Users June 2021

users@lists.ciphermail.com

7 participants
6 discussions

by Jorge Gonzalez

Hi people, I'm having trouble sending encrypted PGP emails to the user of key with ID 0xd465eef3f810745c (attached). I have imported and trusted it in Ciphermail, and then tried to send test emails with no success. At first I thought it was something related with the "é" or "()" characters ("e" with a tilde), but I created a test PGP key with similar characters in it, and everything worked fine with the test key. My personal PGP key (0xaa976e29616d42d4) when imported in Ciphermail shows in exactly the same way as the problematic one (except the obviousfields: fingerprint, associated emails, dates, etc.), but test emails addressed to both keys work fine for my key but not for the other. Any ideas on what's special about this key that may prevent it from working correctly? Thanks Jorge -- *Jorge Gonzalez Villalonga* Systems Engineer *The International Consortium of Investigative Journalists* <https://www.icij.org> 1710 Rhode Island Ave NW, 11th floor | Washington DC 20036 | United States Phone: +34 672 173 200 (Madrid, Spain)

1 year

Updating the virtual appliance

by Stefan Michael Guenther

Hi, during the past years we "updated" CipherMail installations by installing a new virtual machine and imported the backup of the running system. But what about performing an in-place update? Let's say we have version 4.5 running with the following packages installed: djigzo-network-4.5.0-0.noarch djigzo-web-4.5.0-0.noarch djigzo-log-4.5.0-0.noarch djigzo-web-network-4.5.0-0.noarch djigzo-web-log-4.5.0-0.noarch djigzo-gateway-console-4.5.0-0.noarch djigzo-4.5.0-0.noarch Installing the rpm packages for version 4.11 (rpm -U djigzo-4.11.0-0.noarch.rpm djigzo-web-4.11.0-0.noarch.rpm) only updates two packages in that list: djigzo-network-4.5.0-0.noarch djigzo-web-4.11.0-0.noarch <----- !! djigzo-log-4.5.0-0.noarch djigzo-web-network-4.5.0-0.noarch djigzo-web-log-4.5.0-0.noarch djigzo-gateway-console-4.5.0-0.noarch djigzo-4.11.0-0.noarch <----- !! Should I be concerned about the mix of version? May it cause any trouble? Thanks for any suggestions or comments, Stefan

1 year

Invalid jms.xml

by l.bertoncello＠queo-group.com

Hi! I'm trying to update Ciphermail from version 4.8.0 to the latest 5.0.2. Since we use Exim, and the DEB-Packages require Postfix, I downloaded the TAR.GZ files. I extracted them and started djigzo. Unfortunately it does not start and in james.wrapper.log I see these errors: 07 Jun 2021 10:00:21 | INFO Loading XML bean definitions from file [/opt/djigzo/conf/spring/jms.xml] (org.springframework.beans.factory.xml.XmlBeanDefinitionReader) [Phoenix-Monitor] org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleException: Component named "djigzo" failed to pass through the Parameterizing stage. (Reason: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from relative location [jms.xml] Offending resource: file [/opt/djigzo/conf/spring/djigzo.xml]; nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 1 in XML document from file [/opt/djigzo/conf/spring/jms.xml] is invalid; nested exception is org.xml.sax.SAXPar seException; systemId: http://activemq.apache.org/schema/core/activemq-core.xsd; lineNumber: 1; columnNumber: 50; White spaces are required between publicId and systemId.). at org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleHelper.fail(LifecycleHelper.java:354) at org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleHelper.startup(LifecycleHelper.java:226) at org.apache.avalon.phoenix.components.application.DefaultApplication.startup(DefaultApplication.java:530) at org.apache.avalon.phoenix.components.application.DefaultApplication.doRunPhase(DefaultApplication.java:478) at org.apache.avalon.phoenix.components.application.DefaultApplication.runPhase(DefaultApplication.java:409) at org.apache.avalon.phoenix.components.application.DefaultApplication.start(DefaultApplication.java:180) at org.apache.avalon.framework.container.ContainerUtil.start(ContainerUtil.java:260) at org.apache.avalon.phoenix.components.kernel.DefaultKernel.startup(DefaultKernel.java:295) at org.apache.avalon.phoenix.components.kernel.DefaultKernel.addApplication(DefaultKernel.java:376) at org.apache.avalon.phoenix.components.deployer.DefaultDeployer.deploy(DefaultDeployer.java:357) at org.apache.avalon.phoenix.components.embeddor.DefaultEmbeddor.deployFile(DefaultEmbeddor.java:542) at org.apache.avalon.phoenix.components.embeddor.DefaultEmbeddor.deployFile(DefaultEmbeddor.java:535) at org.apache.avalon.phoenix.components.embeddor.DefaultEmbeddor.deployFiles(DefaultEmbeddor.java:520) at org.apache.avalon.phoenix.components.embeddor.DefaultEmbeddor.deployDefaultApplications(DefaultEmbeddor.java:509) at org.apache.avalon.phoenix.components.embeddor.DefaultEmbeddor.execute(DefaultEmbeddor.java:268) at org.apache.avalon.phoenix.frontends.CLIMain.run(CLIMain.java:198) at java.lang.Thread.run(Thread.java:748) Caused by: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from relative location [jms.xml] The file jms.xml is the original one from the TAR.GZ and, as I checked, from the DEB-Packages, too. Can someone help me? Thanks a lot Luca

