we have setup a PGP encryption between one of our customers (using ciphermail) and his tax accountant (using enigmail).
The tax accountant has to send loan reports only as an encrypted email.
We exported the public pgp key of the customer and imported it successfully into enigmail. Did the same with my public key.
The public key of the customer has been in use in our ciphermail installation for at least 4 months.
When the tax accountant sends an email to my address it is encrypted and decrypted.
When the tax account sends an email to the customer it is encrypted but not decrypted:
25 Nov 2015 12:37:53 | INFO incoming; MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxx.com]; Originator: yyyy(a)yyyyy.com; Sender: yyyy(a)yyyyyy.com; Remote address: 217.72.192.zz; Subject: Re: Hurra; Message-ID: <56559D7E.6000204(a)yyyyy.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
25 Nov 2015 12:37:53 | INFO Subject filter is disabled for the sender; MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxx(a)xxxx.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
25 Nov 2015 12:37:53 | INFO To internal recipient(s); MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxx.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
25 Nov 2015 12:37:53 | INFO "add security info" is enabled for the recipient(s); MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxx.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
25 Nov 2015 12:37:54 | INFO Message handling is finished. Sending to final recipient(s); MailID: d958dba2-9d26-41d7-bbff-26f54c10d5bd; Recipients: [xxxxx(a)xxxxx.com]; Originator: yyyyy(a)yyyy.com; Sender:firstname.lastname@example.org; Remote address: 217.72.192.zz; Subject: Re: Hurra; Message-ID: <56559D7E.6000204(a)yyyyyy.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
I have access to the customers emails and I see the encrypted email.
When I send an encrypted email to the customer, the log contains the line
25 Nov 2015 13:21:09 | INFO Message has been PGP decrypted; MailID: 9a6a2080-8a10-4aff-9370-3fab14845438; Recipients: [xxxx(a)xxxxx.com] (mitm.application.djigzo.james.mailets.PGPHandler) [Spool Thread #1]
There is one difference between the two ciphermail installations: Our customer has a user profile for the tax accountant, we do not. I therefore assume, that I made a mistake in the configuration of that profile. But which parameter could prevent an email from beeing decrytped? Why does one ciphermail installation recognize the encryption and the other one not?
Thanks for your help,
-----BEGIN PGP SIGNED MESSAGE-----
I installed ciphermail on CentOS following the quick install guide
step-by-step. Now when I try to access the Web GUI and login I get the
Back-end is not running or not yet fully started up
I don't really know what exactly that means and a look in the
djigzo.log is more confusing for me.
I attach parts of the djigzo.log, maybe someone has an idea of what's
Thank you very much,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----
I've the following problem:
An external user is configured for mandatory encryption (to receive only
We have different users in our organization he wants to communicate
with, some of them encrypted, some unencrypted (unencrypted only in
incoming direction!). If that external user send's an unencrypted email
to one of our internal users, that email get blocked with an error
"The message with Subject
has not been sent to the following recipients because the message could
not be encrypted"
According to the documentation, the locality should determine the
direction of encryption, it seems that this doe not work as intended.
Is there any configuration setting to prevent that ?
> The MPA log should provide more information why OTP mode was not used.
> OTP mode should be enabled for sender *and* recipient. If for example
> OTP mode is not enabled for the recipient (or sender), the MPA log
> should contain a line telling that OTP mode was not enabled (for
> recipient and/or sender). Can you check whether the MPA log provides
> more information?
it was the OTP setting in the sender profile.
I would like to seperate ciphermail from mailserver via docker, one
container with postfix/dovecot and one container with
How do I config postfix and ciphermail?
I changed main.cf to:
content_filter = djigzo:[ip_of_ciphermailContainer]:10025
I think this was the easy part, but how to setup master.cf at this
djigzo unix - - n - 4 smtp
127.0.0.1:10026 inet n - n - 10 smtpd
And how to tell ciphermail at which ip to find postfix and must
ciphermail setup to accepte connections not coming from localhost?
> I'm not sure whether I understand your requirements. An email with a
> link to the portal page is always an email with an encrypted PDF (when
> OTP mode is used). The user has to login to the portal to retrieve the
> password for the PDF, hence the link to the portal.
well the recipient gets an email with the attached pdf.
It is encrypted with the static password, assigned in the user profile.
When I remove the password and OTP is activated, the messages will not be encrypted.
which are the mandatory settings in a user profile, so that the user doesn't get an encrypted PDF, but an email with the link to the portal page?
In the the user profile we have enabled the portal and the portal URL has been defined, too.
OTP is enabled.
Thanks for any hint.