Users November 2015

users@lists.ciphermail.com

8 participants
9 discussions

by Django

Hello, I was few weeks absend here on this list. I'll ask 'bout the last stable version with MariaDB/MySQL support? ttyl Django -- "Bonnie & Clyde der Postmaster-Szene!" approved by Postfix-God http://wetterstation-pliening.info http://dokuwiki.nausch.org http://wiki.piratenpartei.de/Benutzer:Django

6 years, 5 months

[Djigzo users] Email not being recognized as PGP encrypted

by Stefan Michael Guenther

Hi, we have setup a PGP encryption between one of our customers (using ciphermail) and his tax accountant (using enigmail). The tax accountant has to send loan reports only as an encrypted email. We exported the public pgp key of the customer and imported it successfully into enigmail. Did the same with my public key. The public key of the customer has been in use in our ciphermail installation for at least 4 months. When the tax accountant sends an email to my address it is encrypted and decrypted. When the tax account sends an email to the customer it is encrypted but not decrypted: 25 Nov 2015 12:37:53 | INFO incoming; MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxx.com]; Originator: yyyy(a)yyyyy.com; Sender: yyyy(a)yyyyyy.com; Remote address: 217.72.192.zz; Subject: Re: Hurra; Message-ID: <56559D7E.6000204(a)yyyyy.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] 25 Nov 2015 12:37:53 | INFO Subject filter is disabled for the sender; MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxx(a)xxxx.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 25 Nov 2015 12:37:53 | INFO To internal recipient(s); MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxx.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 25 Nov 2015 12:37:53 | INFO "add security info" is enabled for the recipient(s); MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxx.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 25 Nov 2015 12:37:54 | INFO Message handling is finished. Sending to final recipient(s); MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxxx.com]; Originator: yyyyy(a)yyyy.com; Sender:yyyy@yyyyy.com; Remote address: 217.72.192.zz; Subject: Re: Hurra; Message-ID: <56559D7E.6000204(a)yyyyyy.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] I have access to the customers emails and I see the encrypted email. When I send an encrypted email to the customer, the log contains the line 25 Nov 2015 13:21:09 | INFO Message has been PGP decrypted; MailID: 9a6a2080-8a10-4aff-9370-3fab14845438; Recipients: [xxxx(a)xxxxx.com] (mitm.application.djigzo.james.mailets.PGPHandler) [Spool Thread #1] There is one difference between the two ciphermail installations: Our customer has a user profile for the tax accountant, we do not. I therefore assume, that I made a mistake in the configuration of that profile. But which parameter could prevent an email from beeing decrytped? Why does one ciphermail installation recognize the encryption and the other one not? Thanks for your help, Stefan

6 years, 7 months

[Djigzo users] Back-end is not running or not yet fully started up

by Samuel Greiner

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey there, I installed ciphermail on CentOS following the quick install guide step-by-step. Now when I try to access the Web GUI and login I get the error: Back-end is not running or not yet fully started up I don't really know what exactly that means and a look in the djigzo.log is more confusing for me. I attach parts of the djigzo.log, maybe someone has an idea of what's wrong. Thank you very much, Samuel Greiner -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJWUtgFAAoJELbC5SgBIHW06/sP/jxuTB+EN1JbTLQPdbuvK3s3 Wu2XET7CRQWD6AhTRyO3VkS8sPqvH9sx/J8Fvt1sZVOFuGvx2PP8R4bpn/FeNLze QCok/wjJoTt7ovEalOaBuTjyn9NzETz6E8nK7q9KWJOKC7fGF972Usju76uKt29K KmWqD/9fTAQYVSc6QFm31Yl8NDRRgbqEYUoRY1jGbAMbpB5nvdhpsILyEZoEYQXy AnyIpphrtFAFsNVPOIMyLaAskwWocWM2/vzBfxcaDG0ebYt4gcymdw3lD5kSgyTE DyHSlEifc8OcuMswWB+QCbhm/K8kWYYBYvZ5d5QgPNrJWSJ5Miz5ZJJlaBsK6I+c G/LxIIBv//zKXbKobpdzD2bw7bNCCF4KG0pH5CJLw+a5Aw99cjwJ7kNBky3PMsZ6 je4NOXXDBoJFcoODo9ahOz34Og7mpURlVpcgEIzSQR+JEaCsRLf1bIBtzUSFrxdC vBGZOKLgubhIFxaOOojU9876NliiG0sQaUCLav9QgHtsFKw6r0CUUONQvRtT+Cmi OrDCRcJnrnF0vk1YcXUPTeiyVWm79BOMQdPSw50v0ZaI6cV4o8d8C4zVz5DuNZTU 0JJR9b/rE8Pg2sLFV1qpW/LHjr9NDoyUtoqPNe3GypCp5O4OKrvkowH7gYivkflX fp4ATdVeXnRhpW+43vpr =c7g3 -----END PGP SIGNATURE-----

