Users July 2011

users@lists.ciphermail.com

6 participants
17 discussions

by Claudio Bazan

Hi Martijn, Thanks for the quick response, now I get to read the smime-setup-guide.pdf found on the website of djigzo, if I reach in doubt about how to configure it'll be bothering you again. -- Kindest Regards Claudio.

10 years

[Djigzo users] Updated release candidate available (2.1.1-1)

by Martijn Brinkers

Hi, A new release candidate is available containing a couple of changes compared to the previous release candidate dated 27-07-2011. The difference between this release candidate (2.1.1-1) and the previous release candidate (2.1.1-0): * The raw log file was not correctly filtered when a filter was set * Djigzo has the capability of adding certain headers to the signed and or encrypted inner MIME part. This can be used to protect certain headers (for example the subject). However there are some S/MIME gateways that cannot handle S/MIME messages with headers within inner MIME parts (for example Antigen). Because interoperability is important, the subject header protection has been disabled by default (GATEWAY-31). * A new S/MIME advanced setting "Add user" is added which can be used to specify whether a user should be added when a certificate is available for a recipient. http://www.djigzo.com/beta.html Full release notes: New * Advanced S/MIME setting "Always use freshest signing certificate" added. If checked, every time the sender needs to sign a message, the most recent (i.e., the latest "not before" date) signing certificate will be used (GATEWAY-14). * Advanced PDF setting "Only encrypt if mandatory" added (GATEWAY-22). If checked, PDF encryption will only be activated if encryption is mandatory. * DLP setting "Quarantine on failed encryption" added. If checked and encryption is mandatory and a message cannot be encrypted, the message will be quarantined and not "bounced". Note: this required minor changes to the "DLP quarantine" template. * Quarantined emails can now be "released as-is". When a quarantined email is released as-is, no further processing of the email is done and the email is immediately delivered. * The admin can now specify how many rows the grid should show per page (users, certificates, MTA queue) (GATEWAY-23) * The admin can now filter for specific email in the MTA queue. * The MTA logs are now by default shown in "raw" format (i.e., in exact same order as the log file). To view the MTA logs grouped on queue ID (the old behavior), the admin should select "Grouped". * If a certificate chain is valid, the issuer of the certificate in the certificate view can be clicked to open the issuer certificate view. Improvements * The BlackBerry and mobile settings are moved to a specialized mobile settings page. New role ROLE_MOBILE_MANAGER added. * Some settings are moved to advanced settings. * New charsets can be added to the PDF encryption module (should be enabled from the command line) to support charsets not supported "out of the box" by Acrobat reader. For example certain Turkish characters are not supported "out of the box" by Acrobat reader (GATEWAY-20) * If a certificate was available for a recipient, a user object was always created for that recipient. The user is no longer added by default. A new S/MIME advanced setting "Add user" is added which can be used to specify whether a user should be added when a certificate is available for a recipient. * Djigzo has the capability of adding certain headers to the signed and or encrypted inner MIME part. This can be used to protect certain headers (for example the subject). However there are some S/MIME gateways that cannot handle S/MIME messages with headers within inner MIME parts (for example Antigen). Because interoperability is important, the subject header protection has been disabled by default (GATEWAY-31). Bug fix * With S/MIME "strict mode" enabled, S/MIME messages were only handled by the S/MIME handler if the recipient had a valid certificate with private key. If a digitally signed message was received for a recipient not having a private key, the certificates were not extracted from the message and the signature was not removed when "Remove signature" was enabled for that recipient. The message is now always handled by the S/MIME handler. (GATEWAY-27) * Under certain special conditions, the base64 encoder of Javamail sometimes created lines with more than 76 characters (only a few characters extra). OpenSSL (which is used by some S/MIME gateways) cannot handle base64 encoded parts containing lines longer than 76 characters. Javamail has been updated (GATEWAY-29) If no "show stoppers" are found within the next two weeks, it will be released as the new stable version. Kind regards, Martijn Brinkers -- Djigzo open source email encryption

10 years, 2 months

[Djigzo users] Problem with protected header

by lst_hoe02＠kwsoft.de

Hello we have a problem with a remote destination ditching encrypted mail because of the header included by Djigzo. They claim that according to RFC 3851 the S/MIME part must not include RFC822 headers. From what i read in RFC 5751 section 3.1 there is a standard format to protect headers. Is this special format used by Djigzo or is the remote side right at claiming not standard conform S/MIME ? Many Thanks Andreas

