Users January 2018

users@lists.ciphermail.com

7 participants
7 discussions

[Djigzo users] Missing attachments in encrypted pdf

by Stefan Günther

Hello, we just setup the pdf encryption on ciphermail 3.3.1-0 for one of our clients. When he sends me an email with 2 images and a pdf attached to the email, the email is encrypted. But when I open it, the attachments are missing. Is there a parameter in the logging options which we should increase to find out, what happens to the attachments? Thanks for any suggestions. Kind regards, Stefan

3 years, 8 months

[Djigzo users] Ciphermail crashes regularly

by Stefan Michael Guenther

Good morning, on one of our client's server we are running Ciphermail Version: 3.2.7-5. Built: 2017-04-18-21:39. The process crashes every 2-3 days with the following messages in james.wrapper.log: 22 Jan 2018 06:48:13 | INFO Replacing Issuer: CN=VPS-CA-1, O=Bundesagentur fuer Arbeit, C=DE; CRL number: 98378; Thumbprint: 3663997E3157C83F295546E6F84EEFDB0200489FFBE553978634A025715319179681806545A5E105D0E09 1F77EC6EDE4FA7005DFBEDCD53C2EE177A1BCD10CBE; SHA1: 452DE5AA5EC1758AFC2F308C7D388FD1CADCBD96 with Issuer: CN=VPS-CA-1, O=Bundesagentur fuer Arbeit, C=DE; CRL number: 98379; Thumbprint: 0A8290102A6ACD8B7E1EFA7B482 F96F7163A9B8D04F9317968B251036F409E16802863837BF8EF7B610E8015FD7F547A570F852907ABE74206AFDE13573EFBD1; SHA1: 03AE7FA2B4E7A503089EE29D35347A9D56DC650C (mitm.common.security.crl.CRLStoreMaintainerImpl) [CRL Updater thread] 22 Jan 2018 06:48:30 | ERROR Error in certificate request handler thread. (mitm.common.security.ca.CAImpl) [Certificate request handler thread] java.lang.OutOfMemoryError: GC overhead limit exceeded 22 Jan 2018 06:48:31 | ERROR Error reading CRL. Skipping CRL (mitm.common.security.crl.CRLStoreMaintainerImpl) [CRL Updater thread] mitm.common.security.crlstore.CRLStoreException: mitm.common.hibernate.DatabaseException: mitm.common.security.crlstore.CRLStoreException: java.lang.OutOfMemoryError: GC overhead limit exceeded at mitm.common.security.crl.TransactedCRLStoreMaintainer.internalAddCRL(TransactedCRLStoreMaintainer.java:124) at mitm.common.security.crl.CRLStoreMaintainerImpl.addCRLs(CRLStoreMaintainerImpl.java:406) at mitm.common.security.crl.CRLStoreUpdaterImpl.downloadCRLs(CRLStoreUpdaterImpl.java:337) at mitm.common.security.crl.CRLStoreUpdaterImpl.update(CRLStoreUpdaterImpl.java:413) at mitm.common.security.crl.ThreadedCRLStoreUpdaterImpl$Updater.updateCRLStore(ThreadedCRLStoreUpdaterImpl.java:161) at mitm.common.security.crl.ThreadedCRLStoreUpdaterImpl$Updater.access$200(ThreadedCRLStoreUpdaterImpl.java:98) at mitm.common.security.crl.ThreadedCRLStoreUpdaterImpl$Updater$1.doAction(ThreadedCRLStoreUpdaterImpl.java:130) at mitm.common.hibernate.DatabaseActionExecutorImpl$1.doAction(DatabaseActionExecutorImpl.java:164) at mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:81) at mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:158) at mitm.common.security.crl.ThreadedCRLStoreUpdaterImpl$Updater.run(ThreadedCRLStoreUpdaterImpl.java:118) at java.lang.Thread.run(Thread.java:748) Caused by: mitm.common.hibernate.DatabaseException: mitm.common.security.crlstore.CRLStoreException: java.lang.OutOfMemoryError: GC overhead limit exceeded at mitm.common.security.crl.TransactedCRLStoreMaintainer$1.doAction(TransactedCRLStoreMaintainer.java:110) at mitm.common.security.crl.TransactedCRLStoreMaintainer$1.doAction(TransactedCRLStoreMaintainer.java:96) at mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:81) at mitm.common.security.crl.TransactedCRLStoreMaintainer.internalAddCRL(TransactedCRLStoreMaintainer.java:94) ... 11 more Caused by: mitm.common.security.crlstore.CRLStoreException: java.lang.OutOfMemoryError: GC overhead limit exceeded at mitm.common.security.crl.CRLStoreMaintainerImpl.internalAddCRL(CRLStoreMaintainerImpl.java:369) at mitm.common.security.crl.TransactedCRLStoreMaintainer.access$101(TransactedCRLStoreMaintainer.java:53) at mitm.common.security.crl.TransactedCRLStoreMaintainer$1.doAction(TransactedCRLStoreMaintainer.java:107) ... 14 more Caused by: java.lang.OutOfMemoryError: GC overhead limit exceeded 22 Jan 2018 06:48:31 | INFO Trying to download CRL from http://crl.globalsign.com/gspersonalsign2sha2g3.crl (mitm.common.security.crl.CRLDownloaderImpl) [CRL Updater thread] When we start the process, information of the memory is missing: * DJIGZO_HOME=/usr/local/djigzo * Starting CipherMail * Total memory: MB * JVM max memory: MB The system is a Ubuntu 16.04 64bit with 8 GB RAM and 4 GB SWAP. There is only Ciphermail running, together with nearly 20 IPSec VPNs. Shall we fine tune the memory settings of Ciphermail? And if yes, what are recommended settings? Thanks for any suggestions. Best regards, Stefan

