Double encryption?

List overview All Threads
Download

newer

older

Re: Import of p7b files fails

No longer able to authenticate via...

Jeremy Hansen

15 Jul 2021 15 Jul '21

7:13 a.m.

Working through a new installation using the community edition packages. I noticed if I sent a message that is encrypted at the client, ciphermail will encrypt that message again and the original message is sent as an attachment. I also noticed if I send a message from a host using something like mailx, the body of the message is never included in the email. Sending from a client and allowing ciphermail to do the encryption seems to work fine. Also noticing this error in the logs: _sasl_plugin_load failed on sasl_canonuser_init Jul 14 20:27:31 cmx01.la1.clx.corp postfix/smtp[2250]: ldapdb A little confusing because I’m not using ldap. Thanks!

Show replies by date

Jeremy Hansen

23 Jul 23 Jul

3:26 a.m.

Here’s the full headers of my message: Return-Path: <jeremy(a)coldlogix.com> Delivered-To: jeremy(a)losangelesrecording.com Received: from mx1.la1.clx.corp by mx1.la1.clx.corp with LMTP id 0eMYEMQX+mD9BAIAzivOYw (envelope-from <jeremy(a)coldlogix.com>) for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:40 -0700 Received: from localhost (localhost [127.0.0.1]) by mx1.la1.clx.corp (Postfix) with ESMTP id E5761412E05 for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:39 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.la1.clx.corp E5761412E05 X-Virus-Scanned: amavisd-new at coldlogix.com Received: from smtp.coldlogix.com ([127.0.0.1]) by localhost (smtp.coldlogix.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RyMjMJsZQrY for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:36 -0700 (PDT) Received: from smtp.coldlogix.com (cmx01.la1.clx.corp [192.168.30.23]) by mx1.la1.clx.corp (Postfix) with ESMTPS id 6F1F74C3589 for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:28 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.la1.clx.corp 6F1F74C3589 Received: from cmx01.la1.clx.corp (localhost [127.0.0.1]) by smtp.coldlogix.com (CipherMail) with ESMTP id 4GWBCX1P3Rz2SSxp for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:28 -0700 (PDT) Received: from mail.subtraverse.net (netman.subtraverse.intra [192.168.10.10]) by smtp.coldlogix.com (CipherMail) with ESMTP id 4GWBCW49cKz2SSxp for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:27 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.subtraverse.net (Postfix) with ESMTP id 5C3F2146F9E for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:27 -0700 (PDT) Received: from mail.subtraverse.net ([127.0.0.1]) by localhost (mail.subtraverse.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id mmNPq8Z2mIx2 for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:26 -0700 (PDT) Received: from smtpclient.apple (unknown [10.10.10.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.subtraverse.net (Postfix) with ESMTPSA id 55C27146F9C for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:26 -0700 (PDT) Date: Thu, 22 Jul 2021 21:13:25 -0400 From: Jeremy Hansen <jeremy(a)coldlogix.com> To: jeremy(a)losangelesrecording.com Message-ID: <7ECACFC9-40EB-4080-A8A8-69C9AE105155(a)coldlogix.com> Subject: Test MIME-Version: 1.0 Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="----=_Part_8_1019438032.1627002808114" X-Virus-Scanned: amavisd-new at subtraverse.net DKIM-Filter: OpenDKIM Filter v2.11.0 mail.subtraverse.net 55C27146F9C X-Mailer: Apple Mail (2.3654.100.0.2.22) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,ENCRYPTED_MESSAGE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mx1.la1.clx.corp ------=_Part_8_1019438032.1627002808114 Content-Type: application/pgp-encrypted Content-Transfer-Encoding: 7bit Content-Description: PGP/MIME version identification Version: 1 ------=_Part_8_1019438032.1627002808114 Content-Type: application/octet-stream; name=encrypted.asc Content-Transfer-Encoding: 7bit Content-Description: OpenPGP encrypted message Content-Disposition: inline; filename="encrypted.asc" -----BEGIN PGP MESSAGE----- Version: CipherMail (5.0.4) hQIMA2Ju2ERNzXXmARAAhBNlL6BB6nc148QUFQy4u6CIiw1M2a+wKfhlrA5Mnpnx tbkHNIPch90gGHFWgH/1fa+PlHfdj+EsYLow+b5+SSSZhrvyDvWCMvky+tJUN0va