Users March 2015

users@lists.ciphermail.com

11 participants
18 discussions

[Djigzo users] Release candidate of CipherMail gateway 2.10 available

by Martijn Brinkers

Hi, A release candidate of the CipherMail gateway 2.10.0 is available. This is mostly a maintenance release. Improvements/Changes * HTML parts are now scanned for PGP content [https://jira.djigzo.com/browse/GATEWAY-88] * PGP desktop/universal (now Symantec) proprietary partitioned encoding format is now fully supported for incoming email. Email encrypted with PGP desktop/universal with the partitioned encoding format is now "repaired" to a proper MIME message. * RedHat/CentOS 7 is now supported. * Ignore content-transfer-encoding of multipart messages. * S/MIME handler now adds X-Djigzo-Info-Signer-Email-* headers with the email address of the signer certificate. * Tomcat server.xml config configured to only use strong ciphers. This implies that Windows XP users with IE can no longer connect since IE on Windows XP does not support strong ciphers. * Virtual appliance: There is no longer a separate version for VMware ESX and workstation. The VMware virtual appliance now supports ESX 4 and up and VMware workstation. Because the virtual appliance now requires VM version 7, ESXi 3 is no longer supported. The release candidate and updated installation documentation can be downloaded from https://www.ciphermail.com/beta.html Kind regards, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail

7 years, 8 months

[Djigzo users] Problem with PDF reply

by Jason A. Perlman

I'm having an issue when trying to reply to encrypted PDFs, the URL looks correct, in the logs I believe this to be the relevant line. Caused by: java.lang.RuntimeException: Error obtaining injected value for field mitm.djigzo.web.pages.portal.pdf.PDFReply.clientSMTPHost: Symbol 'client.mail.smtp.host' is not defined. I don't know where that is being read from, or where to set it. Any help would be greatly appreciated. Thanks!

7 years, 8 months

[Djigzo users] Postfix+Ciphermail advanced config question

by Laz C. Peterson

Hello all, I’ve got an issue here that I would really appreciate some help with. We are running Ubuntu 14.04, Postfix, Dovecot and Ciphermail, everything updated — all mail and authentication services are functioning normal. First … Dovecot is the LDA and we have virtual users and virtual domains. Some of these domains are aliases of non-routable Windows AD domains. For example, user(a)email.net <mailto:user@email.net> -> user(a)email.corp <mailto:user@email.corp> … Ciphermail creates accounts for the internal domain instead of the address that the email was initially addressed to, and this confuses the users. How do we configure Ciphermail/Postfix to make sure that Ciphermail processes the account using the alias domain (what is in the original To:) that the user is familiar with? Second … Since Ciphermail is running on the same mail server that is accepting incoming mail from the internet, whether or not it is encrypted, it is still processing the queue. We have created a tag (“[encrypt]”) that flags an email to be processed by Ciphermail, with the intention of that function being available for only internal domains — or more precisely, for SASL authenticated users — but it services encryption for any random external user or domain as long as they put the same tag in the subject line. How can we avoid this happening? Thank you so much for any insight. ~ Laz Peterson Paravis, LLC

7 years, 8 months

[Djigzo users] PDF reply

by Jason A. Perlman

7 years, 8 months

[Djigzo users] Signing every outgoing mail

by Markus Zimmermann

Hello, I have a problem with signing my mails. I created an internal user and imported the encryption and the signing certificate (comodo). The Info field of the certificates contains: "Error building certPath. No issuer certificate for certificate in certification path found." I followed the steps in the manual, -set Locality to "internal" - set encrypt mode to "allow" - unchecked the "Only sign when encrypt" box When sending a mail from the specific user to a testuser the mail is not signed. Does anyone of you know, what the mistake is? Thank, Markus Mit freundlichen Grüßen mareco gmbh & co.kg Dipl.-Ing.(FH) Markus Zimmermann Geschäftsführer der Komplementärin Rothelebuch 7, 87637 Seeg Tel. +49 (8364) 984009-0 Fax. +49 (8364) 984009-9 E-Mail. info(a)mareco.biz Internet. www.mareco.biz Sitz Seeg, HRA8889 Amtsgericht Kempten Persönlich haftende Gesellschafterin CRM Verwaltungs-GmbH Sitz Seeg, HRB9745 Amtsgericht Kempten Geschäftsführer Markus Zimmermann

