I had the problem that the only good way to check for valid e-mail
addresses at my firewall, which also does SPAM prevention and virus
scanning etc., is to use SMPT verify. Before I've setup Ciphermail my
internal mail server was the relay and handled this. With Ciphermail as
a relay between the firewall and my mail server hist was no longer
possible. As I found no solution on the web I decided to build my own:
With this SMTP verify works again. If you know other, better solutions,
please let me know. If you try this and find a bug drop me a note. This
is quick&dirty cut&paste code ... but it works.
MHC SoftWare GmbH
HR Coburg: B2242
Geschäftsführer: Matthias Henze
A new release candidate of the CipherMail gateway community edition is
now available (version 3.0.3-0).
* Support for MySQL/MariaDB and Oracle Database added.
* JDB connection tester tool added. This can be used to test a
connection to an external database (Postgres,
MySQL/MariaDB and Oracle Database).
* Log export functionality added to the virtual appliance (previously
this was a CipherMail Enterprise only feature).
* Because support for MySQL/MariaDB and Oracle Database was added, there
is now a separate package for Postgres. The
main back-end package no longer requires Postgres. The separate
postgres package can be used to auto configure a local postgres
* Mail generated by the web GUI ("Compose a test email" tool and "PDF
reply" page) is now sent to a special local port
on port 10027. This makes it possible to change settings on the
default smtpd port (25) without interfering with email sent from the
GUI. This requires an additional service setting for port 10027 in
* Java wrapper updated to 3.5.28
This fixes the following Java wrapper bugs: multi byte char logging
sometimes resulted in ? in the log files, memory leak on
* Libraries updated.
* Java 8 is now supported. Note: because of bug#
https://bugs.centos.org/view.php?id=9482, OpenJDK 8 on RedHat/CentOS
currently cannot be used because EC ciphers are not supported for
* Certificate request page now supports more request parameters
(country, locality, state, OU).
* Fix for bug GATEWAY-91. Djigzo should trim off whitespace in the
beginning and/or end of any PGP header lines. Note that this is not
enabled by default because this is not RFC compliant. A system
property must be set to enable this.
* Fix for bug GATEWAY-92. PDF encryption failed on non-standard Unicode
characters (Webdings font).
* Fix for bug GATEWAY-96. PGP keyring importer does not report import
failure if password is incorrect.
* Fix for bug GATEWAY-97. PGP/MIME signing a message with an invalid
content-transfer-encoding results in a message in the error queue.
* The database connection string is now stored in a separate xml
fragment (hibernate.connection.xml). This makes upgrading easier
because upgrading the hibernate configuration file no longer results
in overwriting the database connection string.
* The Web portal is now responsive (i.e., scales on smaller devices).
* Ciphermail.backup.enabled system property added which can be used to
disable backup option from the web GUI.
* Default Tomcat server.xml now only supports strong SSL/TLS ciphers
(ssllabs gives GUI an A rating).
The release candidate can be downloaded from
When upgrading an existing installation, a number of (minor) additional
configuration steps are required. See the upgrade guide for more
This release has been extensively tested. If there are no major issues
found this week, it will be officially released.
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
What happens for a user who has received encrypted mail in the past and created an account with a password of their choice, but that have forgot their password? How can they recover this, or receive a password reset email?
~ Laz Peterson
In a particular case, the URL for the user portal in the PDF OTP/INVITE template, is missing it's domain after the %40
&pwl=16&email=Myemail(a)mydomain.com<mailto:&pwl=16&email=Myemail@mydomain.com> would look like &pwl=16&email=Myemail%40mydomain.com
The URL is clickable, but on the portal login screen, the @mydomain.com is missing.
After manually typing @mydomain.com, the user can loging, but the box Password id is empty.
In this mentioned case, the user opened the received email in a webmail-app using Internet Explorer 11 on a Windows 2008 machine.
Do you have any ideas on how this is possible?
First time with Ciphermail and it seems to have what I need so far.
I finished the installation of packages djigzo_3.1.1-1.tar.gz and djigzo-web_3.1.1-1.tar.gz on a Linux Mint 18 box. I followed each and every step of the documentation (installation-guide.pdf), which by the way is really good.
Right now I have a problem. Via Web, the option "Admins | MTA | config" and other similar options return the error:
An unexpected application exception has occurred.