qeWH8HfEgR2Pwj1/ziSxeUXZr8Kc5FScU/JKN/TEQcdP8mSZwkx146bbXU3a8yUi PRdWc9UCFilN0HoNtZaNcW0Q0TdWySzi9+UFuighD/EqRozKin3Y6iKvb3zZxFIj +u5s5FZta+Up9V/LN5CIH7IkbuSNhWMiSszf7zmwdowSyQDwx72a9xB2nndiOaWw W4kcVK9LlcQSusbAVq9xfZ8LjJBNQMHJF84ppRn355tvRVuL6T9YyVnGmVX85G9Y S3S3S5Z6nnNm4u7r6cD1p9dBWIDk8HiTvVjkdZAr+sGhy0Ukxm0Of+pbal+T4cgk kxZHoS100XgTHZJWMzNT9F1WNAZnir4AgdD0P+5Q1uTvCKnWkzPdlxPZ26mwfd4D pRB0W4Jg+uHfhVlgJp6kg0BJdXUQxxtlurk6o/F1GFNVI1WhTQEXzfnfnCNR/NO+ cvhmJhrplZts/3aqC6NSDT/bRsmDvAQbKenUWhUaqYBHkfS9jRl6UuU2jynnqhYS IkVIMbrZS+9LTBYHirhLiYf6S7Sbxh5nXyNlEpeAhCFj5geIi47Y5/ll0+3qu6PS yXABWC9M1+tp0TIkTcimbB8QwnJbDEovY9VQUJp7YKHQsNoixAmH1ZrEVuj3piqq ifqnA84UJvSli7jCZjL4v4EgGnA/wuOHlBN4L1v4OxQrirbEsOYqxR0/6Pmg5pN2 die+pVZHqEU1nSvKLGHV7diTFXGJ7HrXJdRgp9pw+zCoUW2qxiDuZul2bh4FGGUH Qe+XKtmo5PHYZW+y+l3CDW/DlActI9jXD3qng+ZDOJ7iTljCCmKHn84+3aueKv4p Jx0I5Hnm7pfAujR9E/ZSFhYNd6aN4ZMd81ZLey+fvgGpHPD7P75oAVv/8b3pDkRf ro2kaYoCdMZLUCUTtldHQOnjIicSB4O8BQzWNUwCS8ziurnnDKqv7n9iEM9t0Osi 5N5ol0JEPto2KEypAM/e85sKaSYVqP9LdczHj/ZpAsmYTa11i6F+CUZKZ/OFRP6L /3aAnr5NpnSMBwC1+UYTyi7d5z5ZXuupwrSDTpQkbUgqBuEuQIhLmxf33bDFZ0Cl HmxCc4jpW+oeRnGe2GFGfA19rNkAVIDhxEDHkXanxmVV8LuK7Dnx/0A//KkjFUQ4 r6r/rawe1adjIp02jpz6ft8RVQGpS1eVZID+D0w3gi+Era+S6slNi5UbzKuTyvSB tNMhBvV4+Ga6RvvYMxXKs0gTwfUGY2cdRrEUjuh/HpwB5BCqJvXodrsG+V9xm/1t C+VwtMXj7IRzB5d3WJgbG0DMumakwnjX11T30ZK+/J+MA/gWyrpdjsnQuYs+R5+J CeqbmkKjfaQKdsJ6gPl30hhlXQPJEme7RMalm0hMGhv15730U4AsB/KuMEbPtCEp E9Xnc4+aUjlmoDrOD0YgQgH6M8bxMja4xv2PSuU0CMqsXNn3AD8iIPgDHW0Chvyo N16kunwbsbPn/iI3GWKKYAtnkef+tSz0MOnvaamXvvXAJXBSjTtRnN53W8FxHSeL vnPn+/9vFOBEQK62VnexNrVd5sPRLwTU0D6yExLUxXRYHAxysq+FGJzxdh+9ZjkT mEfiv/kzOWkowfS6ZlirpmgPP3b8XlaB68SOd3vnWwKEBzwQXjcHzlBb+0f26zrF ix+6s2RLDD/t0o3WyGmkh1eQeaixLJ/6b1bBV5O/5MsNsSpbLRA/LhX/8OaFoRGl 2L09Bcbz6XqCWeTPIUrwGzwSdLeSW3T9akNelFFJ0GwMp15NDwlZ+XGvCCeFXejM pQxs17Or9h4cPKe6BdTOjV8lD8IRc7tXa81xb0SlxPqQL0FiV/yI1BQcBOwe7o+j aAoxFa3dcb99eGkiXyKobxqU3lkz/PbuBbLURUzjeaVx0EurQO9YWKxJyOt6M8l5 Q3E3lMYooUOVA1flLDw1Qg1hwIc3VCgPJ7Bkygt6r4IdDgQBNh3pEutfyW9wyUoN sEedstCRUVptUOIhMZxuv6MYciA9W4hcPSrLgIdMF+aYC2IXYMo1lEGQnctk3n91 x6sWWk0YUB6+Yx8IA4s42mUwapY7dDWd4dsHQFBghU/xpGqnCYLx0RwUDjUxne16 1Ys+gNGk/TIApGBpPPO/DLBmDOGY+OWHRniYsvIRhR3PMoqVrSrF9n2tJfpDwSOC kSL3vsPARIR+M/gCiIe03Z2gs7axBjhX1SLpK5tUpU5CRzeEOWGLOBv1bQioQomC U3mi5gJIlo27wxUqdMJFA6Q1KhsDKPyIRYIFnrvhj4VZOnL+noy1/1gaaBiDA2Bd 9f23Dw+l0JQCdcDwPa8BPkEkcb+YJZDFqPxECm6smXYCAtBSojZpjkZPY1J6K5uk O+8jAzQrfxk0CwEKCPQSnsTVb6Lp4ezsC7QClsU3nKmI4HXeddHzGXqhL/AEaDWn WAUNFBycON8NNFOdro0i/2UT98bKMJKWKsl+aEpU/i07m5ycvIJ0MU33Kb8mN7RU DHEHTt/be1O/kyWcT1iHBX+5NPVMEE7zq2G4L4dscudDU+WcM4YLIxo5uza2s+sn rY0+zvFJdDSHocb8kpkfzXqktnNWlkYYDKkXmmBPG4Zn9yAid2vRdop3pJTw/Spw Ns5ezpWnuhEalVltGuRYal0F0y1VoHkEobabuK6lhb0SPz/r5rn3StPDlhpv6rn/ oSA79BzFIunCsLkH5nkhGlbmUeUm8Ni/x8AXIdw57DMk5Kxp2bKFqWDFTCZY0bg9 8a+64I+oRqZeZH7VOW4lxRHBjwADSxGmhPwldb3I2sMh45teZ4nypPjm2i4yYGYI 4Naoo95m2NApbfX7M45OevJi6izjk6greCBmTSfNwfXCT+nCQ43DIOFD1Saq86s/ j3hopcpcegGvZlm+GtetnOvyZkycRAK1Qd8SnFVJl5OWaxXLz34jzs2JDHHAgEYw 9ACSkJvKOLFtKp1jK4yf/Eldbsy5lFOUxSlUl0fjWcxQb/IhTB27i2VtARkj57aO qacb+wu0iVn7+rNYKq0o/Jk6Lzv7TDE4k//+lZvgZUKQLN1TnelMeamRPbZy25Ql GEwpBI7B8K1NvKzNInrYpe+kTh/1jvAMQHcREjDKBkxDEqFgM7VOaRt0x+RP3Tvo z7h/MXK0MJ+K2nGMSYmSaUjLQIns8a2XlFCaJTRQ08kt+s5aKFNCS27NT46ZYteh kNPq87iCdaTlaVszgT6SJnud5+KtaUF4dMPAV4glLneaLFccRH6MAloo1VPT7ahw YbTnrOAObjcNBZ3PSHc7YIQDbcBdRCjE628Ya52k4sDJAu3+m8d6fKEs48bkfcqg YQ04i0MqkjyZn8YOjWtuSX4dOEschJpoxpPcvUmYAvkPk9k6fwiJV186ha9mnVds YDJjfQOGP7nBRWSVO275ktBPtWMhvTJzAcPOyWb5WVjfSljeM2HpcjHB6vlmeLYe ZGHzEPiYUT9iEFA1WT1dchOxHMWd2A+BqtfrMwQGlWkgdOWbTeXxS2toHrpjFeKv 2TKPSSh1gJ3jjlHZtPUFbIVns44FQFq/XsAg/gx/T/p+oNVWdZoeRnQbzTEZUzMo 1A2xXB+TgIPFnxbG7fPqydcuT5so77V1SE46ZY159bkwlgOO0W2yTdmhdQqWrShk eDYYgiRxVsonwf96/S3zaRTStE/fhAMmhBHBMvj5XXF7o7nlXJ/mKHFB7Gf4INYT QkNyAX+Y2SmQ3FD99f3crL3XfxlvjMU2CVCeh2T0s4J1P9CLAkuuh3YDlO8g6X6N rJEjg8NmZ8mw4RZg6LQanOoLTPBAEKN5BWrt+j2yLqFqkh3+m6j5izoGFXCCJfNP zGNFqTzuduJluF3OIyTAfdY2rl/UDlluTSXym9x7172FI7IJqO38YjNlmeI5HgBV 5Y+C52CN6W+QKSKxKqnmYfwhV3KOTgjPkhSBouv2F5w97IHjPwRF53ztFLxwBrnj qOR33eE5MuIk4FJti7EsRZMZxYcpn9vy1CNoQUT1YKP6PjQRl6SZpa76DhnWjr20 o4pEYQoUnd1qZ3/6AJdXj2Et =emEv -----END PGP MESSAGE----- ------=_Part_8_1019438032.1627002808114-- The message is being encrypted initially on the client side using Apple Mail