Hi,
we have setup a PGP encryption between one of our customers (using ciphermail) and his tax accountant (using enigmail).
The tax accountant has to send loan reports only as an encrypted email.
We exported the public pgp key of the customer and imported it successfully into enigmail. Did the same with my public key.
The public key of the customer has been in use in our ciphermail installation for at least 4 months.
When the tax accountant sends an email to my address it is encrypted and decrypted.
When the tax account sends an email to the customer it is encrypted but not decrypted:
25 Nov 2015 12:37:53 | INFO incoming; MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxx.com]; Originator: yyyy(a)yyyyy.com; Sender: yyyy(a)yyyyyy.com; Remote address: 217.72.192.zz; Subject: Re: Hurra; Message-ID: <56559D7E.6000204(a)yyyyy.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
25 Nov 2015 12:37:53 | INFO Subject filter is disabled for the sender; MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxx(a)xxxx.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
25 Nov 2015 12:37:53 | INFO To internal recipient(s); MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxx.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
25 Nov 2015 12:37:53 | INFO "add security info" is enabled for the recipient(s); MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxx.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
25 Nov 2015 12:37:54 | INFO Message handling is finished. Sending to final recipient(s); MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxxx.com]; Originator: yyyyy(a)yyyy.com; Sender:yyyy@yyyyy.com; Remote address: 217.72.192.zz; Subject: Re: Hurra; Message-ID: <56559D7E.6000204(a)yyyyyy.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
I have access to the customers emails and I see the encrypted email.
When I send an encrypted email to the customer, the log contains the line
25 Nov 2015 13:21:09 | INFO Message has been PGP decrypted; MailID: 9a6a2080-8a10-4aff-9370-3fab14845438; Recipients: [xxxx(a)xxxxx.com] (mitm.application.djigzo.james.mailets.PGPHandler) [Spool Thread #1]
There is one difference between the two ciphermail installations: Our customer has a user profile for the tax accountant, we do not. I therefore assume, that I made a mistake in the configuration of that profile. But which parameter could prevent an email from beeing decrytped? Why does one ciphermail installation recognize the encryption and the other one not?
Thanks for your help,
Stefan
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey there,
I installed ciphermail on CentOS following the quick install guide
step-by-step. Now when I try to access the Web GUI and login I get the
error:
Back-end is not running or not yet fully started up
I don't really know what exactly that means and a look in the
djigzo.log is more confusing for me.
I attach parts of the djigzo.log, maybe someone has an idea of what's
wrong.
Thank you very much,
Samuel Greiner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJWUtgFAAoJELbC5SgBIHW06/sP/jxuTB+EN1JbTLQPdbuvK3s3
Wu2XET7CRQWD6AhTRyO3VkS8sPqvH9sx/J8Fvt1sZVOFuGvx2PP8R4bpn/FeNLze
QCok/wjJoTt7ovEalOaBuTjyn9NzETz6E8nK7q9KWJOKC7fGF972Usju76uKt29K
KmWqD/9fTAQYVSc6QFm31Yl8NDRRgbqEYUoRY1jGbAMbpB5nvdhpsILyEZoEYQXy
AnyIpphrtFAFsNVPOIMyLaAskwWocWM2/vzBfxcaDG0ebYt4gcymdw3lD5kSgyTE
DyHSlEifc8OcuMswWB+QCbhm/K8kWYYBYvZ5d5QgPNrJWSJ5Miz5ZJJlaBsK6I+c
G/LxIIBv//zKXbKobpdzD2bw7bNCCF4KG0pH5CJLw+a5Aw99cjwJ7kNBky3PMsZ6
je4NOXXDBoJFcoODo9ahOz34Og7mpURlVpcgEIzSQR+JEaCsRLf1bIBtzUSFrxdC
vBGZOKLgubhIFxaOOojU9876NliiG0sQaUCLav9QgHtsFKw6r0CUUONQvRtT+Cmi
OrDCRcJnrnF0vk1YcXUPTeiyVWm79BOMQdPSw50v0ZaI6cV4o8d8C4zVz5DuNZTU
0JJR9b/rE8Pg2sLFV1qpW/LHjr9NDoyUtoqPNe3GypCp5O4OKrvkowH7gYivkflX
fp4ATdVeXnRhpW+43vpr
=c7g3
-----END PGP SIGNATURE-----
Hello,
today we discover a certificate in our Ciphermail certificate store
which is not usable for encryption because of the error "Error
building certPath. Subject distinguished name is not from a permitted
subtree". Indeed there are name constraints in a sub-CA used but i can
not figure out what the actual problem is because it actually should
match the mailadress with is xxxxx(a)ford.com
This is from the upper level issuing CA:
Zugelassen
[1]Unterstrukturen (0..Max):
RFC822-Name=.ach-llc2.com
[2]Unterstrukturen (0..Max):
RFC822-Name=.cotarko.com
[3]Unterstrukturen (0..Max):
RFC822-Name=.european-llp.com
[4]Unterstrukturen (0..Max):