7 years, 8 months

[Djigzo users] No decription

by Arie Koppelaar

Hello, I'm new to CipherMail, and have been testing for a couple of days now. It's quite an impressive solution, and I'm thinking of using it in a professional environment. My setup: Exchange <--> CipherMail <--> Postfix Outlook 2013 + Symantec PGP Client <--> Ciphermail <--> Roundcube Webmail The test: Send Encrypt --> CipherMail --> Receive encrypted (i.e. scrambled PGP message NOT OK! Receive unencrypted = OK! <-- CipherMail <-- Send Encrypted As described above, I can send encrypted mail to my Exchange server, which will then get decrypted by Symantec PGP. But when returning the message, it doesn't get decrypted by CipherMail. I have tested with "Enable PGP/INLINE to interna", and PGP/MIME PGP/INLINE, but success. Log: 18 Mar 2015 13:37:23 | INFO incoming; MailID: 0350f883-f06c-443d-854a-56ad340c865f; Recipients: [USER(a)DOMAIN1.org]; Originator: USER(a)DOMAIN2.nl; Sender: USER(a)DOMAIN2.nl; Remote address: 192.168.1.103; Subject: RE: Woensdagtest20; Message-ID: <3fdd41d21dcf4eeea6978b49c504ae4f(a)exchange01.DOMAIN1.local>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] 18 Mar 2015 13:37:23 | INFO Subject filter is disabled for the sender; MailID: 0350f883-f06c-443d-854a-56ad340c865f; Recipients: [USER(a)DOMAIN1.org] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 18 Mar 2015 13:37:23 | INFO To internal recipient(s); MailID: 0350f883-f06c-443d-854a-56ad340c865f; Recipients: [USER(a)DOMAIN1.org] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 18 Mar 2015 13:37:23 | WARN PGP/INLINE signed message contained mixed content; MailID: 0350f883-f06c-443d-854a-56ad340c865f (mitm.common.security.openpgp.PGPRecursiveValidatingMIMEHandler) [Spool Thread #2] 18 Mar 2015 13:37:23 | INFO Message has been PGP decrypted; MailID: 0350f883-f06c-443d-854a-56ad340c865f; Recipients: [USER(a)DOMAIN1.org] (mitm.application.djigzo.james.mailets.PGPHandler) [Spool Thread #2] 18 Mar 2015 13:37:23 | INFO Message handling is finished. Sending to final recipient(s); MailID: 0350f883-f06c-443d-854a-56ad340c865f; Recipients: [USER(a)DOMAIN1.org]; Originator: USER(a)DOMAIN2.nl; Sender: USER(a)DOMAIN2.nl; Remote address: 192.168.1.103; Subject: RE: Woensdagtest20; Message-ID: <3fdd41d21dcf4eeea6978b49c504ae4f(a)exchange01.DOMAIN1.local>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] Regards, Arie

7 years, 8 months

[Djigzo users] Mail trouble

by Marc Mollberg

He everybody, last week suddenly my gateway stopped delivering emails only to extern, our Exchange told me this error: XXXXX.XXX.XX #503 5.5.1 Error: need MAIL command ## Then I created a new one with the backup settings of it and everything works fine again. Today I try to find this error in the log files and did not see it on the gateway, also a test mail works fine. Any other person who has experience with that? Thank you. Marc

7 years, 8 months

[Djigzo users] Comodo E-Mail-Certificate

by Markus Zimmermann

Hello, I bought an E-Mail-Certificate from Comodo, but I am unable to import the key into ciphermail. I backed up the Certificate in Firefox into a *.p12-File. If I try to import this file into ciphermail goes into a endless loop "importing". The process doesn't finish even after a long time of waiting. Any help would be appreciated. Regards, Markus Mit freundlichen Grüßen mareco gmbh & co.kg Dipl.-Ing.(FH) Markus Zimmermann Geschäftsführer der Komplementärin Rothelebuch 7, 87637 Seeg Tel. +49 (8364) 984009-0 Fax. +49 (8364) 984009-9 E-Mail. info(a)mareco.biz Internet. www.mareco.biz Sitz Seeg, HRA8889 Amtsgericht Kempten Persönlich haftende Gesellschafterin CRM Verwaltungs-GmbH Sitz Seeg, HRB9745 Amtsgericht Kempten Geschäftsführer Markus Zimmermann