and the GPG Suite plugin for MacOS. Here is my postfix configuration on the ciphermail host: djigzo_myhostname = smtp.coldlogix.com djigzo_mydestination = djigzo_mynetworks = 192.168.10.0/24, 192.168.50.0/24, 192.168.100.0/24, 192.168.200.0/24, 192.168.30.0/24, 10.10.10.0/27 djigzo_relayhost = mx1.la1.clx.corp djigzo_relayhost_mx_lookup = djigzo_relayhost_port = 25 djigzo_relay_domains = losangelesrecording.com djigzo_before_filter_message_size_limit = 0 djigzo_calculated_after_filter_message_size_limit = 0 djigzo_after_filter_message_size_limit = ${djigzo_calculated_after_filter_message_size_limit} djigzo_mailbox_size_limit = 512000000 djigzo_smtp_helo_name = smtp.coldlogix.com djigzo_relay_transport_host = mx1.la1.clx.corp djigzo_relay_transport_host_mx_lookup = djigzo_relay_transport_host_port = 25 djigzo_reject_unverified_recipient = djigzo_unverified_recipient_reject_code = 450 djigzo_parent_domain_matches_subdomains = relay_domains djigzo_rbl_clients = djigzo_calculated_queue_minfree = 0 myhostname = ${djigzo_myhostname} mydestination = ${djigzo_mydestination} mynetworks = 127.0.0.0/8, [::1]/128, ${djigzo_mynetworks} relay_domains = ${djigzo_relay_domains} parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains} smtp_helo_name = ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}} relay_transport = relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}} relayhost = ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}} smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination ${djigzo_rbl_clients} ${djigzo_reject_unverified_recipient? reject_unverified_recipient} unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code} smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn smtpd_etrn_restrictions = reject local_transport = error:local mail delivery is disabled local_recipient_maps = alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases message_size_limit = ${djigzo_after_filter_message_size_limit} mailbox_size_limit = ${djigzo_mailbox_size_limit} queue_minfree = ${djigzo_calculated_queue_minfree} smtpd_authorized_xforward_hosts = 127.0.0.1/32 content_filter = djigzo:[127.0.0.1]:10025 smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_key_file = /etc/pki/tls/private/postfix.key smtpd_tls_security_level = may smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 tls_preempt_cipherlist = yes smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = $smtpd_tls_protocols smtpd_tls_exclude_ciphers = AESCCM8, aNULL, ARIA, DES, DSS, eNULL, EXPORT, IDEA, MD5, PSK, RC4, SEED smtp_tls_CAfile = /etc/pki/ca-trust/extracted/pem/ColdLogixCA-chain.pem smtp_tls_security_level = may smtp_tls_loglevel = 1 smtp_tls_protocols = $smtpd_tls_protocols smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd smtp_sasl_type = cyrus smtp_sasl_security_options = mail_name = CipherMail smtpd_banner = $myhostname ESMTP $mail_name append_dot_mydomain = no biff = no recipient_delimiter = + notify_classes = enable_long_queue_ids = yes smtp_address_preference = ipv4 and master.cf: smtp inet n - n - - smtpd -o message_size_limit=${djigzo_before_filter_message_size_limit} pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache djigzo unix - - n - 4 smtp -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o smtp_generic_maps= cleanup_reinject unix n - n - 0 cleanup -o hopcount_limit=100 127.0.0.1:10026 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_authorized_xclient_hosts=127.0.0.0/8 -o cleanup_service_name=cleanup_reinject smtps inet n - y - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_authorized_xclient_hosts=127.0.0.0/8 -o cleanup_service_name=cleanup_reinject submission inet n - y - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_authorized_xclient_hosts=127.0.0.0/8 -o cleanup_service_name=cleanup_reinject 127.0.0.1:10027 inet n - n - 10 smtpd -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o syslog_name=postfix/10027 -o message_size_limit=${djigzo_before_filter_message_size_limit} All settings from the Ciphermail interface is set up with “inherit” for all the options. Using version 5.0.4: rpm -qa | grep djig djigzo-web-5.0.4-1.noarch djigzo-5.0.4-1.noarch Mail is set to relay to another postfix host for its final destination. -jeremy

