26 Jul
2011
26 Jul
'11
10:25 a.m.
Hi,
for whatever reason, our Djigzo installation does not sign emails.
I have create a new email address michael.guenther(a)in-put.de, added it
as a new internal user, created and assigned a certificate for
encryption and signing.
The certificate for signing has not expired, it is valid not before Jul
18, 2011 and not after Jul 17, 2016.
The key Usage ist "keyEncipherment, digitalSignature", the extended Key
usage is "emailProtection, clientAuth".
And of course the system has the current time.
In the user settings I have selected "Only sign when encrypt (deactived,
do not inherit).
Did I miss something?
Thanks for any hints/help,
Stefan
26 Jul
26 Jul
10:44 a.m.
On 07/26/2011 10:25 AM, Stefan-Michael Guenther wrote:
Hi,
for whatever reason, our Djigzo installation does not sign emails.
I have create a new email address michael.guenther(a)in-put.de, added it
as a new internal user, created and assigned a certificate for
encryption and signing.
The certificate for signing has not expired, it is valid not before Jul
18, 2011 and not after Jul 17, 2016.
The key Usage ist "keyEncipherment, digitalSignature", the extended Key
usage is "emailProtection, clientAuth".
And of course the system has the current time.
In the user settings I have selected "Only sign when encrypt (deactived,
do not inherit).
Did I miss something?
The majority of settings are used for the sender *and* recipient(s). So,
if the sender has unchecked "only sign when encrypt" but the recipient
still has "only sign when encrypt" checked, the message won't be signed
when send to that recipient. If you want to sign all outgoing email it's
advised to uncheck "only sign when encrypt" for the system settings
(i.e., the global settings).
The main reason of checking both the sender and recipient settings for
most (not all) settings is that it gives you the greatest flexibility.
Appendix E of the administration guide contains a flow diagram that
shows you exactly which steps are taken while processing the email.
If you want signing to be off by default and only sign on demand using a
keyword in the subject you might use the "Force signing trigger" option.
For example the following "Force signing trigger" forces signing even if
"only sign when encrypt" is checked when the subject contains the
keyword [sign]:
subject: (?i)\[\s*sign\s*\]
Kind regards,
Martijn Brinkers
--
Djigzo open source email encryption
12:12 p.m.
Hi,
Am 26.07.2011 10:44, schrieb Martijn Brinkers:
when send to that recipient. If you want to sign all
outgoing email it's
advised to uncheck "only sign when encrypt" for the system settings
(i.e., the global settings).
for testing purposes I want to sign all outgoing emails and therefore I
have unchecked "only sign when encrypt" both in the users and the global
settings.
But the emails are still not signed.
For which logger do I have to increase the log level, to maybe get a
hint, why emails are not signed?
Kind regards,
Stefan
--
********************************************
in-put GbR - Das Linux-Systemhaus
Stefan-Michael Guenther
Geschaeftsfuehrer
Moltkestrasse 49 D-76133 Karlsruhe
Tel./Fax : +49 (0)721 / 6 80 32 88 - 0 / 3
http://www.in-put.de/
********************************************
Schulungen Installationen
Beratung Support
Voice-over-IP-Loesungen
********************************************
NEU: MobyDick - die preiswerte Voice-over-IP-Lösung
- Browserbasierte Administration
- inklusive Faxserver
Weitere Informationen unter http://www.iptelephonie.de
12:52 p.m.
Zitat von Stefan-Michael Guenther <s.guenther(a)in-put.de>de>:
Hi,
Am 26.07.2011 10:44, schrieb Martijn Brinkers:
Are you sure the mails are passed through Djigzo? It should be noted
in the Djigzo logs. Is the recipient used for the test "external" or
"internal"?
Regards
Andreas
when send to that recipient. If you want to sign
all outgoing email it's
advised to uncheck "only sign when encrypt" for the system settings
(i.e., the global settings).
for testing purposes I want to sign all outgoing emails and therefore I
have unchecked "only sign when encrypt" both in the users and the global
settings.
But the emails are still not signed.
1:25 p.m.
New subject: [Djigzo users] Encryption: yes, signing: no. But why? [SOLVED]
Hi,
the point was, that in the global settings "Locality" has to be
"External", while in our setting it was "Internal".
This obviously forces Djigzo to treat every recipient as external. The
only exception are those users, that were added manually with Locality
set to internal.
Thanks for your help,
Stefan
1:34 p.m.
New subject: [Djigzo users] Encryption: yes, signing: no. But why? [SOLVED]
Zitat von Stefan-Michael Guenther <s.guenther(a)in-put.de>de>:
Hi,
the point was, that in the global settings "Locality" has to be
"External", while in our setting it was "Internal".
This obviously forces Djigzo to treat every recipient as external.
The only exception are those users, that were added manually with
Locality set to internal.
It would be better to leave the global setting at default and list
your internal maildomains in the "domains" setting. This domains can
then be configured with whatever parameter you like. The global
settings should only be used for global defaults and you don't want
all mailaddresses to be internal, no?
So for your testcase:
- revert global settings to default
- create internal domain with sign-all setting
- import certificate/key pair for the sender
- send testmail to some external user (not in the internal domain)
With this teh mail should get signed as expected.
Regards
Andreas
3947
days inactive
3947
days old
5 comments
3 participants
participants (3)
-
lst_hoe02@kwsoft.de -
Martijn Brinkers -
Stefan-Michael Guenther