Hi,
I had the problem that the only good way to check for valid e-mail
addresses at my firewall, which also does SPAM prevention and virus
scanning etc., is to use SMPT verify. Before I've setup Ciphermail my
internal mail server was the relay and handled this. With Ciphermail as
a relay between the firewall and my mail server hist was no longer
possible. As I found no solution on the web I decided to build my own:
https://wiki.mhcsoftware.de/ciphermail
With this SMTP verify works again. If you know other, better solutions,
please let me know. If you try this and find a bug drop me a note. This
is quick&dirty cut&paste code ... but it works.
cheers
Matthias
--
MHC SoftWare GmbH
Fichtera 17
96274 Itzgrund/Germany
voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: info(a)mhcsoftware.de
HR Coburg: B2242
Geschäftsführer: Matthias Henze
Hi,
today we were contacted by a company, that is running an old djigzo installation from 2011 on a SuSE 11.1
The browsers do not accept the weak encryption, that this installation offers:
An error occurred during a connection to 212.184.xxx.xxx:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY
How can be change the configuration from port 8443 to 80? Just changing "scheme" to "http" and "SSLEnabled" to "false" in server.xml doesn't seem to be enough - now we only get a blank page.
Right now we have to add some new accounts, before we can offer the company a migration to a current version of Ciphermail.
Thanks for any suggestions & hints,
Stefan
Hi,
A new release candidate of the CipherMail gateway community edition is
now available (version 3.0.3-0).
New
* Support for MySQL/MariaDB and Oracle Database added.
* JDB connection tester tool added. This can be used to test a
connection to an external database (Postgres,
MySQL/MariaDB and Oracle Database).
* Log export functionality added to the virtual appliance (previously
this was a CipherMail Enterprise only feature).
Improvements/Changes
* Because support for MySQL/MariaDB and Oracle Database was added, there
is now a separate package for Postgres. The
main back-end package no longer requires Postgres. The separate
postgres package can be used to auto configure a local postgres
database.
* Mail generated by the web GUI ("Compose a test email" tool and "PDF
reply" page) is now sent to a special local port
on port 10027. This makes it possible to change settings on the
default smtpd port (25) without interfering with email sent from the
GUI. This requires an additional service setting for port 10027 in
master.cf.
* Java wrapper updated to 3.5.28
(https://wrapper.tanukisoftware.com/doc/english/release-notes.html).
This fixes the following Java wrapper bugs: multi byte char logging
sometimes resulted in ? in the log files, memory leak on
RedHat/CentOS.
* Libraries updated.
* Java 8 is now supported. Note: because of bug#
https://bugs.centos.org/view.php?id=9482, OpenJDK 8 on RedHat/CentOS
currently cannot be used because EC ciphers are not supported for
SSL/TLS.
* Certificate request page now supports more request parameters
(country, locality, state, OU).
* Fix for bug GATEWAY-91. Djigzo should trim off whitespace in the
beginning and/or end of any PGP header lines. Note that this is not
enabled by default because this is not RFC compliant. A system
property must be set to enable this.
* Fix for bug GATEWAY-92. PDF encryption failed on non-standard Unicode
characters (Webdings font).
* Fix for bug GATEWAY-96. PGP keyring importer does not report import
failure if password is incorrect.
* Fix for bug GATEWAY-97. PGP/MIME signing a message with an invalid
content-transfer-encoding results in a message in the error queue.
* The database connection string is now stored in a separate xml
fragment (hibernate.connection.xml). This makes upgrading easier
because upgrading the hibernate configuration file no longer results
in overwriting the database connection string.
* The Web portal is now responsive (i.e., scales on smaller devices).
* Ciphermail.backup.enabled system property added which can be used to
disable backup option from the web GUI.
* Default Tomcat server.xml now only supports strong SSL/TLS ciphers
(ssllabs gives GUI an A rating).
The release candidate can be downloaded from
https://www.ciphermail.com/beta.html
When upgrading an existing installation, a number of (minor) additional
configuration steps are required. See the upgrade guide for more
information:
https://www.ciphermail.com/documents-3.0/upgrade-guide.pdf
This release has been extensively tested. If there are no major issues
found this week, it will be officially released.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
https://www.ciphermail.com
Twitter: http://twitter.com/CipherMail
Good morning,
I recently faced the problem that Emails that were sent uuencoded and
encrypted (as far as I know sent by Outlook 2010 via Exchange 2013) did
not get decrypted by ciphermail.