3 years, 8 months

[Djigzo users] S/MIME signing

by Craig Andrews

Hello, I have two test users, both with valid root, intermediate, and personal certs with the correct usage entitlements. Both certificates have a white, valid background, For the two users, I have their S/MIME certificates selected in their profile for signing and encryption (though I'm only trying to get signing to work at the moment). I have both forced signing via header "X-Sign" and subject signing via the example in the documentation ( (?i)\[\s*sign\s*\] ). I am using this script to test both the subject and header, and Thunderbird to test the subject by sending a mail via ciphercrypt. #!/usr/bin/env python import smtplib from email.MIMEMultipart import MIMEMultipart from email.MIMEText import MIMEText fromaddr = "user1(a)domain.tld" toaddr = "user2(a)domain.tld" msg = MIMEMultipart() msg['From'] = fromaddr msg['To'] = toaddr msg['Subject'] = "mail subject [sign]" msg['X-Sign'] = "" body = "dummy body message" msg.attach(MIMEText(body, 'plain')) server = smtplib.SMTP('ciphermail.domain.tld', 25) server.ehlo('ciphermail.domain.tld') text = msg.as_string() server.sendmail(fromaddr, toaddr, text) server.quit() I receive the email in the destination inbox, however, it is never signed. I can verify from the headers that the "X-Sign" header is present in the email. Currently the MTA/MPA isn't giving a lot of information to debug. I can see the mail passing through, but there is no mention of an attempt for any extra processing. I was wondering what options in logging I can turn on to help debug this issue. Thanks, Craig