7 years, 8 months

[Djigzo users] Idea: Download public keys automatically via header trigger

by Sebastian Nielsen

Suggestion: Ability to add a possibility to download public keys automatically via a header trigger, like the signing trigger and encryption trigger. This configuration setting could be that it allows you to specify header name, and then one regexp that will cause the Ciphermail to download the public key if it matches, however, if 2 headers is found with the same header name as the one specified, Ciphermail, will NOT download public keys. The idea behind not downloading if 2 headers of the same name is found, is to prevent a rogue entity to add such a header in a incoming mail. The idea is then that the validation software, that the system administrator uses to decide if a public key should be downloaded or not, can specify, lets say a example: “X-PGP-Download-Key: yes” or “X-PGP-Download-Key: no” (Header name: “X-PGP-Download-Key”, Regexp: “/^yes$/”), and thus if a rogue entity tries to add “X-PGP-Download-Key: yes”, and the validation software does NOT support removing fraudulent headers, then the mail will end up with one “X-PGP-Download-Key: yes” and one “X-PGP-Download-Key: no” in case validation failed, else 2 identical “X-PGP-Download-Key: yes” headers, thus Ciphermail can ignore these duplicate headers, preventing DoS. Of course, there should be a setting to remove the header too, and then it will remove the named header regardless of if it matched the regexp or not. This would allow the administrator to set up limits to prevent DoS, for example, the system administrator could configure the SPF/DKIM validating software, to add this header in the first 5 unique mails for a specific domain, and only once per unique mail sender, and only for mail that passes either SPF or DKIM, or both. Or the system administrator could add so only the first mail containing “-----BEGIN PGP SIGNATURE-----” line, each 30 minutes will trigger a key download, thus preventing DoS, if someone would start flooding the server.

7 years, 8 months

[Djigzo users] List manager software destroys both SPF and DKIM causing list mail to be rejected

by Sebastian Nielsen

See this. (report is at the bottom of this email) Apparently, your list software destroys both SPF and DKIM signatures causing rejects. Since you repackage S/MIME mail to avoid breaking S/MIME, I would suggest doing the same to avoid breaking SPF, eg repackage the mail in a new message/rfc822 container like this, and also DKIM sign the repackaged mail, and also strip the invalid DKIM sig out. A good idea can be then to put up a DKIM, SPF and DMARC record for lists.djigzo.com. Then both SPF and DKIM will be verified against the domain “lists.djigzo.com”, not the sender domain, since the SPF/DKIM validator will always validate mail on the outermost container: From: users(a)lists.djigzo.com To: <receiver of list mail> Subject: Fwd: [original subject] Content-Type: message/rfc822; boundary=”1234”; --1234 From: sebastian(a)sebbe.eu To: <receiver of list mail> Subject: [original subject] Content-Type: text/plain Hello this is a test --1234-- Here is the report I got from Yahoo: <?xml version="1.0"?> -<feedback> -<report_metadata> <org_name>Yahoo! Inc.</org_name> <email>postmaster(a)dmarc.yahoo.com</email> <report_id>1426038669.132883</report_id> -<date_range> <begin>1425945600</begin> <end>1426031999 </end> </date_range> </report_metadata> -<policy_published> <domain>sebbe.eu</domain> <adkim>s</adkim> <aspf>s</aspf> <p>reject</p> <pct>100</pct> </policy_published> -<record> -<row> <source_ip>87.233.242.72</source_ip> <count>1</count> -<policy_evaluated> <disposition>reject</disposition> <dkim>fail</dkim> <spf>fail</spf> </policy_evaluated> </row> -<identifiers> <header_from>sebbe.eu</header_from> </identifiers> -<auth_results> -<dkim> <domain>sebbe.eu</domain> <result>permerror</result> </dkim> -<spf> <domain>lists.djigzo.com</domain> <result>pass</result> </spf> </auth_results> </record> </feedback>

7 years, 8 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users March 2015