...

On Jul 20, 2021, at 9:30 AM, Jeremy Hansen via Users <users(a)lists.ciphermail.com> wrote:

On Jul 20, 2021, at 7:56 AM, Martijn Brinkers via Users <users(a)lists.ciphermail.com> wrote:

On Thu, 2021-07-15 at 01:13 -0400, Jeremy Hansen via Users wrote: I noticed if I sent a message that is encrypted at the client, ciphermail will encrypt that message again and the original message is sent as an attachment.

What type of encryption is applied at the client side and what encryption is applied server side?

PGP on both sides.

I also noticed if I send a message from a host using something like mailx, the body of the message is never included in the email.

What do you mean with "the body of the message is never included in the email"?

echo test | mail -s Test jeremy(a)losangelesrecording.com The message comes through encrypted but I don’t see “test” in the body of the email. Thank you! > > Kind regards, > > Martijn Brinkers > > -- > CipherMail email encryption > Email encryption with support for S/MIME, > Ope > nPGP, PDF Messenger and Webmail Messenger >

Jeremy Hansen

28 Jul 28 Jul

5:39 a.m.

Any clues on this? -jeremy

...

On Jul 22, 2021, at 7:26 PM, Jeremy Hansen via Users <users(a)lists.ciphermail.com> wrote: Here’s the full headers of my message: Return-Path: <jeremy(a)coldlogix.com> Delivered-To: jeremy(a)losangelesrecording.com Received: from mx1.la1.clx.corp by mx1.la1.clx.corp with LMTP id 0eMYEMQX+mD9BAIAzivOYw (envelope-from <jeremy(a)coldlogix.com>) for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:40 -0700 Received: from localhost (localhost [127.0.0.1]) by mx1.la1.clx.corp (Postfix) with ESMTP id E5761412E05 for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:39 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.la1.clx.corp E5761412E05 X-Virus-Scanned: amavisd-new at coldlogix.com Received: from smtp.coldlogix.com ([127.0.0.1]) by localhost (smtp.coldlogix.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RyMjMJsZQrY for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:36 -0700 (PDT) Received: from smtp.coldlogix.com (cmx01.la1.clx.corp [192.168.30.23]) by mx1.la1.clx.corp (Postfix) with ESMTPS id 6F1F74C3589 for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:28 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.la1.clx.corp 6F1F74C3589 Received: from cmx01.la1.clx.corp (localhost [127.0.0.1]) by smtp.coldlogix.com (CipherMail) with ESMTP id 4GWBCX1P3Rz2SSxp for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:28 -0700 (PDT) Received: from mail.subtraverse.net (netman.subtraverse.intra [192.168.10.10]) by smtp.coldlogix.com (CipherMail) with ESMTP id 4GWBCW49cKz2SSxp for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:27 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.subtraverse.net (Postfix) with ESMTP id 5C3F2146F9E for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:27 -0700 (PDT) Received: from mail.subtraverse.net ([127.0.0.1]) by localhost (mail.subtraverse.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id mmNPq8Z2mIx2 for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:26 -0700 (PDT) Received: from smtpclient.apple (unknown [10.10.10.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.subtraverse.net (Postfix) with ESMTPSA id 55C27146F9C for <jeremy(a)losangelesrecording.com>om>; Thu, 22 Jul 2021 18:13:26 -0700 (PDT) Date: Thu, 22 Jul 2021 21:13:25 -0400 From: Jeremy Hansen <jeremy(a)coldlogix.com> To: jeremy(a)losangelesrecording.com Message-ID: <7ECACFC9-40EB-4080-A8A8-69C9AE105155(a)coldlogix.com> Subject: Test MIME-Version: 1.0 Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="----=_Part_8_1019438032.1627002808114" X-Virus-Scanned: amavisd-new at subtraverse.net DKIM-Filter: OpenDKIM Filter v2.11.0 mail.subtraverse.net 55C27146F9C X-Mailer: Apple Mail (2.3654.100.0.2.22) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,ENCRYPTED_MESSAGE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mx1.la1.clx.corp ------=_Part_8_1019438032.1627002808114 Content-Type: application/pgp-encrypted Content-Transfer-Encoding: 7bit