The Mail was uudecoded, but the resulting attachment named smime.p7m
(probably the S/Mime Signature) and smime.eml (probably the encrypted
message) was not validated/decrypted.
Is there anything that can be configured to solve that problem ?
Thank you
Christian
Hello,
one of our clients has upgraded his Ubuntu 14.04 system to 16.0.4.
Part of this upgrade was the change from OpenJDK7 to OpenJDK8, which is according to the documentation, no supported.
But although he installed OpenJDK afterwards, Ciphermail (3.1.1) does not start, and the login windows does not appear.
Here are a couple of lines from the log files:
james.wrapper.log:
---------------------------
--> Wrapper Started as Console
Java Service Wrapper Community Edition 64-bit 3.5.28
Copyright (C) 1999-2016 Tanuki Software, Ltd. All Rights Reserved.
http://wrapper.tanukisoftware.com
Launching a JVM...
java version "1.7.0_95"
OpenJDK Runtime Environment (IcedTea 2.6.4) (7u95-2.6.4-3)
OpenJDK 64-Bit Server VM (build 24.95-b01, mixed mode)
Error starting org.apache.avalon.phoenix.launcher.DaemonLauncher
java.lang.ClassNotFoundException: org.apache.avalon.phoenix.launcher.DaemonLauncher
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:195)
at mitm.application.djigzo.james.Bootstrap.main(Bootstrap.java:176)
JVM exited while loading the application.
catalina.out:
------------------
Sep 07, 2016 11:09:39 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
Sep 07, 2016 11:09:40 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1773 ms
Sep 07, 2016 11:09:40 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Sep 07, 2016 11:09:40 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.68 (Ubuntu)
Sep 07, 2016 11:09:40 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor /etc/tomcat7/Catalina/localhost/ciphermail.xml
Sep 07, 2016 11:09:53 AM org.apache.catalina.startup.TldConfig execute
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
[07 Sep 2016 11:09:54 localhost-startStop-1] INFO Root WebApplicationContext: initialization started (org.springframework.web.context.ContextLoader)
[07 Sep 2016 11:09:54 localhost-startStop-1] INFO Refreshing Root WebApplicationContext: startup date [Wed Sep 07 11:09:54 GMT+01:00 2016]; root of context hierarchy (org.springframework.web.context.support.XmlWebApplicationContext)
[07 Sep 2016 11:09:54 localhost-startStop-1] INFO Loading XML bean definitions from ServletContext resource [/WEB-INF/spring.xml] (org.springframework.beans.factory.xml.XmlBeanDefinitionReader)
[07 Sep 2016 11:09:54 localhost-startStop-1] INFO You are running with Spring Security Core 3.2.5.RELEASE (org.springframework.security.core.SpringSecurityCoreVersion)
[07 Sep 2016 11:09:54 localhost-startStop-1] INFO Spring Security 'config' module version is 3.2.5.RELEASE (org.springframework.security.config.SecurityNamespaceHandler)
[07 Sep 2016 11:09:55 localhost-startStop-1] INFO Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, <bannedAuthenticationProcessingFilter>, order = 1100, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0;
autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1600, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2000, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; d
ependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2100, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2200, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2300] (org.springframework.security.config.http.HttpSecurityBeanDefinitionParser)
[07 Sep 2016 11:09:55 localhost-startStop-1] ERROR Context initialization failed (org.springframework.web.context.ContextLoader)
java.lang.NoSuchMethodError: java.util.concurrent.ConcurrentHashMap.keySet()Ljava/util/concurrent/ConcurrentHashMap$KeySetView;
at org.apache.catalina.core.ApplicationContext.getInitParameterNames(ApplicationContext.java:368)
at org.apache.catalina.core.ApplicationContextFacade.getInitParameterNames(ApplicationContextFacade.java:367)
at org.springframework.web.context.support.WebApplicationContextUtils.registerEnvironmentBeans(WebApplicationContextUtils.java:195)
at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.postProcessBeanFactory(AbstractRefreshableWebApplicationContext.java:169)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:458)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5068)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5584)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:677)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1962)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Sep 07, 2016 11:09:55 AM org.apache.catalina.core.StandardContext startInternal
SEVERE: One or more listeners failed to start. Full details will be found in the appropriate container log file
Sep 07, 2016 11:09:55 AM org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/ciphermail] startup failed due to previous errors
I'm not a Java expert, therefore I have no idea, what "java.lang.NoSuchMethodError" means.
Thanks for any hints,
Stefan