RFC822-Name=.first-aquitaine.com
[5]Unterstrukturen (0..Max):
RFC822-Name=.fmcc.ch
[6]Unterstrukturen (0..Max):
RFC822-Name=.ford-alliance.com
[7]Unterstrukturen (0..Max):
RFC822-Name=.ford.com
[8]Unterstrukturen (0..Max):
RFC822-Name=.fordcredit.com
[9]Unterstrukturen (0..Max):
RFC822-Name=.forsonordic.com
[10]Unterstrukturen (0..Max):
RFC822-Name=.lincoln.com
[11]Unterstrukturen (0..Max):
RFC822-Name=.lincolnafs.com
[12]Unterstrukturen (0..Max):
RFC822-Name=.troydm.com
[13]Unterstrukturen (0..Max):
RFC822-Name=.volvoautobank.de
[14]Unterstrukturen (0..Max):
RFC822-Name=ach-llc2.com
[15]Unterstrukturen (0..Max):
RFC822-Name=cotarko.com
[16]Unterstrukturen (0..Max):
RFC822-Name=european-llp.com
[17]Unterstrukturen (0..Max):
RFC822-Name=first-aquitaine.com
[18]Unterstrukturen (0..Max):
RFC822-Name=fmcc.ch
[19]Unterstrukturen (0..Max):
RFC822-Name=ford-alliance.com
[20]Unterstrukturen (0..Max):
RFC822-Name=ford.com
[21]Unterstrukturen (0..Max):
RFC822-Name=fordcredit.com
[22]Unterstrukturen (0..Max):
RFC822-Name=forsonordic.com
[23]Unterstrukturen (0..Max):
RFC822-Name=lincoln.com
[24]Unterstrukturen (0..Max):
RFC822-Name=lincolnafs.com
[25]Unterstrukturen (0..Max):
RFC822-Name=troydm.com
[26]Unterstrukturen (0..Max):
RFC822-Name=volvoautobank.de
[27]Unterstrukturen (0..Max):
DNS-Name=ford.com
[28]Unterstrukturen (0..Max):
Verzeichnisadresse:
S=Michigan
L=Dearborn
O=Ford Motor Company
C=US
[29]Unterstrukturen (0..Max):
Verzeichnisadresse:
DC=ford
DC=com
Ausgeschlossen
[1]Unterstrukturen (0..Max):
IP-Adresse=0.0.0.0
Maske=0.0.0.0
[2]Unterstrukturen (0..Max):
IP-Adresse=0000:0000:0000:0000:0000:0000:0000:0000
Mask=0000:0000:0000:0000:0000:0000:0000:0000
Any idea what could be wrong here?
Thanks
Andreas
Good afternoon,
I've the following problem:
An external user is configured for mandatory encryption (to receive only
encrypted emails).
We have different users in our organization he wants to communicate
with, some of them encrypted, some unencrypted (unencrypted only in
incoming direction!). If that external user send's an unencrypted email
to one of our internal users, that email get blocked with an error
"The message with Subject
<Subject>
has not been sent to the following recipients because the message could
not be encrypted"
According to the documentation, the locality should determine the
direction of encryption, it seems that this doe not work as intended.
Is there any configuration setting to prevent that ?
regards
Christian
Hi,
> The MPA log should provide more information why OTP mode was not used.
> OTP mode should be enabled for sender *and* recipient. If for example
> OTP mode is not enabled for the recipient (or sender), the MPA log
> should contain a line telling that OTP mode was not enabled (for
> recipient and/or sender). Can you check whether the MPA log provides
> more information?
>
it was the OTP setting in the sender profile.
Thanks,
Stefan
Hi,
I would like to seperate ciphermail from mailserver via docker, one
container with postfix/dovecot and one container with
ciphermail/ciphermailWebClient.
How do I config postfix and ciphermail?
I changed main.cf to:
content_filter = djigzo:[ip_of_ciphermailContainer]:10025
I think this was the easy part, but how to setup master.cf at this
point:
djigzo unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=
127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,
no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8
And how to tell ciphermail at which ip to find postfix and must
ciphermail setup to accepte connections not coming from localhost?
Thank you.
-------------
Best Regards,
Lars
Hi,
> I'm not sure whether I understand your requirements. An email with a
> link to the portal page is always an email with an encrypted PDF (when
> OTP mode is used). The user has to login to the portal to retrieve the
> password for the PDF, hence the link to the portal.
>
well the recipient gets an email with the attached pdf.
It is encrypted with the static password, assigned in the user profile.
When I remove the password and OTP is activated, the messages will not be encrypted.
Kind regards,
Stefan
Hi,
which are the mandatory settings in a user profile, so that the user doesn't get an encrypted PDF, but an email with the link to the portal page?
In the the user profile we have enabled the portal and the portal URL has been defined, too.
OTP is enabled.
Thanks for any hint.
Kind regards,
Stefan