6 Dec
2018
6 Dec
'18
9:17 a.m.
On 06-12-18 09:06, Weppert Juergen wrote:
great! Now it is working. Thanks a lot.
I just have one more question. How can i see in the logs which certificate was used for
decryption?
This is not logged. What should be logged and not logged is always a
tradeoff between logging to much and logging too little. Logging the
certificate details will add substantial information to the logs. An
email might even be encrypted with several certificates, for example a
recipient can have multiple certificates or there can be multiple
recipients. If logging which certificates are being used is a
requirement, it might be possible to add an additional rule to the mail
flow (this requires some coding however).
Kind regards,
Martijn Brinkers
-----Ursprüngliche Nachricht-----
Von: Martijn Brinkers [mailto:martijn@ciphermail.com]
Gesendet: Montag, 3. Dezember 2018 12:59
An: Weppert Juergen <Juergen.Weppert(a)mediakom-online.de>
Betreff: Re: AW: AW: AW: [CipherMail User] S/Mime domain certificate
You have enabled S/MIME strict mode. This will check whether there is a match between
recipient address and email address in the email. This will not work for domain
certificates without additional config (it should work if strict mode is not enabled). You
need to explicitly tell the gateway that a domain certificate is used for that domain.
Please try to add the domain certificate to the domain mediakom-online.de
So open settings for domain mediakom-online.de, then "S/MIME -> encryption
certificates" and select the domain certificate.
Kind regards,
Martijn Brinkers
On 03-12-18 12:49, Weppert Juergen wrote:
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
Hello,
her are the relevant log lines.
03 Dec 2018 10:45:38 | INFO incoming; MailID:
63aa8793-84c2-470d-9322-1378313de4a7; Recipients:
[juergen.weppert(a)mediakom-online.de]; Originator:
michael.hengst(a)hkk.de; Sender: michael.hengst(a)hkk.de; Remote address:
x.x.x.x; Subject: AW: Mailverschlüsselung; Message-ID:
<518A63CC64BC574E9671E278570CF549C9E1969A-TvXsAYlA(a)s9103p051.hkk.lokal
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail
pull.
; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #2]
03 Dec 2018 10:45:38 | INFO Subject filter is disabled for the
sender;
MailID: 63aa8793-84c2-470d-9322-1378313de4a7; Recipients:
[juergen.weppert(a)mediakom-online.de]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
03 Dec 2018 10:45:38 | INFO To internal recipient(s); MailID:
63aa8793-84c2-470d-9322-1378313de4a7; Recipients:
[juergen.weppert(a)mediakom-online.de]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
03 Dec 2018 10:45:38 | INFO "S/MIME strict mode" is enabled for the
recipient(s); MailID: 63aa8793-84c2-470d-9322-1378313de4a7;
Recipients: [juergen.weppert(a)mediakom-online.de]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
03 Dec 2018 10:45:38 | WARN S/MIME decryption key not found; MailID:
63aa8793-84c2-470d-9322-1378313de4a7; Message: A suitable decryption
key could not be found. CMS Recipients: CN=evp.mediakom-online.de,
OU=IT, O=MediaKom GmbH, L=Aschau, ST=Bayern,
C=DE/92D94935F132BCB//1.2.840.113549.1.1.1
(mitm.common.security.smime.handler.SMIMEHandler) [Spool Thread #2]
03 Dec 2018 10:45:38 | INFO Message handling is finished. Sending to
final recipient(s); MailID: 63aa8793-84c2-470d-9322-1378313de4a7;
Recipients: [juergen.weppert(a)mediakom-online.de]; Originator:
michael.hengst(a)hkk.de; Sender: michael.hengst(a)hkk.de; Remote address:
x.x.x.x; Subject: AW: Mailverschlüsselung; Message-ID:
<518A63CC64BC574E9671E278570CF549C9E1969A-TvXsAYlA(a)s9103p051.hkk.lokal
; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #1]
I have no personal S/Mime certificate so i think the warning is because no certificate
matches my email address.
Kind regards
Jürgen Weppert
-----Ursprüngliche Nachricht-----
Von: Martijn Brinkers [mailto:martijn@ciphermail.com]
Gesendet: Montag, 3. Dezember 2018 12:38
An: Weppert Juergen <Juergen.Weppert(a)mediakom-online.de>
Betreff: Re: AW: AW: [CipherMail User] S/Mime domain certificate
In that case the MPA log should provide more information.
Can you provide the relevant log lines from the MPA log? It should tell exactly what
happens when it handles the incoming email.
Kind regards,
Martijn Brinkers
On 03-12-18 12:35, Weppert Juergen wrote:
Hello,
yes i imported the certificate and the private key.
Yes the domain is internal.
Kind regards
Jürgen Weppert
-----Ursprüngliche Nachricht-----
Von: Martijn Brinkers [mailto:martijn@ciphermail.com]
Gesendet: Montag, 3. Dezember 2018 12:15
An: Weppert Juergen <Juergen.Weppert(a)mediakom-online.de>
Betreff: Re: AW: [CipherMail User] S/Mime domain certificate
On 03-12-18 11:19, Weppert Juergen wrote:
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail
pull.
Hello,
thanks for your feedback.
For example, our Domain is mediakom-online.de and the domain of our
partner is test.de. I added a new domain "test.de" and selected
their certificate to encrypt Emails send tot hat domain. And that
works fine. But emails send from "test.de" to us are encrypted with
our domain certificate. I importet our certificate only under
"Certificates", is this OK?
Are you absolutely certain that you imported the certificate *and*
private key? (i.e., imported a password protected p12 or pfx file)
But Ciphermail does not decrypt emails send to
us. Must i select our
certificate under our domain in ciphermail as you descriped below?
Incoming email will be decrypted automaically if the recipient domain is set as an
"Internal" domain *and* if there is a private key on the gateway which can be
used to decrypt the email.
So
1. Check if there is a valid private key available 2. Check if your
domain is configured as an Internal domain (i.e., locality is set to
"Internal")
Kind regards,
Martijn Brinkers
-----Ursprüngliche Nachricht----- Von: Users
[mailto:users-bounces@lists.ciphermail.com] Im Auftrag von Martijn
Brinkers via Users Gesendet: Montag, 3. Dezember 2018 09:40 An:
users(a)lists.ciphermail.com Betreff: Re: [CipherMail User] S/Mime
domain certificate
On 30-11-18 13:09, Weppert Juergen via Users wrote:
> how can i use S/Mime encryption/decryption with an domain
> certificate but only with one external partner (other domain)?
> Emails to other recipients must be encrypted with their personal
> S/Mime certificate.
I assume you are talking about using a domain certificate for the
external domain? (and not a domain certificate for signing).
If so, you need to add the external domain, then on the domain
settings select "S/MIME -> encryption certificates" and select the
certificate you want to use for that external domain.
Kind regards,
Martijn Brinkers
-- CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption
and secure webmail pull.
_______________________________________________
Users mailing list Users(a)lists.ciphermail.com
https://lists.ciphermail.com/mailman/listinfo/users
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail
pull.
1093
days inactive
1093
days old
0 comments
1 participants
participants (1)
-
Martijn Brinkers