Content-Description: PGP/MIME version identification Version: 1 ------=_Part_8_1019438032.1627002808114 Content-Type: application/octet-stream; name=encrypted.asc Content-Transfer-Encoding: 7bit Content-Description: OpenPGP encrypted message Content-Disposition: inline; filename="encrypted.asc" Content-Type: multipart/encrypted; boundary="Apple-Mail=_7D9B459F-746A-4970-8672-402CD4581A22"; protocol="application/pgp-encrypted" This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156) --Apple-Mail=_7D9B459F-746A-4970-8672-402CD4581A22 Content-Transfer-Encoding: 7bit Content-Type: application/pgp-encrypted Content-Description: PGP/MIME Versions Identification Version: 1 --Apple-Mail=_7D9B459F-746A-4970-8672-402CD4581A22 Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename=encrypted.asc Content-Type: application/octet-stream; name=encrypted.asc Content-Description: OpenPGP encrypted message -----BEGIN PGP MESSAGE----- hQIMA8de+J6NLzLYAQ/5AU3DMoY1Sc/gGUptX2K2cEZ2MaPfG5uJjr9d02HDlma1 UXc4K9TDd+ym3u06r5sLf3R+IAkot5shms5PCGsjqnhPEUtJwxp9cA4peL40OH+z qQfSOMqnD9MzW5qgM28+fj8R4C1R9OeZrBwcUS9MatIch2fqW6dNZcHEOcxThEOG ek/Qv58fAbZCv5QUmn8FyELDw3E6Ms4W/9slViG45gLminVSl7ZeAGSdsOjnwG0Q 3rWb4ARWVsu/69U/Fjltf46krS3UGdFyNh7xyg+YRfAiigLOa+LawIJ18ct9TgDq bnh9u4fa3CJ4rwLiLFskwhEk0bVRf9XgSmTZtUQku652xlCmGNmmyfzwfOhBfdXT uDufDOpi94JV8W/Q+Bsul0VKVCzVpCO4vJUxMNry9U3YAXplFaaLhgZjnwm8/IU9 8wVJF5U9DZ16rOYiQqG0BlSkuigmyhV4YztM1iNxYnODzQb/svrCFYkhSZZzNyAe PKJzliFTZ7KbiCbwkSdWLIjESoJROnaxGeMctC1tB0Ah2l2Vf7UWJSrJgkcqtV96 SsjCZasTtOlK1kozzdZ9OVKJyVzrA8SkKIR1DwCL71P/0SnqXBBRb30xg3v0PZS9 79L818dMlkpn0gT3wKn4vMjXlHgbJax9Pp0A89c4hPNnrc8fQn35TvaxiD0IhTiF AgwDYm7YRE3NdeYBD/9GwYDpbx3GuHof3sumG2gzGWCnT3w83x12xuGGnU3FmVdX WqIuIe2Q3dtA0hltWI1r4YlA5xEymVrFsr1e4DIwHVlljRcTk0tOWxWLHSjjc41B RLhN1Qh0J3O/xPIs62riSc4Gkr160z5oz3ojR6gmW8gHyltMdBf6l4lyM9vojc++ nFHhBdOeBOoUlWZXFp96RBfeVVWAYDS3oQjLRPfsKY5AQL9V5WsCRhQHCSbatnua xwHyIlsF5wbcIOnRwitjYVlUqOOXHGJTWG8/9maAOUFuzR8JZZ9GuMsiFPljlPKk XP+Fq1Maa5dz4pnySMTOuNe/s1hiXDOb+sFzXx0nHDJvM3SKq1hKvFXMpv0Rg9Kp L3YYwqdIlo53tEAAEsHmBUUNEk2zKFn6OiBHBXNgge8AiEPbmO+bylG0rl4oNwY7 kVvJw8vi59V08H6h92GSwosD3tJCj1xsjVpJ09kUKijk9RgrbjQGsgnZWLsDY5Hp 2CKT+BHehaQ96xiW8wro609h4d2bcdKDK5cU9r6yGgcM84etZ8X3hWhbJYwJEeVB mCltyc62KvqKRhktvs4xxFgloZYTcoWlLK8auriATVxO8nBS6Cn7zrpEG65isY4W 4PBX6ct0OMrcD56RTouGwFOiLjype0vzLk9zhOJ9GbM7RLjCgm/MvWdhKxySjNLp ATDVnNsfZdMJoRaKaFQSQhgu8t++C5AUrYIZDsrtmq0txODgdG7L2u2wQCHFV9Y/ 5KBB04RLfiKH2GL41bf1CkxaZX6f/ZrJBDvY3xMIA2CIrvB9yx/Z6XFi1vtJ8M/A f2at7u959FbVBVxw/L6LVU9xMD/2w+FBeucDuPWDPbQDpWa2IibZlQYAeJS3lcLv 6KDg4EU72jA2hTQb2COxneZUhtCsep6GC7cuGnaIk0qv6UhOIKSWfIA4TkJoiPi+ QrE3wJ8fELGgZcyAhHkulvdXf61ts6fK9xQVdfUgaJxUdUvKWBC5QjTDXMjc2faP 5erzlfGXDpNunKik6rmZxhrgs1y4oP9JT8EQI+esvVSeuMaqzn2h1lYpUIuDKE4K lsXNl+8Cro0k46Tgjccdo5kANJxMm3BvwZ98vFVwaBF28pp4x+nsJyJ+DMA0xUnb 52jJDKjo8gS4P95PAjL7ZdjBByY/lKFhWGHcxSUAJ0H7cJJdrCV/lrX7neeaPtcM qTVsTW4ObWEfD2RqAtAngxO9oWyWU95SKnpz31VQIgfOeOMtJrkIYGQbGQg4eLIZ UAQamiawgxxg6FLJbKZiiT3pnG4i84DV8rD42Q4nIlkDU71fDSpz9b7h110UIqeb GrqUW0XVDgDdp4TjKQ1iPhw65J+R+mdUeg9WftHonxbBKg1Qd2fm3htYm1qtMCg7 gnXsZ7ufH4V4PwtJDRNumEmePZcfU3SpgMo1LJkhnyTID4rofIRn+lnRX51/RGj5 E1525t0irN5bfzjMUWCPG8Sq+6ENoUHoFJcaOn/Y7c+rIK4L/H3zPTpqr4Rs6e6y BNy36ZrOCyAOFdSdAUz5XwTCAN4Mha3joCcDQ4PKTwjijLc69fqbgt+ovjntVNMJ YxN2MH1c+0DA0oGd2/hdraAifEmLakZIiNfNex4gWGOm2jRlvaGVQnjUucQ1eqmH imrO+wFRXAa90jjR2wXnDg2egCbZ/Wit+FTUiMWBAuvv1kdo1MUIkoqi7ehTLYUO 12756gYu/cY8f/uxtDZ+n8UP8YbbLlwVI70aibKb2wAQkGEF1PL3iVjvYwnD/ViE 3kWpVaxfr7sQ231Ki58oDfkbQysR+F13Kk9se7a8MWGvIEnhX2v0fMF2kWhfKjCW naewmZLdTbxop0SZRC0xtug3vEQ2TZizihZ/OObOA+D6JUA4OLJ/T3uvWIYSDxt+ P8zV+hIsUn/LCcSDyq3LZ/n5r9LYmjOd5BVcqn3SVafHHN439Y8x8rQnKjqu4yNn kL8qqrrH5KR8NOMyp43veLt1VbpBCDSf7M2Mn5J+i6k6abhpsB1KPxXOmx8= =s4+/ -----END PGP MESSAGE----- --Apple-Mail=_7D9B459F-746A-4970-8672-402CD4581A22-- ------=_Part_8_1019438032.1627002808114-- The message is being encrypted initially on the client side using Apple Mail and the GPG Suite plugin for MacOS. Here is my postfix configuration on the ciphermail host: djigzo_myhostname = smtp.coldlogix.com djigzo_mydestination = djigzo_mynetworks = 192.168.10.0/24, 192.168.50.0/24, 192.168.100.0/24, 192.168.200.0/24, 192.168.30.0/24, 10.10.10.0/27 djigzo_relayhost = mx1.la1.clx.corp djigzo_relayhost_mx_lookup = djigzo_relayhost_port = 25 djigzo_relay_domains = losangelesrecording.com djigzo_before_filter_message_size_limit = 0 djigzo_calculated_after_filter_message_size_limit = 0 djigzo_after_filter_message_size_limit = ${djigzo_calculated_after_filter_message_size_limit} djigzo_mailbox_size_limit = 512000000 djigzo_smtp_helo_name = smtp.coldlogix.com djigzo_relay_transport_host = mx1.la1.clx.corp djigzo_relay_transport_host_mx_lookup = djigzo_relay_transport_host_port = 25 djigzo_reject_unverified_recipient = djigzo_unverified_recipient_reject_code = 450 djigzo_parent_domain_matches_subdomains = relay_domains djigzo_rbl_clients = djigzo_calculated_queue_minfree = 0 myhostname = ${djigzo_myhostname} mydestination = ${djigzo_mydestination} mynetworks = 127.0.0.0/8, [::1]/128, ${djigzo_mynetworks} relay_domains = ${djigzo_relay_domains} parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains} smtp_helo_name = ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}} relay_transport = relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}} relayhost = ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}} smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination ${djigzo_rbl_clients} ${djigzo_reject_unverified_recipient? reject_unverified_recipient} unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code} smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn smtpd_etrn_restrictions = reject local_transport = error:local mail delivery is disabled local_recipient_maps = alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases message_size_limit = ${djigzo_after_filter_message_size_limit} mailbox_size_limit = ${djigzo_mailbox_size_limit} queue_minfree = ${djigzo_calculated_queue_minfree} smtpd_authorized_xforward_hosts = 127.0.0.1/32 content_filter = djigzo:[127.0.0.1]:10025 smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_key_file = /etc/pki/tls/private/postfix.key smtpd_tls_security_level = may smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 tls_preempt_cipherlist = yes smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = $smtpd_tls_protocols smtpd_tls_exclude_ciphers = AESCCM8, aNULL, ARIA, DES, DSS, eNULL, EXPORT, IDEA, MD5, PSK, RC4, SEED smtp_tls_CAfile = /etc/pki/ca-trust/extracted/pem/ColdLogixCA-chain.pem smtp_tls_security_level = may smtp_tls_loglevel = 1 smtp_tls_protocols = $smtpd_tls_protocols smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd smtp_sasl_type = cyrus smtp_sasl_security_options = mail_name = CipherMail smtpd_banner = $myhostname ESMTP $mail_name append_dot_mydomain = no biff = no recipient_delimiter = + notify_classes = enable_long_queue_ids = yes smtp_address_preference = ipv4 and master.cf: smtp inet n - n - - smtpd -o message_size_limit=${djigzo_before_filter_message_size_limit} pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache djigzo unix - - n - 4 smtp -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o smtp_generic_maps= cleanup_reinject unix n - n - 0 cleanup -o hopcount_limit=100 127.0.0.1:10026 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_authorized_xclient_hosts=127.0.0.0/8 -o cleanup_service_name=cleanup_reinject smtps inet n - y - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_authorized_xclient_hosts=127.0.0.0/8 -o cleanup_service_name=cleanup_reinject submission inet n - y - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_authorized_xclient_hosts=127.0.0.0/8 -o cleanup_service_name=cleanup_reinject 127.0.0.1:10027 inet n - n - 10 smtpd -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o syslog_name=postfix/10027 -o message_size_limit=${djigzo_before_filter_message_size_limit} All settings from the Ciphermail interface is set up with “inherit” for all the options. Using version 5.0.4: rpm -qa | grep djig djigzo-web-5.0.4-1.noarch djigzo-5.0.4-1.noarch Mail is set to relay to another postfix host for its final destination. -jeremy