6 years, 7 months

[Djigzo users] Subject distinguished name is not from a permitted subtree

by lst_hoe02＠kwsoft.de

Hello, today we discover a certificate in our Ciphermail certificate store which is not usable for encryption because of the error "Error building certPath. Subject distinguished name is not from a permitted subtree". Indeed there are name constraints in a sub-CA used but i can not figure out what the actual problem is because it actually should match the mailadress with is xxxxx(a)ford.com This is from the upper level issuing CA: Zugelassen [1]Unterstrukturen (0..Max): RFC822-Name=.ach-llc2.com [2]Unterstrukturen (0..Max): RFC822-Name=.cotarko.com [3]Unterstrukturen (0..Max): RFC822-Name=.european-llp.com [4]Unterstrukturen (0..Max): RFC822-Name=.first-aquitaine.com [5]Unterstrukturen (0..Max): RFC822-Name=.fmcc.ch [6]Unterstrukturen (0..Max): RFC822-Name=.ford-alliance.com [7]Unterstrukturen (0..Max): RFC822-Name=.ford.com [8]Unterstrukturen (0..Max): RFC822-Name=.fordcredit.com [9]Unterstrukturen (0..Max): RFC822-Name=.forsonordic.com [10]Unterstrukturen (0..Max): RFC822-Name=.lincoln.com [11]Unterstrukturen (0..Max): RFC822-Name=.lincolnafs.com [12]Unterstrukturen (0..Max): RFC822-Name=.troydm.com [13]Unterstrukturen (0..Max): RFC822-Name=.volvoautobank.de [14]Unterstrukturen (0..Max): RFC822-Name=ach-llc2.com [15]Unterstrukturen (0..Max): RFC822-Name=cotarko.com [16]Unterstrukturen (0..Max): RFC822-Name=european-llp.com [17]Unterstrukturen (0..Max): RFC822-Name=first-aquitaine.com [18]Unterstrukturen (0..Max): RFC822-Name=fmcc.ch [19]Unterstrukturen (0..Max): RFC822-Name=ford-alliance.com [20]Unterstrukturen (0..Max): RFC822-Name=ford.com [21]Unterstrukturen (0..Max): RFC822-Name=fordcredit.com [22]Unterstrukturen (0..Max): RFC822-Name=forsonordic.com [23]Unterstrukturen (0..Max): RFC822-Name=lincoln.com [24]Unterstrukturen (0..Max): RFC822-Name=lincolnafs.com [25]Unterstrukturen (0..Max): RFC822-Name=troydm.com [26]Unterstrukturen (0..Max): RFC822-Name=volvoautobank.de [27]Unterstrukturen (0..Max): DNS-Name=ford.com [28]Unterstrukturen (0..Max): Verzeichnisadresse: S=Michigan L=Dearborn O=Ford Motor Company C=US [29]Unterstrukturen (0..Max): Verzeichnisadresse: DC=ford DC=com Ausgeschlossen [1]Unterstrukturen (0..Max): IP-Adresse=0.0.0.0 Maske=0.0.0.0 [2]Unterstrukturen (0..Max): IP-Adresse=0000:0000:0000:0000:0000:0000:0000:0000 Mask=0000:0000:0000:0000:0000:0000:0000:0000 Any idea what could be wrong here? Thanks Andreas

6 years, 7 months

[Djigzo users] "Message could not be encrypted"

by christian＠herndler.com

Good afternoon, I've the following problem: An external user is configured for mandatory encryption (to receive only encrypted emails). We have different users in our organization he wants to communicate with, some of them encrypted, some unencrypted (unencrypted only in incoming direction!). If that external user send's an unencrypted email to one of our internal users, that email get blocked with an error "The message with Subject <Subject> has not been sent to the following recipients because the message could not be encrypted" According to the documentation, the locality should determine the direction of encryption, it seems that this doe not work as intended. Is there any configuration setting to prevent that ? regards Christian

6 years, 7 months

Re: [Djigzo users] Settings for portal use

by Stefan Michael Guenther

Hi, > The MPA log should provide more information why OTP mode was not used. > OTP mode should be enabled for sender *and* recipient. If for example > OTP mode is not enabled for the recipient (or sender), the MPA log > should contain a line telling that OTP mode was not enabled (for > recipient and/or sender). Can you check whether the MPA log provides > more information? > it was the OTP setting in the sender profile. Thanks, Stefan

6 years, 7 months

[Djigzo users] Seperate ciphermail from mailserver

by Lars

Hi, I would like to seperate ciphermail from mailserver via docker, one container with postfix/dovecot and one container with ciphermail/ciphermailWebClient. How do I config postfix and ciphermail? I changed main.cf to: content_filter = djigzo:[ip_of_ciphermailContainer]:10025 I think this was the easy part, but how to setup master.cf at this point: djigzo unix - - n - 4 smtp -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o smtp_generic_maps= 127.0.0.1:10026 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks, no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_authorized_xclient_hosts=127.0.0.0/8 And how to tell ciphermail at which ip to find postfix and must ciphermail setup to accepte connections not coming from localhost? Thank you. ------------- Best Regards, Lars

6 years, 7 months

Re: [Djigzo users] Settings for portal use

by Stefan Michael Guenther

Hi, > I'm not sure whether I understand your requirements. An email with a > link to the portal page is always an email with an encrypted PDF (when > OTP mode is used). The user has to login to the portal to retrieve the > password for the PDF, hence the link to the portal. > well the recipient gets an email with the attached pdf. It is encrypted with the static password, assigned in the user profile. When I remove the password and OTP is activated, the messages will not be encrypted. Kind regards, Stefan

6 years, 7 months

[Djigzo users] Settings for portal use

by Stefan Michael Guenther

Hi, which are the mandatory settings in a user profile, so that the user doesn't get an encrypted PDF, but an email with the link to the portal page? In the the user profile we have enabled the portal and the portal URL has been defined, too. OTP is enabled. Thanks for any hint. Kind regards, Stefan

6 years, 7 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users November 2015