Users September 2014

users@lists.ciphermail.com

6 participants
10 discussions

by John Campbell

I am having issues getting the portal to work on my setup and working. We are running version 2.8.6. Any suggestions on where to look. Regards, John W Campbell Director of Information Technology Genesis OB/GYN 4881 E. Grant Rd. Tucson, AZ 85712 jcampbell(a)genesisobgyn.net<mailto:jcampbell@genesisobgyn.net> Phone: (520) 989-8099 Fax: (520) 202-0829 Notice: This e-mail message may contain Electronic Protected Health Information and any attachments are strictly confidential and may contain information that is exempt from disclosure under applicable law. Re-disclosure without proper consent or as permitted by law is prohibited. This message is intended for the use of the person/entity to which it is addressed and may contain information that is privileged/confidential. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited and is subject to state/federal law penalties. If you have received this message by error, please notify the sender immediately.

7 years, 9 months

[Djigzo users] New release of the CipherMail gateway

by Martijn Brinkers

A new version of the CipherMail email encryption gateway has been released (2.9.0-0) Release notes: New * Global "Skip calendar messages" property added which will skip encryption and signing if the message is a meeting request (Outlook cannot handle encrypted or signed meeting requests). * PGP sign only is now supported. "Only sign when encrypt" now also works for PGP messages. S/MIME signing is tried before PGP signing, i.e., if a sender has a valid S/MIME signing key, the message will be S/MIME signed. If the sender does not have a valid S/MIME signing key but has a valid PGP signing key, the message will be PGP signed. Signing of PDF encrypted email now also supports PGP signing if a valid PGP signing key is available. * Allow administrator to disable auto decryption. The PGP handler can now be configured to not decrypt incoming email.Disabling PGP decryption requires a change to config.xml [GATEWAY-81]. Improvements/Changes * PGP universal gateway uses non standard encoding for PGP/MIME. The header x-pgp-encoding-format is now used to detect PGP/MIME encoding for messages generated by PGP Universal [GATEWAY-83]. * PDF password only supports ASCII characters. Encrypted properties are now UTF8 encoded instead of ASCII encoded [GATEWAY-82]. * Default Signature algorithm for newly generated certificates is not SHA256 (was SHA1). * BlackBerry add-in handling is not longer enabled by default. The add-in is only for for BB OS 7 and lower using BIS. BB 10 does not use BIS so for BB 10 the add-in is not required. * PGP signatures are now created as a text signature and not as a binary signature. This is a workaround for an Enigmail bug in Enigmail 1.7 (http://sourceforge.net/p/enigmail/bugs/329/). * PGP/MIME encrypted messages now use inline as default disposition. This is similar to how Enigmail sets the disposition and allows Mailvelope to open PGP/MIME encrypted email. * BouncyCastle jar updated to 1.51 * Spring jars updated to 3.2.9 * Web GUI: Spring security jars updated to 3.2.5 * Web GUI: Incorrect logins are now cached for 5 min (was 1 min). * Web GUI: Mobile settings link disabled by default since the BB add-in is no longer enabled by default. * Web GUI: Minor changes to settings page. Some settings were moved to additional settings and vice versa. Some settings were grouped differently. Bug fix * Startup fails if the Linux free command is localized (for example German language). A fallback to /proc/meminfo is added if free does not return the required info [GATEWAY-80]. * PGP/MIME signatures were invalid if a multipart message contained extra newlines at the end of the message. Zimbra mail client added additional empty lines at the end of a multipart message. The additional empty lines are now removed before signing. * Virtual Appliance: The NTP settings cannot be changed. Ubuntu 14.04 uses a different name for ntp server settings [GATEWAY-79]. Upgrade guide can be downloaded from: http://www.ciphermail.com/documents/upgrade-guide.pdf Kind regards, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail

7 years, 9 months

Re: [Djigzo users] Can't login to Login page.

by Rafael Leiva-Ochoa

I found the problem. I am running into this bug: http://www.ciphermail.com/other/additional-release-notes-2.8.6-3.html. How do i backup my DB via the Linux CLI? I looked at the guilds, but I did not find a detailed process. Thanks, Rafael From: "Rafael Leiva-Ochoa" <spawn(a)rloteck.com> To: "users" <users(a)lists.djigzo.com> Sent: Wednesday, September 10, 2014 6:45:37 PM Subject: Can't login to Login page. Hi Everyone, I just upgraded my distro on my Ciphermail VM, but now I am getting this error when I try to login the web interface: Login failed Back-end is not running or not yet fully started up Name Your user name Password required Login Any ideas? Thanks, Rafael