On Jul 20, 2021, at 9:30 AM, Jeremy Hansen via Users <users(a)lists.ciphermail.com> wrote:

On Jul 20, 2021, at 7:56 AM, Martijn Brinkers via Users <users(a)lists.ciphermail.com> wrote:

What type of encryption is applied at the client side and what encryption is applied server side?

PGP on both sides.

I also noticed if I send a message from a host using something like mailx, the body of the message is never included in the email.

What do you mean with "the body of the message is never included in the email"?

Martijn Brinkers

2:51 p.m.

By default, the gateway does not check whether the message is already PGP encrypted and therefore it will be double encrypted if the gateway has a valid PGP key for the recipient. Why there is no check for already encrypted PGP message is because checking this for PGP is not always easy/reliable. With PGP/Inline, you cannot reliably detect whether every part of the email is encrypted. For example how should the gateway react if some MIME part is encrypted or not but the other parts are not? With PGP/Inline it's also hard to detect whether a MIME part is really encrypted or not. For example is the following part encrypted? Or is it just an example of an encrypted inline part which is not valid: -----BEGIN PGP MESSAGE----- BLABLA -----END PGP MESSAGE----- With PGP/Inline you can have mixed content, i.e., some parts of the body are encrypted and some parts are not. Checking PGP/MIME is easier because there is a clear and distinct content type. You might add a check which checks the content type for PGP/MIME encryption and skip further handling. Why has this not been added? Various reasons, historical and the fact that this has never been requested. If you want to support encryption on the desktop and on the gateway, the best would be to not add a valid key for the recipient on the gateway. That said, you can add the following snippet to config.xml to skip further encryption if the message is already PGP/MIME encrypted (to be precise if the content type contains a specific protocol value) Add the following check just below the existing "message is already S/MIME encrypted" part (add to config.xml) <mailet match="HeaderValueRegEx=matchOnError=false,content- type=(?i)protocol="application/pgp-encrypted"" class="GotoProcessor"> <log> message is already PGP/MIME encrypted </log> <processor> dkim-sign </processor> </mailet> After adding the above snippet, the back-end should be restarted. Kind regards, Martijn Brinkers On Tue, 2021-07-20 at 10:30 -0400, Jeremy Hansen wrote:

...