3 years, 9 months

Re: [Djigzo users] DKIM Signing that flows through Ciphermail

by Martijn Brinkers

On 09-01-18 18:22, Paul Bronson wrote: > Okay. How would you advise the built in one be setup? Not sure how that > would work if I have multiple domains that need to be signed and all > separate keys. I tried looking on KB and I am not sure that applies to > me because I have multiple different domains. Yes can configure DKIM on a domain basis. So for every domain you sent email for (and want to DKIM sign for) configure DKIM. Do not configure DKIM on the global level but per domain. > I tried looking on KB and I am not sure that applies to > me because I have multiple different domains. What do you mean with KB? Kind regards, Martijn Brinkers > On Tue, Jan 9, 2018 at 12:19 PM, Martijn Brinkers > <martijn(a)ciphermail.com <mailto:martijn@ciphermail.com>> wrote: > > On 09-01-18 17:53, Paul Bronson wrote: > > The email server is signing message but it seems like as soon as it > > passes through cipher mail, it strips the DKIM signature. > > I'm not aware of any reason why CipherMail strips a DKIM signature. > > Does this happen for all outgoing email? or only for email which is > signed or encrypted? > > Note that if a message is modified by CipherMail, the original DKIM > signature is no longer valid. It is therefore advised to DKIM signing > after encryption/signing (either using the built-in DKIM signer or using > some postfix DKIM signing milter) > > Kind regards, > > Martijn Brinkers > > > > Screenshot for current configuration: https://cl.ly/1i3C232s151e > > > > > > On Tue, Jan 9, 2018 at 10:43 AM, Martijn Brinkers > > <martijn(a)ciphermail.com <mailto:martijn@ciphermail.com> > <mailto:martijn@ciphermail.com <mailto:martijn@ciphermail.com>>> wrote: > > > > On 09-01-18 16:42, Paul Bronson wrote: > > > @martijn are you sure this allows it to pass right through with the > > > settings configured above? (inherit - off) > > > > > > It doesnt seem to want to pass through... > > > > What do you mean with "pass through"? meaning the message is not DKIM > > signed? Or the message is not delivered? > > > > Kind regards, > > > > Martijn Brinkers > > > > > > > On Tue, Jan 9, 2018 at 10:30 AM, Paul Bronson <signaldeveloper(a)gmail.com <mailto:signaldeveloper@gmail.com> > <mailto:signaldeveloper@gmail.com <mailto:signaldeveloper@gmail.com>> > > > <mailto:signaldeveloper@gmail.com > <mailto:signaldeveloper@gmail.com> > > <mailto:signaldeveloper@gmail.com > <mailto:signaldeveloper@gmail.com>>>> wrote: > > > > > > I have a plesk server that is setup to send DKIM-signed > messages. > > > This worked previous to putting in ciphermail. > > > > > > There are many domains on my plesk server sending emails. > > > > > > Do I need to setup something on Ciphermail to allow it > to pass > > through? > > > > > > Screenshot for current configuration: > > https://cl.ly/1i3C232s151e > > > > > > > > > > > > Remember, there are multiple domains on the email server > > behind the > > > ciphermail that is sending email that needs to keep it's > DKIM > > signature > > > > > > > > > > > > -- > > CipherMail email encryption > > > > Email encryption with support for S/MIME, OpenPGP, PDF > encryption and > > secure webmail pull. > > > > https://www.ciphermail.com > > > > Twitter: http://twitter.com/CipherMail > > > > > > > -- > CipherMail email encryption > > Email encryption with support for S/MIME, OpenPGP, PDF encryption and > secure webmail pull. > > https://www.ciphermail.com > > Twitter: http://twitter.com/CipherMail > > -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail

3 years, 9 months

[Djigzo users] DKIM Signing that flows through Ciphermail

by Paul Bronson

I have a plesk server that is setup to send DKIM-signed messages. This worked previous to putting in ciphermail. There are many domains on my plesk server sending emails. Do I need to setup something on Ciphermail to allow it to pass through? Screenshot for current configuration: https://cl.ly/1i3C232s151e Remember, there are multiple domains on the email server behind the ciphermail that is sending email that needs to keep it's DKIM signature

3 years, 9 months

[Djigzo users] Set encryption scheme and signing algorith for certain senders

by Philipp Thielke

Hi Martijn, thanks for adding new encryption scheme and signing algorithm in 3.3.1-0. (RSAES-OAEP) As these are required for German energy market and beyond this not widely supported by many destination systems I would like to configure ciphermail to only use for certain sending (internal) users. Currently I cannot set this. It seems that S/MIME encr. scheme and signing algo. can only be set for (external) receivers. In case of using that feature for enery market there might be 1000 external partners and 1-2 internal senders for whom this feature may be enabled. Any idea how to configure that? Mit freundlichen Grüßen Philipp Thielke

3 years, 9 months

[Djigzo users] DKIM

by Paul Bronson

if my mail server behind my cipher mail server is signing DKIM, does cipher mail strip it?

3 years, 9 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users January 2018