7 years, 9 months

[Djigzo users] Can't login to Login page.

by Rafael Leiva-Ochoa

Hi Everyone, I just upgraded my distro on my Ciphermail VM, but now I am getting this error when I try to login the web interface: Login failed Back-end is not running or not yet fully started up Name Your user name Password required Login Any ideas? Thanks, Rafael

7 years, 9 months

Re: [Djigzo users] Automatic PGP key extraction from incoming mail

by mots

I see your point, thought I still think the feature would be useful mostly because the administrator does not currently get notified when a key is missing. (Or maybe I have missed the option for it in the documentation.) Sending an Email to the administrator with "xx(a)xx.xx sent us a signed Email but we don't have the public key" would be alright, even if it's not as comfortable as automatic downloads & imports. Kind regards and I hope this message will get to the correct place, mots -----Ursprüngliche Nachricht----- Von: Martijn Brinkers <martijn(a)djigzo.com> Gesendet: Mo 08.09.2014 11:37 Betreff: Re: [Djigzo users] Automatic PGP key extraction from incoming mail An: users(a)lists.djigzo.com; > On 09/08/2014 10:59 AM, mots wrote: > > I've seen this feature advertised here: > > http://www.ciphermail.com/gateway.html But I can't find anything > > about how to enable it in the documentation. I've tried sending > > myself the public key for my hotmail address as pub.key and > > pubkey.asc, yet no key was added to Ciphermail. > > > > The key is also on the pool.sks-keyservers.net key servers, yet > > Ciphermail didn't download it automatically when I sent myself a > > signed email. > > > Where can I find the documentation for this feature? The > > administration guide doesn't say anything about it. > > Currently the gateway will only extract a key if the key is attached to > the email as a separate attachment with content type set to > "application/pgp-keys". For example with Enigmail you can select "Attach > My Public Key" when composing a message. This will attach your public > key as an attachment. The gateway will then extract the key. > Currently the gateway will not automatically download a key from a key > server. I'm a little anxious to add that feature since that option can > be used to DOS the gateway by sending a lot of signed messages. The > gateway will then try to download a key from an external server over and > over. The main reason of supporting extracting attached keys is that not > all keys are stored on a key server. If someone send a key by email > which is not on a key server, the key will end up in the mailbox of the > recipient. This recipient is likely not to be the gateway admin and does > not know what to do with it. Also in this case the admin cannot import > the public key because the key is not on a key server and the email with > the key might not be accessible by the gateway admin. Therefore in this > case it might be a good to import the key (which is not enable by > default though). Note that importing a key does not mean the key is > automatically trusted. > > Kind regards, > > Martijn Brinkers > > -- > CipherMail email encryption > > Open source email encryption gateway with support for S/MIME, OpenPGP > and PDF messaging. > > http://www.ciphermail.com > > Twitter: http://twitter.com/CipherMail > _______________________________________________ > Users mailing list > Users(a)lists.djigzo.com > https://lists.djigzo.com/lists/listinfo/users >

7 years, 9 months

[Djigzo users] Automatic PGP key extraction from incoming mail

by mots

Hello, I've seen this feature advertised here: http://www.ciphermail.com/gateway.html But I can't find anything about how to enable it in the documentation. I've tried sending myself the public key for my hotmail address as pub.key and pubkey.asc, yet no key was added to Ciphermail. The key is also on the pool.sks-keyservers.net key servers, yet Ciphermail didn't download it automatically when I sent myself a signed email. Where can I find the documentation for this feature? The administration guide doesn't say anything about it. Best regards, mots

7 years, 10 months

[Djigzo users] PGP signature is always wrong.

by mots

Hello, I've installed Ciphermail and used this patch to enable PGP signatures on all outgoing email. https://lists.djigzo.com/pipermail/users/2014-July/001093.html Now when I send an Email to one of my test accounts at gmail or hotmail, Enigmail (Thunderbird Addon) always reports that the signature is wrong. I don't know if I've misconfigured something, if Ciphermail signs the message wrong, if the mail servers at Google or Microsoft mess with the Email or if Enigmail is broken. I've tried it with keys that were generated using the webinterface of Ciphermail and gpg --gen-key, same result. I've tried both PGP/MIME and PGP/INLINE, both with HTML and plaintext messages, but the result is the same. What's the most likely thing I've done wrong and how should I try to debug this? P.S: Why is the webinterface able to generate keys instantly when the command line tool never has enough entropy available? Kind regards, mots