On Jul 20, 2021, at 7:56 AM, Martijn Brinkers via Users < users(a)lists.ciphermail.com> wrote:

What type of encryption is applied at the client side and what encryption is applied server side?

PGP on both sides.

I also noticed if I send a message from a host using something like mailx, the body of the message is never included in the email.

What do you mean with "the body of the message is never included in the email"?

echo test | mail -s Test jeremy(a)losangelesrecording.com The message comes through encrypted but I don’t see “test” in the body of the email. Thank you! > Kind regards, > > Martijn Brinkers > > -- > CipherMail email encryption > Email encryption with support for S/MIME, > Ope > nPGP, PDF Messenger and Webmail Messenger >

-- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF Messenger and Webmail Messenger

Jeremy Hansen

29 Jul 29 Jul

12:46 a.m.

Thank you for the help. It’s much appreciated. Seems to be working so far. -jeremy

...

On Wednesday, Jul 28, 2021 at 6:52 AM, Martijn Brinkers <martijn(a)ciphermail.com (mailto:martijn@ciphermail.com)> wrote: By default, the gateway does not check whether the message is already PGP encrypted and therefore it will be double encrypted if the gateway has a valid PGP key for the recipient. Why there is no check for already encrypted PGP message is because checking this for PGP is not always easy/reliable. With PGP/Inline, you cannot reliably detect whether every part of the email is encrypted. For example how should the gateway react if some MIME part is encrypted or not but the other parts are not? With PGP/Inline it's also hard to detect whether a MIME part is really encrypted or not. For example is the following part encrypted? Or is it just an example of an encrypted inline part which is not valid: -----BEGIN PGP MESSAGE----- BLABLA -----END PGP MESSAGE----- With PGP/Inline you can have mixed content, i.e., some parts of the body are encrypted and some parts are not. Checking PGP/MIME is easier because there is a clear and distinct content type. You might add a check which checks the content type for PGP/MIME encryption and skip further handling. Why has this not been added? Various reasons, historical and the fact that this has never been requested. If you want to support encryption on the desktop and on the gateway, the best would be to not add a valid key for the recipient on the gateway. That said, you can add the following snippet to config.xml to skip further encryption if the message is already PGP/MIME encrypted (to be precise if the content type contains a specific protocol value) Add the following check just below the existing "message is already S/MIME encrypted" part (add to config.xml) <mailet match="HeaderValueRegEx=matchOnError=false,content- type=(?i)protocol="application/pgp-encrypted"" class="GotoProcessor"> <log> message is already PGP/MIME encrypted </log> <processor> dkim-sign </processor> </mailet> After adding the above snippet, the back-end should be restarted. Kind regards, Martijn Brinkers On Tue, 2021-07-20 at 10:30 -0400, Jeremy Hansen wrote:

On Jul 20, 2021, at 7:56 AM, Martijn Brinkers via Users < users(a)lists.ciphermail.com> wrote:

What type of encryption is applied at the client side and what encryption is applied server side?

PGP on both sides.

I also noticed if I send a message from a host using something like mailx, the body of the message is never included in the email.

What do you mean with "the body of the message is never included in the email"?

-- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF Messenger and Webmail Messenger

Martijn Brinkers

20 Jul 20 Jul

1:56 p.m.

On Thu, 2021-07-15 at 01:13 -0400, Jeremy Hansen via Users wrote:

...

I noticed if I sent a message that is encrypted at the client, ciphermail will encrypt that message again and the original message is sent as an attachment.

What type of encryption is applied at the client side and what encryption is applied server side?

...

I also noticed if I send a message from a host using something like mailx, the body of the message is never included in the email.

What do you mean with "the body of the message is never included in the email"? Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, Ope nPGP, PDF Messenger and Webmail Messenger

Jeremy Hansen

4:30 p.m.

...

On Jul 20, 2021, at 7:56 AM, Martijn Brinkers via Users <users(a)lists.ciphermail.com> wrote:

What type of encryption is applied at the client side and what encryption is applied server side?

PGP on both sides.

...

I also noticed if I send a message from a host using something like mailx, the body of the message is never included in the email.

What do you mean with "the body of the message is never included in the email"?

echo test | mail -s Test jeremy(a)losangelesrecording.com The message comes through encrypted but I don’t see “test” in the body of the email. Thank you!

...

Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, Ope nPGP, PDF Messenger and Webmail Messenger

131

days inactive

144

days old

users@lists.ciphermail.com

Manage subscription

6 comments

2 participants

tags (0)

participants (2)

Jeremy Hansen
Martijn Brinkers