10 years, 2 months

[Djigzo users] Release candidate 2.1.1 available

by Martijn Brinkers

Hi, A new Djigzo Gateway release candidate (2.1.1) is available. http://www.djigzo.com/beta.html Release notes: New * Advanced S/MIME setting "Always use freshest signing certificate" added. If checked, every time the sender needs to sign a message, the most recent (i.e., the latest "not before" date) signing certificate will be used (GATEWAY-14). * Advanced PDF setting "Only encrypt if mandatory" added (GATEWAY-22). If checked, PDF encryption will only be activated if encryption is mandatory. * DLP setting "Quarantine on failed encryption" added. If checked and encryption is mandatory and a message cannot be encrypted, the message will be quarantined and not "bounced". Note: this required minor changes to the "DLP quarantine" template. * Quarantined emails can now be "released as-is". When a quarantined email is released as-is, no further processing of the email is done and the email is immediately delivered. * The admin can now specify how many rows the grid should show per page (users, certificates, MTA queue) (GATEWAY-23) * The admin can now filter for specific email in the MTA queue. * The MTA logs are now by default shown in "raw" format (i.e., in exact same order as the log file). To view the MTA logs grouped on queue ID (the old behavior), the admin should select "Grouped". * If a certificate chain is valid, the issuer of the certificate in the certificate view can be clicked to open the issuer certificate view. Improvements * The BlackBerry and mobile settings are moved to a specialized mobile settings page. New role ROLE_MOBILE_MANAGER added. * Some settings are moved to advanced settings. * New charsets can be added to the PDF encryption module (should be enabled from the command line) to support charsets not supported "out of the box" by Acrobat reader. For example certain Turkish characters are not supported "out of the box" by Acrobat reader (GATEWAY-20) * If a certificate was available for a recipient, a user object was always created for that recipient. The user is no longer added by default. Bug fix * With S/MIME "strict mode" enabled, S/MIME messages were only handled by the S/MIME handler if the recipient had a valid certificate with private key. If a digitally signed message was received for a recipient not having a private key, the certificates were not extracted from the message and the signature was not removed when "Remove signature" was enabled for that recipient. The message is now always handled by the S/MIME handler. (GATEWAY-27) * Under certain special conditions, the base64 encoder of Javamail sometimes created lines with more than 76 characters (only a few characters extra). OpenSSL (which is used by some S/MIME gateways) cannot handle base64 encoded parts containing lines longer than 76 characters. Javamail has been updated (GATEWAY-29) This release has been extensively tested. If no "show stoppers" are found within the next two weeks, it will be released as the new stable version. Kind regards, Martijn Brinkers -- Djigzo open source email encryption

10 years, 2 months

Re: [Djigzo users] LDAP search for certificates

by Marek Kreul

As LDAP search for certificates is currently not yet available in djigzo, I thought about implementing a workaround for me to have at least the certificates for my "well known" usergroup always up-to-date. In my case, a simple bash script would connect to the djigzo database and read the list of users that are currently configured. It would then conduct an ldap search using each users email address to receive the current certificate of that user. The users certificate in the database would be deleted, and the new certificate retrieved from LDAP will be imported. Would that be possible, and which steps would be necessary to import the certificate into the database using psql? Marek -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! Jetzt informieren: http://www.gmx.net/de/go/freephone

10 years, 2 months

[Djigzo users] Encryption: yes, signing: no. But why?

by Stefan-Michael Guenther

Hi, for whatever reason, our Djigzo installation does not sign emails. I have create a new email address michael.guenther(a)in-put.de, added it as a new internal user, created and assigned a certificate for encryption and signing. The certificate for signing has not expired, it is valid not before Jul 18, 2011 and not after Jul 17, 2016. The key Usage ist "keyEncipherment, digitalSignature", the extended Key usage is "emailProtection, clientAuth". And of course the system has the current time. In the user settings I have selected "Only sign when encrypt (deactived, do not inherit). Did I miss something? Thanks for any hints/help, Stefan

10 years, 2 months

[Djigzo users] Autmatic backup as a cronjob?

by Stefan-Michael Guenther

Hi, we all know, that a manual backup by using the Backup manager isn't the most reliable backup solution. Is it possible to backup all necessary files and directories with a script called by a cronjob? Bye, Stefan

10 years, 2 months

[Djigzo users] Configuration question regarding postfix and djigzo

by Stefan-Michael Guenther

Hello, we have installed the groupware Zarafa (together with Postfix) on a Ubuntu 10.04 System. Zarafa has its own user management, therefore postfix doesn't know anything about the users it should deliver mail for, but it works. We have now integrated djigzo into the mail flow. The interesting thing now is, that whenI send an email from the command line, the mail will be delivered. When I use fetchmail to poll a mail and forward it to the same user, postfix tells me, that this user doesn't exist. This was possible before adding the djigzo configuration. My question now is: How does the djigzo configuration change the configuration of postfix, so that postfix wants to check the user? Or the other way round: How do I tell postfix to just forward the email to a local transport (in this case it is mailbox_transport = zarafa)? Thanks for any suggstions or hints, Stefan

10 years, 2 months

[Djigzo users] PDF Password format

by bruceq

Hi, My evaluation is going well but Ive just had an issue raised by our compliance people re the format of the the pdf passwords. Ive got the length and expire time set fine and assume that as the passwords are auto generated its not likely to repeat them, but can you force upper/lower character mix and use of special characters as well (£$%&*@#? etc )? Thanks Bruce

10 years, 3 months

Re: [Djigzo users] DLP with encrypted PDF

by Vladimir Strezhnev

As an afterthought. The only inconvenience of "must encrypt" DLP option in our particular case is that employees often would prefer to remove forbidden pattern from the message and resend it un-encrypted rather then encrypted. This option is not available with automatic encryption.

10 years, 3 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users July 2011