On Jul 22, 2021, at 7:26 PM, Jeremy Hansen via Users
<users(a)lists.ciphermail.com> wrote:
Here’s the full headers of my message:
Return-Path: <jeremy(a)coldlogix.com>
Delivered-To: jeremy(a)losangelesrecording.com
Received: from mx1.la1.clx.corp
by mx1.la1.clx.corp with LMTP
id 0eMYEMQX+mD9BAIAzivOYw
(envelope-from <jeremy(a)coldlogix.com>)
for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:40 -0700
Received: from localhost (localhost [127.0.0.1])
by mx1.la1.clx.corp (Postfix) with ESMTP id E5761412E05
for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:39 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.la1.clx.corp E5761412E05
X-Virus-Scanned: amavisd-new at
coldlogix.com
Received: from
smtp.coldlogix.com ([127.0.0.1])
by localhost (
smtp.coldlogix.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 3RyMjMJsZQrY for <jeremy(a)losangelesrecording.com>om>;
Thu, 22 Jul 2021 18:13:36 -0700 (PDT)
Received: from
smtp.coldlogix.com (cmx01.la1.clx.corp [192.168.30.23])
by mx1.la1.clx.corp (Postfix) with ESMTPS id 6F1F74C3589
for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:28 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.la1.clx.corp 6F1F74C3589
Received: from cmx01.la1.clx.corp (localhost [127.0.0.1])
by
smtp.coldlogix.com (CipherMail) with ESMTP id 4GWBCX1P3Rz2SSxp
for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:28 -0700 (PDT)
Received: from
mail.subtraverse.net (netman.subtraverse.intra [192.168.10.10])
by
smtp.coldlogix.com (CipherMail) with ESMTP id 4GWBCW49cKz2SSxp
for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:27 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
by
mail.subtraverse.net (Postfix) with ESMTP id 5C3F2146F9E
for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:27 -0700 (PDT)
Received: from
mail.subtraverse.net ([127.0.0.1])
by localhost (
mail.subtraverse.net [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id mmNPq8Z2mIx2 for <jeremy(a)losangelesrecording.com>om>;
Thu, 22 Jul 2021 18:13:26 -0700 (PDT)
Received: from smtpclient.apple (unknown [10.10.10.2])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by
mail.subtraverse.net (Postfix) with ESMTPSA id 55C27146F9C
for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:26 -0700 (PDT)
Date: Thu, 22 Jul 2021 21:13:25 -0400
