why this happend. The
system has ECC RAM, Ubuntu 8.04 LTS + latest fixes and Djigzo 1.4.0-5
running. No other errors logged for the time of the event.
Many Thanks
Andreas