7 years, 10 months

[Djigzo users] Problems with an imported private key

by Stefan Michael Guenther

Hello, we have created a pair of keys Thunderbird/Enigmail. The private key has been imported into the Ciphermail gateway on the client side, the public key into our Cipermail gateway. When sending an email to the address the keys have been created for, our gateways sends a notification about a successful encryption. But the gateway on the other side isn't able to decrypt the message: 03 Sep 2014 10:22:14 | INFO incoming; MailID: 4feb793b-7f4d-4599-87bb-db6545814423; Recipients: [input(a)xxxx-und-partner.de]; Originator: s.guenther(a)in-put.de; Sender: s.guenther(a)in-put.de; Remote address: 127.0.0.1; Subject: Test e; Message-ID: <zarafa.5406cfad.4b43.1434fa223d3bc646(a)zarafaserver.in-put.de>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] 03 Sep 2014 10:22:14 | INFO Subject filter is disabled for the sender; MailID: 4feb793b-7f4d-4599-87bb-db6545814423; Recipients: [input(a)xxxx-und-partner.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #1] 03 Sep 2014 10:22:14 | INFO To internal recipient(s); MailID: 4feb793b-7f4d-4599-87bb-db6545814423; Recipients: [input(a)xxxx-und-partner.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #1] 03 Sep 2014 10:22:14 | DEBUG next PGP object. level: 0, Type: class org.bouncycastle.openpgp.PGPEncryptedDataList (mitm.common.security.openpgp.PGPHandler) [Spool Thread #1] 03 Sep 2014 10:22:14 | DEBUG PGPPublicKeyEncryptedData with key id 4909844165066620525 (mitm.common.security.openpgp.PGPHandler) [Spool Thread #1] 03 Sep 2014 10:22:14 | WARN PGP decryption key not found; Recipient Key IDs: [442345413151FE6D]; Message-ID: <zarafa.5406cfad.4b43.1434fa223d3bc646(a)zarafaserver.in-put.de> (mitm.common.security.openpgp.PGPMIMEHandler) [Spool Thread #1] 03 Sep 2014 10:22:14 | INFO Message handling is finished. Sending to final recipient(s); MailID: 4feb793b-7f4d-4599-87bb-db6545814423; Recipients: [input(a)xxxx-und-partner.de]; Originator: s.guenther(a)in-put.de; Sender: s.guenther(a)in-put.de; Remote address: 127.0.0.1; Subject: Test e; Message-ID: <zarafa.5406cfad.4b43.1434fa223d3bc646(a)zarafaserver.in-put.de>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] To test our configuration we created another pair of keys, this time on the Ciphermail gateway of the client, with identical settings for the user, except for the email address. With this account it is possible to decrypt an email. Therefore we assume, that there is a problem with the handling of the imported private key. Thanks for any hints and suggestions, Stefan

7 years, 10 months

[Djigzo users] Cipher Mail not decrypting PGP

by James Dasher

I'm having issues getting Cipher Mail to decrypt PGP it's sending on as encrypted. Tried enabling Inline didn't help. Cipher Mail will encrypt outgoing but it won't decrypt incoming. I have public and private keys loaded and trusted for the applicable emails. I have our internal domain set as internal and others set as external. Everything seems to be working minus decrypting incoming. Not sure if I'm missing a setting or what. Suggestions or leads welcome! I can send over logs if helpful. Very sorry if this shows up twice, wasn't sure it went through the first time. -- James Dasher <jdasher(a)pulseresearchers.org<mailto:jdasher@pulseresearchers.org>>

7 years, 10 months

[Djigzo users] Not encrypt based on a specific header?

by James Dasher

Is there a way to tell Cipher Mail to not encrypt based on a specific message header? I'm trying to fix the issue talked about here: http://www.symantec.com/business/support/index?page=content&id=TECH194660 I'm fine with the invites not being encrypted, but need a way to plug a rule in that says if this header: Content-Type: text/calendar; method=REQUEST; charset="utf-8" exists don't encrypt. Thanks! -- James Dasher <jdasher(a)pulseresearchers.org<mailto:jdasher@pulseresearchers.org>>

7 years, 10 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users September 2014