1 year

HTML PDF Encrypted e-mail

by Dino Edwards

Hi, I was wondering if it's possible to send HTML encoded PDF encrypted e-mail. I noticed that embedded images in the e-mail do not show up. Is this an issue with the PDF viewer or ciphermail not processing HTML e-mail? Is it a security issue? Thanks in advance

1 year

Re: Two sites, two CipherMail servers, two database servers - what's the simple(st) solution?

by Prof. Dr. Michael Schefczyk

Dear All, I can confirm that a MariaDB Galera cluster does work well. My own experience is from being a two location SOHO user. I run mailservers on both premises. My outbound mail is 50:50 from both locations and my inbound mail is ca. 95:5. My setup from an outside perspective is an ASSP server first, then a ChipherMail server and then a Kopano Mailserver. I have a three node MariaDB Galera cluster based on standard Debian 10 packages on three virtual machines, two in my primary location and one in the secondary location. The OpenVPN connection is performing sufficiently well for the cluster. Regards, Michael Schefczyk -----Ursprüngliche Nachricht----- Von: Martijn Brinkers via Users <users(a)lists.ciphermail.com> Gesendet: Mittwoch 2 Juni 2021 10:51 An: users(a)lists.ciphermail.com CC: tbahn(a)assono.de; Martijn Brinkers <martijn(a)ciphermail.com> Betreff: [CipherMail User] Re: Two sites, two CipherMail servers, two database servers - what's the simple(st) solution? On Tue, 2021-06-01 at 05:24 +0000, tbahn--- via Users wrote: > We have two sites each with an MTA and MX record. We think about > introducing CipherMail into our infrastructure. > > Obviously, there is a way using MariaSQL/MySQL and Galera Cluster, > HAproxy, ... to create a "real" cluster. With at least three nodes > and a lot of overhead, this seems to be a little too much for our use > case. > > I thought of a solution with PostgreSQL, backup, transfer backup to > the other site, restore there, automated as a cron job. > Configuration would only be possible on the "master" site, but that's > okay. > The database on the "slave" site would be overwritten regularly. > > In your opinion, what do you think would be a simple solution for my > use case? > Would my idea even work? The best setup is to use a master/master database like Galera. If you use a primary and secondary server, you need to make sure you never write data to the secondary server because that will be overwritten when the primary server syncs to the secondary server. The secondary server will add or update the database in various cases. For example if you receive digitally signed email, the certificate will be extracted and added to the database. Or, if you send a PDF encrypted email with the password auto-generated, a user object for the recipient will be added. If this happens on the secondary server, those changes will be overwritten. The best setup is therefore to use a master/master database. If you use a primary/secondary database, make sure all database changes are applied to the primary database. This requires that a fail-over is done to the secondary when the primary fails. If you can be certain that changes are only applied to one database (primary), then you can periodically sync the primary to the secondary database without fail-over. Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF Messenger and Webmail Messenger

1 year, 1 month

Two sites, two CipherMail servers, two database servers - what's the simple(st) solution?

by tbahn＠assono.de

We have two sites each with an MTA and MX record. We think about introducing CipherMail into our infrastructure. Obviously, there is a way using MariaSQL/MySQL and Galera Cluster, HAproxy, ... to create a "real" cluster. With at least three nodes and a lot of overhead, this seems to be a little too much for our use case. I thought of a solution with PostgreSQL, backup, transfer backup to the other site, restore there, automated as a cron job. Configuration would only be possible on the "master" site, but that's okay. The database on the "slave" site would be overwritten regularly. In your opinion, what do you think would be a simple solution for my use case? Would my idea even work?

1 year, 1 month

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users June 2021