From: Jeremy Hansen <jeremy(a)coldlogix.com>
To: jeremy(a)losangelesrecording.com
Message-ID: <7ECACFC9-40EB-4080-A8A8-69C9AE105155(a)coldlogix.com>
Subject: Test
MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="----=_Part_8_1019438032.1627002808114"
X-Virus-Scanned: amavisd-new at
subtraverse.net
DKIM-Filter: OpenDKIM Filter v2.11.0
mail.subtraverse.net 55C27146F9C
X-Mailer: Apple Mail (2.3654.100.0.2.22)
X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,ENCRYPTED_MESSAGE
autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mx1.la1.clx.corp
------=_Part_8_1019438032.1627002808114
Content-Type: application/pgp-encrypted
Content-Transfer-Encoding: 7bit
Content-Description: PGP/MIME version identification
Version: 1
------=_Part_8_1019438032.1627002808114
Content-Type: application/octet-stream; name=encrypted.asc
Content-Transfer-Encoding: 7bit
Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc"
Content-Type: multipart/encrypted;
boundary="Apple-Mail=_7D9B459F-746A-4970-8672-402CD4581A22";
protocol="application/pgp-encrypted"
This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)
--Apple-Mail=_7D9B459F-746A-4970-8672-402CD4581A22
Content-Transfer-Encoding: 7bit
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME Versions Identification
Version: 1
--Apple-Mail=_7D9B459F-746A-4970-8672-402CD4581A22
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename=encrypted.asc
Content-Type: application/octet-stream;
name=encrypted.asc
Content-Description: OpenPGP encrypted message
-----BEGIN PGP MESSAGE-----
hQIMA8de+J6NLzLYAQ/5AU3DMoY1Sc/gGUptX2K2cEZ2MaPfG5uJjr9d02HDlma1
UXc4K9TDd+ym3u06r5sLf3R+IAkot5shms5PCGsjqnhPEUtJwxp9cA4peL40OH+z
qQfSOMqnD9MzW5qgM28+fj8R4C1R9OeZrBwcUS9MatIch2fqW6dNZcHEOcxThEOG
ek/Qv58fAbZCv5QUmn8FyELDw3E6Ms4W/9slViG45gLminVSl7ZeAGSdsOjnwG0Q
3rWb4ARWVsu/69U/Fjltf46krS3UGdFyNh7xyg+YRfAiigLOa+LawIJ18ct9TgDq
bnh9u4fa3CJ4rwLiLFskwhEk0bVRf9XgSmTZtUQku652xlCmGNmmyfzwfOhBfdXT
uDufDOpi94JV8W/Q+Bsul0VKVCzVpCO4vJUxMNry9U3YAXplFaaLhgZjnwm8/IU9
8wVJF5U9DZ16rOYiQqG0BlSkuigmyhV4YztM1iNxYnODzQb/svrCFYkhSZZzNyAe
PKJzliFTZ7KbiCbwkSdWLIjESoJROnaxGeMctC1tB0Ah2l2Vf7UWJSrJgkcqtV96
SsjCZasTtOlK1kozzdZ9OVKJyVzrA8SkKIR1DwCL71P/0SnqXBBRb30xg3v0PZS9
79L818dMlkpn0gT3wKn4vMjXlHgbJax9Pp0A89c4hPNnrc8fQn35TvaxiD0IhTiF
