Dear users of Djigzo,
First of all I want to say I love your product! Like the subject of my
post suggests, I want to reject all mail that's not encrypted. I know
there has been a discussion on this maillinglist regarding the
usefulness of this measure, but we have a special environment in which
rejecting unencrypted messages is a "must have". I know I should add a
matcher to the james/config.xml, but I cannot define the right matcher.
Could someone help me defining the right matcher for rejecting all non
encrypted mail? Thank you in advance!
Kind regards,
Ralf Bardoel
root@netsys-m9 ~]# bucardo_ctl add sync netsys_m9_v6 source=netsys_m9 targetdb=netsys_v6 type=swap --verbose
NOTICE: Issuing rollback() due to DESTROY without explicit disconnect() of DBD::Pg::db handle dbname=netsys;host=netsys-m9;port=5432 at line 29.
CONTEXT: SQL function "validate_sync" statement 1
SQL statement "SELECT validate_sync('netsys_m9_v6')"
Failed to add sync: DBD::Pg::st execute failed: ERROR: error from Perl trigger function: error from Perl function: Table "public.certificates_email" must specify a primary key when using a sync of 'swap' at line 263. at line 30. at /usr/bin/bucardo_ctl line 3362.
FIX conf/djigzo.sql
alter table certificates_email add primary key (certificates_id);
alter table mail_repository_recipients add primary key (id);
alter table userpreferences_named_certificates add primary key (userpreferences_id);
[root@netsys-m9 ~]# bucardo_ctl add sync netsys_m9_v6 source=netsys_m9 targetdb=netsys_v6 type=swap --verbose
Added sync "netsys_m9_v6"
Hello,
I have an existing PKI outside of Djigzo. So I've created a Sub-CA and imported this CA incl. SKs into Djigzo. As far I understood the documentation, Djigzo does not support CRL-Generation, but the Documentation recommends using a full-blown CA like EJBCA instead.
Has anyone ever used Djigzo in such a scenario? What is the recommended way to issue and to revoke certificates? I came up with the idea about writing an additional RequestHandler, which uses the EJBCA-API to issue the certificates, but is this necessary?
Kind regards,
Manuel Faux
Hello
today i got a mail fro a well known German Trustcenter with a invalid
signature warning (content altered). A former mail to an other account
from the same Trustcenter was valid. On inspection it looks like
someone altered the encoding because the valid mail has
"Content-Transfer-Encoding: 8bit" and the broken one
"Content-Transfer-Encoding: quoted-printable". As far as i know a SMTP
server should only pass 8bit if the remote site announces 8BITMIME, so
i suspect this is the trouble maker because neither Djigzo nor our
Virus scan announces 8BITMIME :-(
Any comments on this?
Regards
Andreas
Hi,
I want to run multiple Djigzo instances on one server with one Postfix installation. What I did so far is the following:
- Copied the Djigzo files in one folder for each instance
- Created one database for each instance
- Configured each instance to use its database in the hibernate.cfg.xml
- Configured an individual SOAP port for each instance
- Deployed the backend for each Djigzo instance (this was a bit tricky, because I had to modify djigzo-web to allow overruling some configuration values via the Tomcat context (feel free to contact me to hand over you the sources) because each instance has to use an own SOAP port)
- Added the content filter pipe to Postfix's master.cf for each instance
- Added the inet TCP socket for each instance in master.cf
- Created one init script for each instance
This setup works so far, but I'm unsure if I've forgotten something or some other things will interfere. I am aware of the fact I cannot use Djigzo-Web to configure Postfix anymore or to view the logs, does anyone see other limitations?
Is there a documented way, how to chroot Djigzo?
Kind Regards,
Manuel Faux
I tried to upgrade a working install of Djigzo 1.4.1 to Djigzo 2.0.1 on
CentOS 5.5, with the following steps:
1) downloaded djigzo-2.0.1-0.noarch.rpm and djigzo-web-2.0.1-0.noarch.rpm.
2) yum upgrade djigzo-*
3) chown tomcat:djigzo /usr/share/djigzo-web/ssl/sslCertificate.p12
4) service tomcat5 restart
Lots of errors during installation (should have redirected stdout to a
file!)
The installation completed, and yum indicates Djigzo 2.0.1 is installed.
If I try to login the web application, I see:
Login failed
Back-end is not running or not yet fully started up
...yes, I've waited...and waited.
When restarting tomcat, I see:
Stopping tomcat5: [ OK ]
Starting tomcat5: /usr/bin/rebuild-jar-repository: error: Could not find jaf
Java extension for this JVM
/usr/bin/rebuild-jar-repository: error: Some detected jars were not found
for this jvm
[ OK ]
In /var/log/djigzo.log:
Launching a JVM...
java version "1.6.0_17"
OpenJDK Runtime Environment (IcedTea6 1.7.5) (rhel-1.16.b17.el5-x86_64)
OpenJDK 64-Bit Server VM (build 14.0-b16, mixed mode)
WrapperManager: Initializing...
Phoenix 4.2
There was an uncaught exception:
---------------------------------------------------------
--- Message ---
Unknown resource. Bundle:
'org.apache.avalon.phoenix.components.classloader.Resources' Key:
'bad-classpath-entry' Args:
'file:/usr/share/djigzo/james-2.3.1/apps/james/SAR-INF/lib/activation.jar'
Reason: java.util.MissingResourceException: Can't find resource for bundle
java.util.PropertyResourceBundle, key bad-classpath-entry
--- Stack Trace ---
org.apache.avalon.phoenix.interfaces.DeploymentException: Unknown resource.
Bundle: 'org.apache.avalon.phoenix.components.classloader.Resources' Key:
'bad-classpath-entry' Args:
'file:/usr/share/djigzo/james-2.3.1/apps/james/SAR-INF/lib/activation.jar'
Reason: java.util.MissingResourceException: Can't find resource for bundle
java.util.PropertyResourceBundle, key bad-classpath-entry
In case it's helpful, you can see /var/log/tomcat5/catalina.out at
http://pastebin.com/JqCMdz61
Thank you,
Ron