On 07/26/2011 10:25 AM, Stefan-Michael Guenther wrote:
for whatever reason, our Djigzo installation does not sign emails.
I have create a new email address michael.guenther(a)in-put.de, added it
as a new internal user, created and assigned a certificate for
encryption and signing.
The certificate for signing has not expired, it is valid not before Jul
18, 2011 and not after Jul 17, 2016.
The key Usage ist "keyEncipherment, digitalSignature", the extended Key
usage is "emailProtection, clientAuth".
And of course the system has the current time.
In the user settings I have selected "Only sign when encrypt (deactived,
do not inherit).
Did I miss something?
The majority of settings are used for the sender *and* recipient(s). So,
if the sender has unchecked "only sign when encrypt" but the recipient
still has "only sign when encrypt" checked, the message won't be signed
when send to that recipient. If you want to sign all outgoing email it's
advised to uncheck "only sign when encrypt" for the system settings
(i.e., the global settings).
The main reason of checking both the sender and recipient settings for
most (not all) settings is that it gives you the greatest flexibility.
Appendix E of the administration guide contains a flow diagram that
shows you exactly which steps are taken while processing the email.
If you want signing to be off by default and only sign on demand using a
keyword in the subject you might use the "Force signing trigger" option.
For example the following "Force signing trigger" forces signing even if
"only sign when encrypt" is checked when the subject contains the
Djigzo open source email encryption