AgwDYm7YRE3NdeYBD/9GwYDpbx3GuHof3sumG2gzGWCnT3w83x12xuGGnU3FmVdX
WqIuIe2Q3dtA0hltWI1r4YlA5xEymVrFsr1e4DIwHVlljRcTk0tOWxWLHSjjc41B
RLhN1Qh0J3O/xPIs62riSc4Gkr160z5oz3ojR6gmW8gHyltMdBf6l4lyM9vojc++
nFHhBdOeBOoUlWZXFp96RBfeVVWAYDS3oQjLRPfsKY5AQL9V5WsCRhQHCSbatnua
xwHyIlsF5wbcIOnRwitjYVlUqOOXHGJTWG8/9maAOUFuzR8JZZ9GuMsiFPljlPKk
XP+Fq1Maa5dz4pnySMTOuNe/s1hiXDOb+sFzXx0nHDJvM3SKq1hKvFXMpv0Rg9Kp
L3YYwqdIlo53tEAAEsHmBUUNEk2zKFn6OiBHBXNgge8AiEPbmO+bylG0rl4oNwY7
kVvJw8vi59V08H6h92GSwosD3tJCj1xsjVpJ09kUKijk9RgrbjQGsgnZWLsDY5Hp
2CKT+BHehaQ96xiW8wro609h4d2bcdKDK5cU9r6yGgcM84etZ8X3hWhbJYwJEeVB
mCltyc62KvqKRhktvs4xxFgloZYTcoWlLK8auriATVxO8nBS6Cn7zrpEG65isY4W
4PBX6ct0OMrcD56RTouGwFOiLjype0vzLk9zhOJ9GbM7RLjCgm/MvWdhKxySjNLp
ATDVnNsfZdMJoRaKaFQSQhgu8t++C5AUrYIZDsrtmq0txODgdG7L2u2wQCHFV9Y/
5KBB04RLfiKH2GL41bf1CkxaZX6f/ZrJBDvY3xMIA2CIrvB9yx/Z6XFi1vtJ8M/A
f2at7u959FbVBVxw/L6LVU9xMD/2w+FBeucDuPWDPbQDpWa2IibZlQYAeJS3lcLv
6KDg4EU72jA2hTQb2COxneZUhtCsep6GC7cuGnaIk0qv6UhOIKSWfIA4TkJoiPi+
QrE3wJ8fELGgZcyAhHkulvdXf61ts6fK9xQVdfUgaJxUdUvKWBC5QjTDXMjc2faP
5erzlfGXDpNunKik6rmZxhrgs1y4oP9JT8EQI+esvVSeuMaqzn2h1lYpUIuDKE4K
lsXNl+8Cro0k46Tgjccdo5kANJxMm3BvwZ98vFVwaBF28pp4x+nsJyJ+DMA0xUnb
52jJDKjo8gS4P95PAjL7ZdjBByY/lKFhWGHcxSUAJ0H7cJJdrCV/lrX7neeaPtcM
qTVsTW4ObWEfD2RqAtAngxO9oWyWU95SKnpz31VQIgfOeOMtJrkIYGQbGQg4eLIZ
UAQamiawgxxg6FLJbKZiiT3pnG4i84DV8rD42Q4nIlkDU71fDSpz9b7h110UIqeb
GrqUW0XVDgDdp4TjKQ1iPhw65J+R+mdUeg9WftHonxbBKg1Qd2fm3htYm1qtMCg7
gnXsZ7ufH4V4PwtJDRNumEmePZcfU3SpgMo1LJkhnyTID4rofIRn+lnRX51/RGj5
E1525t0irN5bfzjMUWCPG8Sq+6ENoUHoFJcaOn/Y7c+rIK4L/H3zPTpqr4Rs6e6y
BNy36ZrOCyAOFdSdAUz5XwTCAN4Mha3joCcDQ4PKTwjijLc69fqbgt+ovjntVNMJ
YxN2MH1c+0DA0oGd2/hdraAifEmLakZIiNfNex4gWGOm2jRlvaGVQnjUucQ1eqmH
imrO+wFRXAa90jjR2wXnDg2egCbZ/Wit+FTUiMWBAuvv1kdo1MUIkoqi7ehTLYUO
12756gYu/cY8f/uxtDZ+n8UP8YbbLlwVI70aibKb2wAQkGEF1PL3iVjvYwnD/ViE
3kWpVaxfr7sQ231Ki58oDfkbQysR+F13Kk9se7a8MWGvIEnhX2v0fMF2kWhfKjCW
naewmZLdTbxop0SZRC0xtug3vEQ2TZizihZ/OObOA+D6JUA4OLJ/T3uvWIYSDxt+
P8zV+hIsUn/LCcSDyq3LZ/n5r9LYmjOd5BVcqn3SVafHHN439Y8x8rQnKjqu4yNn
kL8qqrrH5KR8NOMyp43veLt1VbpBCDSf7M2Mn5J+i6k6abhpsB1KPxXOmx8=
=s4+/
-----END PGP MESSAGE-----
--Apple-Mail=_7D9B459F-746A-4970-8672-402CD4581A22--
------=_Part_8_1019438032.1627002808114--
The message is being encrypted initially on the client side using Apple Mail and the GPG
Suite plugin for MacOS.
