Users

users@lists.ciphermail.com

3 participants
731 discussions

by Vincent Willert

Hello, we are planning to moved from the distribution packages with version 4.11 to Virtual Appliance Version 5.0.4 After creating a backup on the old system I am trying to restore the backup via the Webinterface in 5.0.4 on the virtual appliances. Unfortunately the certificate database doesn't seem to be imported even tough it should be in the backup file. Other MTA-settings are imported properly. I think it could be related to the old version using Postgres and the virtual appliance uses MYSQL - but I am not sure of that. I also tried importing with the backup.sh script - but still the certificates are not showing up in the webinterface. Does anybody have an idea how to import the file and keep the certificate database? Mit freundlichen Grüßen, Best Regards, Vincent Willert

1 week, 5 days

Ciphermail nginx proxy

by Dima Kovalyov

Hello Ciphermail, We've put the encryption gateway behind nginx proxy (full configuration attached). Sample: > location / { > proxy_pass https://192.168.0.1:8443/; > proxy_http_version 1.1; > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection 'upgrade'; > proxy_set_header Host $host; > proxy_cache_bypass $http_upgrade; > proxy_intercept_errors on; > > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $remote_addr; However when a new user accesses PDF Portal they are presented with a Login page instead of "Create new password" page for the user. Also, inside the portal, some of the features like accessing system logs return a page with no style (screenshot attached). Can you please advise what nginx configuration we can try to make Ciphermail work behind it?

1 week, 6 days

How to upgrade ciphermail ?

by Christoph Adomeit

Hi, I have a ciphermail installation Version: 4.1.2-1. Built: 2018-06-07-11:11. on Standard Debian 8.11 running under postgres. What is the best way to update to Debian 11 and current djigzo_5.0.4_all.deb What I did so far was: Create a backupp va webgui from old ciphermail Install blank debian10 and all ciphermail packages restore the backup on the new server on tzhe shell using /usr/share/djigzo/scripts/backup.sh script. The result is: Error message: Render queue error in SetupRender[Users:grid]: Error invoking service builder method mitm.djigzo.web.services.SoapModule.buildUsersWS(UsersWSProxyFactory, ApplicationStateManager) (at SoapModule.java:765) (for service 'UsersWS'): org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service. What am I doing wrong ? What is the correct way for updating ciphermail ?

2 weeks, 2 days

PGP not decrypted but log states "Message has been PGP decrypted"

by wilson.meier＠gmail.com

Hi everyone, I'm not sure what exactly is going on here. An external sender did send an email which is PGP Inline encrypted with our public key. His attached public key has been automatically imported but not trusted yet, as there is no automatic mechanism to do so. Cipermail Version 5.0.4 The log states: 06 Aug 2021 10:47:05 | INFO incoming; MailID: 96a3f2d1-a2ac-46da-abfd- f1afda2de434; Recipients: [example(a)domain.tld]; Originator: sender(a)external.tld; Sender: sender(a)external.tld; Remote address: XXX.XXX.XXX.XXX; Subject: Some Subject; Message-ID: <5285c5f4d0274c328350c62b0d49dd38(a)FDSFSDAFASDFA.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] 06 Aug 2021 10:47:05 | INFO Subject filter is disabled for the sender; MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients: [example(a)domain.tld] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 06 Aug 2021 10:47:05 | INFO To internal recipient(s); MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients: [example(a)domain.tld] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 06 Aug 2021 10:47:05 | WARN PGP/INLINE signature was not valid; Failure message: Public key not found in trust list.; MailID: 96a3f2d1- a2ac-46da-abfd-f1afda2de434 (mitm.common.security.openpgp.PGPRecursiveValidatingMIMEHandler) [Spool Thread #2] 06 Aug 2021 10:47:05 | WARN PGP/INLINE signed message contained mixed content; MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434 (mitm.common.security.openpgp.PGPRecursiveValidatingMIMEHandler) [Spool Thread #2] 06 Aug 2021 10:47:05 | INFO Message has been PGP decrypted; MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients: [example(a)domain.tld] (mitm.application.djigzo.james.mailets.PGPHandler) [Spool Thread #2] 06 Aug 2021 10:47:05 | INFO Message handling is finished. Sending to final recipient(s); MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients: [example(a)domain.tld]; Originator: sender(a)external.tld; Sender: sender(a)external.tld; Remote address: XXX.XXX.XXX.XXX; Subject: Some Subject; Message-ID: <5285c5f4d0274c328350c62b0d49dd38(a)FDSFSDAFASDFA.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] One line says "Failure message: Public key not found in trust list" but the following message says "Message has been PGP decrypted". Still the mail reaches the user mailbox in encrypted sate. Either the obviously wrong success message is a bug or something i don't understand is going on. From my point of view a failure to check the signature shouldn't stop decryption. Or am i wrong? Any ideas? Is automatic key trust or at least an option to allow untrusted keys to be used on the Roadmap? Regards Wilson

