I want to run multiple Djigzo instances on one server with one Postfix installation. What I did so far is the following:
- Copied the Djigzo files in one folder for each instance
- Created one database for each instance
- Configured each instance to use its database in the hibernate.cfg.xml
- Configured an individual SOAP port for each instance
- Deployed the backend for each Djigzo instance (this was a bit tricky, because I had to modify djigzo-web to allow overruling some configuration values via the Tomcat context (feel free to contact me to hand over you the sources) because each instance has to use an own SOAP port)
- Added the content filter pipe to Postfix's master.cf for each instance
- Added the inet TCP socket for each instance in master.cf
- Created one init script for each instance
This setup works so far, but I'm unsure if I've forgotten something or some other things will interfere. I am aware of the fact I cannot use Djigzo-Web to configure Postfix anymore or to view the logs, does anyone see other limitations?
Is there a documented way, how to chroot Djigzo?
today i found some certificate in our Djigzo store with key usage =
nonRepudiation. I have grabed the matching root CA but this
certificate is still marked as invalid so the quetsion is if this is
because of the exclusive use of nonRepudiation and what this
certificate should be used for anyway??
i'm trying to set up header interpretation rules for MS exchange. But
i've got the problem that i can define regular expressions for the
value of the header but not for the name of the header itself.
In my test cases i always had
(same thing with the "Verified" header).
Are there any other numbering combinations (1-0, 0-2, ...) that can
occur for the *-Signer* header?
Regarding the headers for the encryption:
Is the existence a header with the name
X-Djigzo-Info-Encryption-Algorithm-0: and any value sufficient to
notify the user that the message was encrypted? And is it possible
that the name of the header contains any other numbers than 0?
Many thanks in advance!
i've got problems to find out the alliance partner name (AP) in order
to set up the request handler for comodo. I called comodo support in
order to get to know the AP name, they told that I've got to sign up
as a reseller in order to get a AP name. Is this necessary or is there
any other AP name i can use?
is it possible to *overrule* settings made in james/config.xml like
"deliveryThreads" in the smtp_transport_config.xml file? The settings
for gateway and gatewayPort are commented out in config.xml so i'm not
sure if overrule works also.
Zitat von Manuel Faux <Manuel.Faux(a)securesolutions.at>:
> I don't want to change any configuration, I only referenced the
> default configuration described in the installation guide and used
> in the appliance. Postfix is told by content_filter =
> djigzo:127.0.0.1:10025 to queue mails through 127.0.0.1:10025 which
> is James. The string "djigzo" represents the transport defined in
> the master.cf:
> djigzo unix - - n - 4
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
> -o smtp_generic_maps=
> This is the UNIX socket I've referenced. What does is do?
This is a "clone" of smtp (sending) with special override parameters
(-o ...) and in this case the "unix" is for communication with the
Postfix master process and qmgr/cleanup, not for the sending part
which is TCP/IP for "smtp" client.
I do not really understand how Postfix routes the mail to Djigzo via the UNIX socket and the TCP port 10025. I understand that James listens to port 10025 and Postfix will deliver the mails to this port (as a content filter), Djigzo reinjects the mails back to the Postfix queue by passing them to smtpd on port 10026. Is this correct? What exactly does the UNIX socket do?
I want to use the PDF reply function, but no generated PDF contains the "reply" link. What do I have to configure, to enable this feature? I have enabled the "Reply allowed" feature globally (domains and users are inheriting this). I have also set the "Reply URL", the "Validitiy interval", and the "Reply sender", but no PDF contains the reply link.
Yesterday it was discovered that Java contains a floating point bug that
can be exploited to crash a system:
The denial of service (DOS) can be triggered when the Java Virtual
Machine needs to convert a certain large number from a string
representation to a number.
It appears that Tomcat (a widely used Java web server) is vulnerable. If
a certain HTTP request is sent to Tomcat, the thread that handles the
HTTP request gets stuck in an endless loop which can lead to a denial of
service (DOS) if multiple requests are sent.
Because Djigzo uses Tomcat for the Web GUI, this Java bug effects Djigzo
as well. If your Djigzo server is externally accessible, i.e., from
outside your firewall, attackers might cause Tomcat to hang.
Ubuntu will probably release a patched JVM within a couple of days. For
those who can't wait for this, I have a Java patch available which you
can install. Please contact me directly if you need the patch.
For more information about the problem see:
Oracle has issued an emergency patch and will release an official patch
next week. Ubuntu will probably have a patch ready next week.
To sum up:
If your Djigzo server is externally accessible, it is vulnerable to a
Java bug which might result in the Web GUI to hang. This Java bug
impacts most systems using Java.
Djigzo open source email encryption