Users June 2016

users@lists.ciphermail.com

2 participants
5 discussions

by Matthias Henze

Hi, I had the problem that the only good way to check for valid e-mail addresses at my firewall, which also does SPAM prevention and virus scanning etc., is to use SMPT verify. Before I've setup Ciphermail my internal mail server was the relay and handled this. With Ciphermail as a relay between the firewall and my mail server hist was no longer possible. As I found no solution on the web I decided to build my own: https://wiki.mhcsoftware.de/ciphermail With this SMTP verify works again. If you know other, better solutions, please let me know. If you try this and find a bug drop me a note. This is quick&dirty cut&paste code ... but it works. cheers Matthias -- MHC SoftWare GmbH Fichtera 17 96274 Itzgrund/Germany voice: +49-(0)9533-92006-0 fax: +49-(0)9533-92006-6 e-mail: info(a)mhcsoftware.de HR Coburg: B2242 Geschäftsführer: Matthias Henze

5 years, 2 months

[Djigzo users] CipherMail gateway 3.0.3-0 release candidate available

by Martijn Brinkers

Hi, A new release candidate of the CipherMail gateway community edition is now available (version 3.0.3-0). New * Support for MySQL/MariaDB and Oracle Database added. * JDB connection tester tool added. This can be used to test a connection to an external database (Postgres, MySQL/MariaDB and Oracle Database). * Log export functionality added to the virtual appliance (previously this was a CipherMail Enterprise only feature). Improvements/Changes * Because support for MySQL/MariaDB and Oracle Database was added, there is now a separate package for Postgres. The main back-end package no longer requires Postgres. The separate postgres package can be used to auto configure a local postgres database. * Mail generated by the web GUI ("Compose a test email" tool and "PDF reply" page) is now sent to a special local port on port 10027. This makes it possible to change settings on the default smtpd port (25) without interfering with email sent from the GUI. This requires an additional service setting for port 10027 in master.cf. * Java wrapper updated to 3.5.28 (https://wrapper.tanukisoftware.com/doc/english/release-notes.html). This fixes the following Java wrapper bugs: multi byte char logging sometimes resulted in ? in the log files, memory leak on RedHat/CentOS. * Libraries updated. * Java 8 is now supported. Note: because of bug# https://bugs.centos.org/view.php?id=9482, OpenJDK 8 on RedHat/CentOS currently cannot be used because EC ciphers are not supported for SSL/TLS. * Certificate request page now supports more request parameters (country, locality, state, OU). * Fix for bug GATEWAY-91. Djigzo should trim off whitespace in the beginning and/or end of any PGP header lines. Note that this is not enabled by default because this is not RFC compliant. A system property must be set to enable this. * Fix for bug GATEWAY-92. PDF encryption failed on non-standard Unicode characters (Webdings font). * Fix for bug GATEWAY-96. PGP keyring importer does not report import failure if password is incorrect. * Fix for bug GATEWAY-97. PGP/MIME signing a message with an invalid content-transfer-encoding results in a message in the error queue. * The database connection string is now stored in a separate xml fragment (hibernate.connection.xml). This makes upgrading easier because upgrading the hibernate configuration file no longer results in overwriting the database connection string. * The Web portal is now responsive (i.e., scales on smaller devices). * Ciphermail.backup.enabled system property added which can be used to disable backup option from the web GUI. * Default Tomcat server.xml now only supports strong SSL/TLS ciphers (ssllabs gives GUI an A rating). The release candidate can be downloaded from https://www.ciphermail.com/beta.html When upgrading an existing installation, a number of (minor) additional configuration steps are required. See the upgrade guide for more information: https://www.ciphermail.com/documents-3.0/upgrade-guide.pdf This release has been extensively tested. If there are no major issues found this week, it will be officially released. Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail

5 years, 9 months

[Djigzo users] CipherMail Email Encryption Gateway 3.1.1-1 released

by Martijn Brinkers

Hi, CipherMail Email Encryption Gateway (3.1.1-1) is available for download. Release notes: Bugs/Improvements/Changes * MySQL/MariaDB jdbc drivers updated. * CXF upgraded. CXF now uses netty for http soap server connections instead of jetty. * config.xml refactored. This makes it easier to change the mail flow using external xml fragments. * Regression: New admin roles could no longer be assigned/removed [GATEWAY-102] * PGP advanced option "Skip non PGP extensions" added. If enabled (the default), only attachments with the extension "pgp", "asc", "gpg" or "sig" are scanned for PGP binary data. This should speed-up scanning incoming email for PGP encrypted attachments when PGP/INLINE for incoming email is enabled. * Enigmail encodes long filenames with filename*0* filename*1* etc. when encoding email with PGP/INLINE. These parameters should be removed after decryption to make sure that the resulting filename no longer has the .pgp extension. Upgrade instructions: https://www.ciphermail.com/documents/upgrade-guide.pdf -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail

6 years

[Djigzo users] djigzo_3.0.5-0 Centos7 mysql

by Prof. Dr. Michael Schefczyk

Dear All, In the above configuration, installed according to the instructions, everything appears to be fine except for the MTA-Configuration under "Admin". That leads to the following two errors: - MTA -> config: "Render queue error in BeforeRenderTemplate[admin/mta/Config:relaydomains]: Failure reading parameter 'model' of component admin/mta/Config:relaydomains: ProcessException: Error running [/usr/local/djigzo/scripts/execute-script.sh,postfix-main-config,-g]. exit value: 1 (1), Class: class mitm.common.util.ProcessException" - MTA -> sasl: "Render queue error in SetupRender[admin/mta/SaslPasswords:grid]: Failure reading parameter 'source' of component admin/mta/SaslPasswords:grid: ProcessException: Error running [/usr/local/djigzo/scripts/execute-script.sh,sasl,get]. exit value: 1 (1), Class: class mitm.common.util.ProcessException" Under /usr/local/djigzo/scripts/, I find a lot of shell scripts owned by root:root with permissions 0755 plus links in the scripts.d subdirectory as created according to page 16 of the installation guide. Can someone please point me at how to resolve this? Regards, Michael

6 years, 1 month

[Djigzo users] Database Migration

by Prof. Dr. Michael Schefczyk

Dear All, In preparing to move the two Ciphermail servers (djigzo_3.0.5-0) I am keeping in a dual SOHO situation from Centos 6 to Centos 7, I would also very much like to switch from postgres to mysql. That would allow me to work with a Percona mysql cluster to synchronize the servers instead of continuing with bucardo synchronization or investigate the new built-in and probably better postgres synchronization possibilities. Based on the install instructions, I was able to setup Ciphermail on Centos 7 with mysql. Running "mysql djigzo < /usr/local/djigzo/conf/database/sql/djigzo.mysql.sql" (in my case modified to run on an external host) does create the usual 29 tables. What I find myself unable to do is to convert the data (admin, atmin_authority, authority, blob, current certificates, certificates_email, properties, crls, keyring, keyring_email, keyring_userid, keystore, named_blob, pgp_trust_list, pgp_trust_list_namevalues, properties, properties_namevalues, userpreferences, userpreferences_certificates, userpreferences_inheritedpreferences, userpreferences_named_certificates, users) from postgres to mysql. I was naively thinking that ODBC and mysql workbench could do the job in a straightforward manner, but I did not find that feasible. For example, there are lots of "truncated key column length ..." warnings (logfile available upon request) and I did not find the result to work. I must admit that I am far from being a database expert also. Is it realistic to migrate the database or would one have to start from scratch even in terms of users and certificates? Regards, Michael

6 years, 1 month

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users June 2016