Render queue error in BeforeRenderTemplate[admin/mta/Config:relaydomains]: Failure reading parameter 'model' of component admin/mta/Config:relaydomains: ProcessException: Error running [/usr/local/djigzo/scripts/execute-script.sh,postfix-main-config,-g]. exit value: 1 (1), Class: class mitm.common.util.ProcessException
I read the documentation and some posts and they all relate the possible cause to the file /etc/sudoers.d/ciphermail, which in my case has the following settings (the whole text consists of 5 consecutive and uncommented lines):
User_Alias DJIGZO_USERS = djigzo
Cmnd_Alias DJIGZO_COMMANDS = /usr/share/djigzo/scripts/do-execute-script.sh
DJIGZO_USERS ALL=(ALL) NOPASSWD: DJIGZO_COMMANDS
# sudo -u djigzo /usr/local/djigzo/scripts/execute-script.sh postfix-main-config -g
returns the error:
Sorry, user djigzo is not allowed to execute '/usr/local/djigzo/scripts/do-execute-script.sh postfix-main-config -g' as root on (...).
I will appreciate any directions/recommendations/suggestions on this matter.
Thanks in advance.
Kind Regards / Mit freundlichen Grüßen
Terminal-Services.NET Germany vendere GmbH
Paulsborner Straße 3
Sitz der Gesellschaft: Berlin
Registergericht: AG Charlottenburg, HRB 90683
Geschäftsführer: Holger Xue
Umsatzsteuer-Identifikationsnummer gemäss §27a Umsatzsteuergesetz:
Versicherungsschein HV.VSH.6.221.448 der Hiscox AG,
Niederlassung für Deutschland, Arnulfstr. 31, 80636 München
Versicherungsschutz besteht weltweit für IT-Beratungs- und Dienstleistungen
This e-mail is confidential and may well also be legally privileged. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this message from your system.
Please do not copy it or use it for any purposes, or disclose its contents to any other person: to do so could be a breach of confidence. Thank you for your co-operation. Please contact our IT Helpdesk on support(a)sbcpro.de<mailto:firstname.lastname@example.org> if you need assistance.
There is a typo:
> Cmnd_Alias DJIGZO_COMMANDS = /usr/share/djigzo/scripts/do-execute-script.sh
Sorry, user djigzo is not allowed to execute '/usr/local/djigzo/scripts/do-execute-script.sh
share <-> local
i used Ciphermail to convert Email Messages to PDF with password.
If i paste content of an excel file to the Email, the PDF shows not the
and it seems that ciphermail formats the content in the PDF File.
I dont whant that and i want, that the original Content of the Mail was
shown in the PDF.
What i have to do?
Mit freundlichen Grüßen,
Wahlscheidt Trucktrans GmbH
Hi out there,
I completely reinstalled chipermail about a month ago. Now I use Version: 3.1.1-1. Built: 2016-06-29-19:42. All configurations have been done manually, so there is no old config or something like that in place. Before I had Version: 2.5.0-4. Built: 2013-04-17-19:13 in use for quite a while. The config is very basic, both installations came as ovf-files for VMware from the offical homepage.
Since the upgrade I am experiancing timeouts while sending email from my gateway to the next hop, an email server behind an vpn and under controll of a service provider.
qmgr: 9643ACB: from=<A(a)mydomain.de>, size=14519708, nrcpt=1 (queue active)
smtp: 9643ACB: to=<B(a)b.de>, relay=x.x.x.103 [x.x.x.103]:25, delay=144634, delays=144451/0.01/0.08/183, dsn=4.4.2, status=deferred (conversation with x.x.x.103 [x.x.x.103] timed out while sending message body)
The transferrate over my internet / vpn connection goes up to 900kb/sec in upload, other data passes the same way as my emails. The connection is established and the gateway is sending data much slower then possible, I would say most times less then 10kb/sec and it doesn't even vary during the transfer. After 600sec the service provider closes the connection, resulting in a timeout. A few trys later the email gets send, I'm not sure at what speed, at some point it just goes through. This happens during all daytimes, even in the evening when servers are not bussy.
Things I tryed:
- restarts everywhere
- changing ISP modem / testing bandwidth
- checking DNS
- comparing logs, it really all starts with change of gateway version
- I upgraded RAM of the ciphermail VM from 1 to 2gb. In result it seems to happen less often, but it is reproducable with emails size 20mb+
- I did not try yet to change the type of VM networkadapter from E1000 to flexible
Any solutions out there would be helpfull, I'm in the dark right now
I've read the CipherMail gateway documents and got impressed from all the
capabilities that can be used to encrypt end-to-end users' emails.
I need to provide for 50 none-tech users:
1. end-2-end encrypted emails for managed users registered with the
same email domain (internal users). From the docs I understand that either
PGP or S/MIME is used.
2. For the internal users to send secure email to any other external
email address (other domains). From the docs I understand that WebMail or
PDF is used.
3. Simple remote installation/setup and users' usage (people with 0
Both, Internal and External, users can be anywhere connected over the open
Internet (not in secure LAN/Intranet).
I've already install the CipherMail gateway and looked into it, but I'm
missing the overall picture for how to start with the system setup.
I would appreciate any advice/tip/direction to.