26 Oct
2012
26 Oct
'12
5:03 p.m.
-------- Original-Nachricht --------
Datum: Fri, 26 Oct 2012 16:49:13 +0200
Von: Martijn Brinkers <martijn(a)djigzo.com>
An: users(a)lists.djigzo.com
Betreff: Re: [Djigzo users] Problem with the encryption on domain rule
On 10/26/2012 04:33 PM, fatcharly(a)gmx.de wrote:
Hi Martijn,
thanks for your fast reply :o)
1.yes ist is as encryption used, not for signing
2. as you mentioned it now, the background is grey. how can I make it a white one ? (I
wasn`t aware of it)
3. It´s now set to mandatory (didnt make a test yet, because I think the problem is point
no.2)
Kind regards,
fatcharly
I´m using the latest djigzo on a CentOS 6.3. I
have a domain with a
certificate to encrypt, but none of the mails which are going
through the
gateway are encrypted. Here is the log output, maybe somebody can tell me why
it´s not working:
26 Oct 2012 16:09:43 | INFO incoming | MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de; Sender:
name.name(a)company.de; Remote address: 192.168.1.35; Recipients: [test(a)encrypt.de];
Subject:
test ; Message-ID:
<EB6653A813FDF14F96405E552D11AC860277DBCE(a)server.internal.lan>an>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO Subject filter is
disabled for the sender;
MailID: 0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO postSubjectFilter
state | MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator:
name.name(a)company.de; Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread
#2]
26 Oct 2012 16:09:43 | INFO external state |
MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO DLP is disabled for
the sender; MailID:
0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO postDLP state |
MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO "subject
trigger" is disabled for the
sender; MailID:
0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO
checkForceEncryptHeader state | MailID:
0121f9cf-f632-4077-a39e-ce065089269c;
Originator: name.name(a)company.de; Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool
Thread #2]
26 Oct 2012 16:09:43 | INFO "force encrypt
header trigger" is disabled
for the sender; MailID:
0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO checkEncryptMode
state | MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator:
name.name(a)company.de; Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread
#2]
26 Oct 2012 16:09:43 | INFO "encrypt
mode" is force for the
recipient(s); MailID:
0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO checkSMIME state |
MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO checkPDFEncrypt state
| MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread
#2]
26 Oct 2012 16:09:43 | INFO PDF encryption is
disabled for the
recipient(s); MailID: 0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO checkMustEncrypt
state | MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator:
name.name(a)company.de; Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread
#2]
26 Oct 2012 16:09:43 | INFO Force signing not
allowed for sender;
MailID: 0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO checkSMIMESign state
| MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO "only sign when
encrypt" is enabled for the
sender. S/MIME signing will be skipped; MailID:
0121f9cf-f632-4077-a39e-ce065089269c (mitm.application.djigzo.james.mailets.Default)
[Spool Thread #2]
26 Oct 2012 16:09:43 | INFO transport state |
MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; Remote address: 192.168.1.35; Recipients: [test(a)encrypt.de];
Subject: test ; Message-ID:
<EB6653A813FDF14F96405E552D11AC860277DBCE(a)server.internal.lan>an>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:47 | INFO Cleaning Key Cache.
Cache size: 0
(mitm.common.cache.KeyCacheImpl) [KeyCacheImpl Thread]
A couple of questions
1. Can you check whether you have selected the certificate as encryption
certificate for the external domain?
2. Is the domain certificate trusted? i.e., not shown with a gray
background but with a white background?
3. I see that you have set encrypt mode to "Force". That might be on
purpose but if your intention is to have mandatory encryption when
sending to that domain, you should set encrypt mode to "Mandatory"
Kind regards,
Martijn
--
DJIGZO email encryption
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users
26 Oct
26 Oct
6:02 p.m.
New subject: [Djigzo users] Problem with the encryption on domain rule
On 10/26/2012 05:03 PM, fatcharly(a)gmx.de wrote:
-------- Original-Nachricht --------
If you click the certificate subject and view the certificate it tells
you why it's not trusted.