3 weeks, 4 days

Re: Import of p7b files fails

by Stefan Günther

----Ursprüngliche Nachricht----- > Von: Martijn Brinkers <martijn(a)ciphermail.com> > Gesendet: Montag 23. August 2021 6:50 > An: users(a)lists.ciphermail.com > CC: Stefan Michael Guenther <s.guenther(a)in-put.de> > Betreff: Re: [CipherMail User] Import of p7b files fails > > On Fri, 2021-08-13 at 14:17 +0000, Stefan Günther via Users wrote: > > Hello, > > > > I setup Ciphermail 5.0.4 on Ubuntu 20.4 with Tomcat 9.0.31 and > > openjdk 11.0.11 > > > > Importing a certificate from the current (old) Ciphermail is no > > problem. But when I select more than one certificate, the file > > certificates.p7b is created (which is technically okay) and the > > import fails with the message " There was an error uploading the > > certificate file. Cause: Processing of multipart/form-data request > > failed. Stream ended unexpectedly " > > I just tested this is on a fresh installation of CipherMail on Ubutnu > 20.04 and it works for me. > > Which browser are you using? > I just got a phone call from a company using Ciphermail. They installed the current Ciphermail on a Debian 10 and tried to import a 180 MB backup, using Windows and Edge. The reason why they called us ist, that they received the same error message as we did. I doubt, that the problem is related to the size, because our backup has a size of only 22 MB and the p7b file only has 37KB. Kind regards, Stefan

1 month, 3 weeks

Import of p7b files fails

by Stefan Günther

Hello, I setup Ciphermail 5.0.4 on Ubuntu 20.4 with Tomcat 9.0.31 and openjdk 11.0.11 Importing a certificate from the current (old) Ciphermail is no problem. But when I select more than one certificate, the file certificates.p7b is created (which is technically okay) and the import fails with the message " There was an error uploading the certificate file. Cause: Processing of multipart/form-data request failed. Stream ended unexpectedly " In /var/log/tomcat9/catalina.2021-08-13.log I find the following errors: 13-Aug-2021 15:39:31.589 INFO [https-jsse-nio-8443-exec-3] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:533) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:829) The same error appears when I try to import the suggested CA certficate list from Mozilla (https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBits…). What am I doing wrong? Thanks for any suggestions & hints, Stefan

1 month, 3 weeks

Re: Import of p7b files fails

by Stefan Günther

Hello, I now also get an error when I try to import the backup of a CM 4.8.0 installation on 5.0.4: Type Exception Report Message Invalid character found in method name. HTTP method names must be tokens Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). Exception java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:416) org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260) org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639) org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) java.base/java.lang.Thread.run(Thread.java:829) A confusing detail is the url in the address line of the browser: https://192.168.22.170:8443/ciphermail/accessdenied I have tried this as root. Thanks for any hints & suggestions. Best whishes, Stefan

1 month, 4 weeks

Double encryption?

by Jeremy Hansen

Working through a new installation using the community edition packages. I noticed if I sent a message that is encrypted at the client, ciphermail will encrypt that message again and the original message is sent as an attachment. I also noticed if I send a message from a host using something like mailx, the body of the message is never included in the email. Sending from a client and allowing ciphermail to do the encryption seems to work fine. Also noticing this error in the logs: _sasl_plugin_load failed on sasl_canonuser_init Jul 14 20:27:31 cmx01.la1.clx.corp postfix/smtp[2250]: ldapdb A little confusing because I’m not using ldap. Thanks!

2 months, 2 weeks

No longer able to authenticate via PAM

by Jeremy Hansen

I’m no longer able to login as root via the ciphermail web portal. I’m not sure what happened or how to debug but suddenly I can’t login. It was working fine initially. I’m using Red Hat packages for 5.0.4. Jul 16 20:52:59 cmx01 ciphermail-gateway-backend[2991]: 16 Jul 2021 20:52:59 | WARN [Admin Login] Authentication failure: Bad credentials, Source: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1f: Principal: sa; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 10.10.10.2; SessionId: EB6F7486DC93FC9513F7AB0836D3158D; Not granted any authorities (mitm.common.event.EventLoggerImpl) [defaultEventExecutorGroup-4-2] Jul 16 20:52:59 cmx01 ciphermail-gateway-backend[2991]: 16 Jul 2021 20:52:59 | INFO Certificate request handler thread started. (mitm.common.security.ca.CAImpl) [Certificate request handler thread] Is there a way I can add a user to the db just so I’m able to login? Thanks -jeremy

3 months

PAM authentication

by Stefan Michael Guenther

Hello, how can I check on the command line, whether the pam authentication is still activated? And if not, how can I activate it on the command line? Regards, Stefan ******************************************** in-put GbR - Das Linux-Systemhaus Stefan Michael Guenther Geschaeftsfuehrer Kurze Steig 31 D-75179 Pforzheim https://www.in-put.de/ *******************************************

3 months, 2 weeks

Jump to page:

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users