Here is my postfix configuration on the ciphermail host:
djigzo_myhostname =
smtp.coldlogix.com
djigzo_mydestination =
djigzo_mynetworks = 192.168.10.0/24, 192.168.50.0/24, 192.168.100.0/24, 192.168.200.0/24,
192.168.30.0/24, 10.10.10.0/27
djigzo_relayhost = mx1.la1.clx.corp
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_relay_domains =
losangelesrecording.com
djigzo_before_filter_message_size_limit = 0
djigzo_calculated_after_filter_message_size_limit = 0
djigzo_after_filter_message_size_limit =
${djigzo_calculated_after_filter_message_size_limit}
djigzo_mailbox_size_limit = 512000000
djigzo_smtp_helo_name =
smtp.coldlogix.com
djigzo_relay_transport_host = mx1.la1.clx.corp
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains = relay_domains
djigzo_rbl_clients =
djigzo_calculated_queue_minfree = 0
myhostname = ${djigzo_myhostname}
mydestination = ${djigzo_mydestination}
mynetworks = 127.0.0.0/8, [::1]/128, ${djigzo_mynetworks}
relay_domains = ${djigzo_relay_domains}
parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains}
smtp_helo_name =
${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}}
relay_transport =
relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}}
relayhost =
${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code}
smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn
smtpd_etrn_restrictions = reject
local_transport = error:local mail delivery is disabled
local_recipient_maps =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
message_size_limit = ${djigzo_after_filter_message_size_limit}
mailbox_size_limit = ${djigzo_mailbox_size_limit}
queue_minfree = ${djigzo_calculated_queue_minfree}
smtpd_authorized_xforward_hosts = 127.0.0.1/32
content_filter = djigzo:[127.0.0.1]:10025
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
tls_preempt_cipherlist = yes
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = $smtpd_tls_protocols
smtpd_tls_exclude_ciphers = AESCCM8, aNULL, ARIA, DES, DSS, eNULL, EXPORT, IDEA, MD5,
PSK, RC4, SEED
smtp_tls_CAfile = /etc/pki/ca-trust/extracted/pem/ColdLogixCA-chain.pem
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_protocols = $smtpd_tls_protocols
smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd
smtp_sasl_type = cyrus
smtp_sasl_security_options =
mail_name = CipherMail
smtpd_banner = $myhostname ESMTP $mail_name
append_dot_mydomain = no
biff = no
recipient_delimiter = +
notify_classes =
enable_long_queue_ids = yes
smtp_address_preference = ipv4
and master.cf:
smtp inet n - n - - smtpd
-o message_size_limit=${djigzo_before_filter_message_size_limit}
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
djigzo unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=
cleanup_reinject unix n - n - 0 cleanup
-o hopcount_limit=100
127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_tls_security_level=
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8
-o cleanup_service_name=cleanup_reinject
smtps inet n - y - - smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_tls_security_level=
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8
-o cleanup_service_name=cleanup_reinject
submission inet n - y - - smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_tls_security_level=
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8
-o cleanup_service_name=cleanup_reinject
127.0.0.1:10027 inet n - n - 10 smtpd
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_tls_security_level=
-o mynetworks=127.0.0.0/8
-o syslog_name=postfix/10027
-o message_size_limit=${djigzo_before_filter_message_size_limit}
All settings from the Ciphermail interface is set up with “inherit” for all the options.
Using version 5.0.4:
rpm -qa | grep djig
djigzo-web-5.0.4-1.noarch
djigzo-5.0.4-1.noarch
Mail is set to relay to another postfix host for its final destination.
-jeremy
On Jul 20, 2021, at 9:30 AM, Jeremy Hansen via
Users <users(a)lists.ciphermail.com> wrote:
On Jul 20, 2021, at 7:56 AM, Martijn Brinkers via
Users <users(a)lists.ciphermail.com> wrote:
On Thu, 2021-07-15 at 01:13 -0400, Jeremy Hansen
via Users wrote:
I noticed if I sent a message that is encrypted at the client,
ciphermail will encrypt that message again and the original message
is sent as an attachment.
What type of encryption is applied at the client side and what
encryption is applied server side?
PGP on both sides.
I also noticed if I send a message from a host
using something like
mailx, the body of the message is never included in the email.
What do you mean with "the body of the message is never included in the
email"?
echo test | mail -s Test jeremy(a)losangelesrecording.com
The message comes through encrypted but I don’t see “test” in the body of the email.
Thank you!
>
> Kind regards,
>
> Martijn Brinkers
>
> --
> CipherMail email encryption
> Email encryption with support for S/MIME,
> Ope
> nPGP, PDF Messenger and Webmail Messenger
>