If it is because the complete cert chain cannot be found (i.e. an
intermediate or root is missing) and you cannot install the intermediate
or the root, you can manually make a certificate valid by white listing
the certificate. You can do this by placing the certificate on the
certificate trust list (CTL) with white listing selected. CLick the
certificate, on the certificate view page, click "add to CTL". Then set
the status to "White list".
regards,
Martijn
--
DJIGZO email encryption
Datum: Fri, 26 Oct 2012 16:49:13 +0200
Von: Martijn Brinkers <martijn(a)djigzo.com>
An: users(a)lists.djigzo.com
Betreff: Re: [Djigzo users] Problem with the encryption on domain rule
On 10/26/2012 04:33 PM, fatcharly(a)gmx.de wrote:
Hi Martijn,
thanks for your fast reply :o)
1.yes ist is as encryption used, not for signing
2. as you mentioned it now, the background is grey. how can I make it a white one ? (I
wasn`t aware of it) I´m using the latest djigzo on a CentOS 6.3. I
have a domain with a
certificate to encrypt, but none of the mails which are going
through the
gateway are encrypted. Here is the log output, maybe somebody can tell me why
it´s not working:
26 Oct 2012 16:09:43 | INFO incoming | MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de; Sender:
name.name(a)company.de; Remote address: 192.168.1.35; Recipients: [test(a)encrypt.de];
Subject:
test ; Message-ID:
<EB6653A813FDF14F96405E552D11AC860277DBCE(a)server.internal.lan>an>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO Subject filter is
disabled for the sender;
MailID: 0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO postSubjectFilter
state | MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator:
name.name(a)company.de; Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread
#2]
26 Oct 2012 16:09:43 | INFO external state |
MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO DLP is disabled for
the sender; MailID:
0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO postDLP state |
MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO "subject
trigger" is disabled for the
sender; MailID:
0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO
checkForceEncryptHeader state | MailID:
0121f9cf-f632-4077-a39e-ce065089269c;
Originator: name.name(a)company.de; Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool
Thread #2]
26 Oct 2012 16:09:43 | INFO "force encrypt
header trigger" is disabled
for the sender; MailID:
0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO checkEncryptMode
state | MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator:
name.name(a)company.de; Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread
#2]
26 Oct 2012 16:09:43 | INFO "encrypt
mode" is force for the
recipient(s); MailID:
0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO checkSMIME state |
MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO checkPDFEncrypt state
| MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread
#2]
26 Oct 2012 16:09:43 | INFO PDF encryption is
disabled for the
recipient(s); MailID: 0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO checkMustEncrypt
state | MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator:
name.name(a)company.de; Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread
#2]
26 Oct 2012 16:09:43 | INFO Force signing not
allowed for sender;
MailID: 0121f9cf-f632-4077-a39e-ce065089269c
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO checkSMIMESign state
| MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:43 | INFO "only sign when
encrypt" is enabled for the
sender. S/MIME signing will be skipped; MailID:
0121f9cf-f632-4077-a39e-ce065089269c (mitm.application.djigzo.james.mailets.Default)
[Spool Thread #2]
26 Oct 2012 16:09:43 | INFO transport state |
MailID:
0121f9cf-f632-4077-a39e-ce065089269c; Originator: name.name(a)company.de;
Sender:
name.name(a)company.de; Remote address: 192.168.1.35; Recipients: [test(a)encrypt.de];
Subject: test ; Message-ID:
<EB6653A813FDF14F96405E552D11AC860277DBCE(a)server.internal.lan>an>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Oct 2012 16:09:47 | INFO Cleaning Key Cache.
Cache size: 0
(mitm.common.cache.KeyCacheImpl) [KeyCacheImpl Thread]
A couple of questions
1. Can you check whether you have selected the certificate as encryption
certificate for the external domain?
2. Is the domain certificate trusted? i.e., not shown with a gray
background but with a white background?
3. I see that you have set encrypt mode to "Force". That might be on
purpose but if your intention is to have mandatory encryption when
sending to that domain, you should set encrypt mode to "Mandatory"
Kind regards,
Martijn
3491
days inactive
3491
days old
1 comments
2 participants
participants (2)
-
fatcharly@gmx.de -
Martijn Brinkers