I followed the basic set-up which you outlined for
the Djigzo MTA. Next, I created a CA, then
created a certificate for myself, based on what I
read in the SMIME setup guide. I sent that cert
to myself, and since I received it, I've got to
believe that my primary MTA is configured
properly to work with the Djigzo MTA, at least so
Now, I'm ready to test encrypting mail, but I'm
not sure how to proceed. BTW, I'm the only one
in my shop to use Kmail; everyone else uses MS
Outlook. I think I successfully pulled my crt
Now, do I point my MUA to Djigzo?
What's the next step to encrypting/signing mail?
Apologies for what seem to be very basic
questions, but email encryption is not an easy
subject, or it would much more widely used.
On Wednesday 17 June 2009 9:31:21 am you wrote:
Have you downloaded the administration guide?
It explains how to setup the MTA and gives an
overview of all the functionality.
The first step is to make sure that email is
sent and received via Djigzo.
A general setup will go as follows:
* Allow email relay from your internal sendmail
(add the IP of the sendmail server to “My
* Add the the domains to the “Relay domains”
for which you receive email (firstbhpb.com
* Set the ”Internal relay host” to the IP
address of the sendmail server (or spam
server/virus scanner) to make sure that
incoming email gets sent to your internal email
* If you want Djigzo to sent email to external
recipients leave “External relay host” blank.
If you use an external relay fill in the IP (or
address) of the relay
* To make Djigzo know which internal recipients
are valid recipients enable advanced settings
and enable “Reject unverified recipient”. This
option makes Djigzo (actually the internally
used Postfix server) ask you sendmail server
whether the user is a known user. Enable this
option to prevent back-scatter (see
Change “reject code” from 450 (try again
later) to 550 (reject) if you are certain that
“Reject unverified recipient” is functional.
* Apply settings
Djigzo internally uses Postfix for the MTA part
so for the fine details see
Djigzo contains a MTA (responsible for email
delivery) and MPA (responsible for email
processing like encryption etc.). The MTA
determines for which domains you receive email.
The MPA determines which email should be
encrypted or decrypted. The MPA has to know
which domains are internal and which are
external In most setups incoming email for your
internal users should be decrypted and outgoing
email for external users should be encrypted.
So in most setups you should add a domain (see
page 22 of the administration guide) for each
domain you have enabled in the MTA relay
domains and make sure that the domain is an
internal domain (to make sure that incoming
email is decrypted and outgoing email is
You should now create a CA server certificate
and add certificates for your internal and/or
external users. This is explained in the S/MIME
Once you have setup Djigzo for sending and
receiving email you can start experimenting
with all the features.
Hope this helps.
Feel free to ask if something isn't clear.
Dimitri Yioulos wrote:
Hello to anyone listening.
I'm excited about Djigzo, and would like to
implement it in our 65-person shop. I DL'd,
and successfully installed the latest VM
version on VMware Server 1.0.9. I also added
the latest version of VMware Tools. I've
read all of the manuals, and have a general
idea of what I need to do to make this all
work. But, I can't seem to get my head
completely around it. Someone's help in
setting up and getting it running would be
Here's my present email set-up: latest
sendmail, as well as MailScanner, MailWatch,
clamav, Bit Defender, and spamassassin (which
have been in place, and running well, for
five years) in DMZ.
I'd like to place Djigzo in front of my
current mail server, and use self-created
Again, help would be appreciated.
Djigzo open source email encryption
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.