Thank you for all your help, I'm picking this back up where we left off.
Setting it to "internal" helped as you suggested. I can now telnet from
off site to the server's port 25 and send email via telnet but of course,
only after adjusting the MTA (admin > mta > config > my networks > add my
current public IP where I'm testing from). I get that, to avoid anonymous
relay.
When I telnet test email it seems to send it in plain text...should I
expect some kind of link to a portal or something? Is it because the mail
was sent via TLS to Gmail that it didn't re-encrypt the contents?
telnet x.x.x.x 25
Trying x.x.x.x...
Connected to x.x.x.x.
Escape character is '^]'.
220
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:user@domain.com
250 2.1.0 Ok
rcpt to:user@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: Encrypt
Test encryption number 5.
.
250 2.0.0 Ok: queued as 44W61p2hVVz7SFG3
quit
221 2.0.0 Bye
I was expecting Ciphermail to encrypt the contents somehow. I'm also
confused a bit when the recipient gets the email (contents, attachments,
etc) how the user decrypts the contents or the message.
I'm still a bit foggy on that with my setup of ciphermail.
I haven't found anything clear on the exact setup. Of course, I haven't
put this server "in line" (internet > ciperhmail <> mail server) yet
instead it's internet | ciphermail > mail server and the ciphermail is kind
of standing out there with nothing pointing at it which lets me be able to
test with telnet to see how it reacts both inbound from outside (telnet,
from outside domain) and inside from (telnet trusted IP in MTA, from inside
user(a)domain.com).
Hope that all makes sense. Maybe it's encrypting via TLS so since it's
doing that it doesn't need to encrypt PGP or any other way...?
Thanks for the help in understanding the process.
On Thu, Mar 7, 2019 at 9:38 AM Martijn Brinkers <martijn(a)ciphermail.com>
wrote:
See my comments inline
On 07-03-19 14:57, Rafael Wolf wrote:
Thank you,
I have in relay domains:
domain.com <http://domain.com>
I have in the internal relay host:
mail.domain.com <http://mail.domain.com>
So...is it getting a bit confused between the root domain name and the
sub domain perhaps?
The gateway is split into separate parts: MTA (Postfix), which is
responsible for sending and receiving email, the MPA (mail processing
agent) which is responsible for encryption/decryption, the database
(which stores all settings), the Web GUI.
The MPA is where all heavy lifting takes place like
encryption/decryption. The MPA need to know for which domains email
should be encrypted or decrypted. Therefore you need to manually add
your domains and set them to Internal.
For all your domains do the following:
1. Add domain (from GUI, select domains, click "Add domain", Click
"Add", then on the "Edit domain" page, uncheck inherit for Locality
and
set Locality to "Internal", then apply
2. Repeat 1 for your other domains.
Kind regards,
Martijn Brinkers
The email when testing via telnet to:
user(a)domain.com
<mailto:user@domain.com> then it gets relayed to mail.domain...
I would think it just kicks it out and doesn't do anything special with
it but it must be detecting it as an external and not internal address.
domain.com <http://domain.com> and
mail.domain.com
<http://mail.domain.com> are the same IP (shared hosting on CPanel).
Looking at their DNS records their
mail.domain.com
<http://mail.domain.com> doesn't have an A record only an MX...that
might be the problem. I'll make an A record and retest.
On Thu, Mar 7, 2019 at 3:48 AM Martijn Brinkers via Users
<users(a)lists.ciphermail.com <mailto:users@lists.ciphermail.com>> wrote:
Hi Rafael,
See my comments inline
On 03-03-19 15:24, Rafael Wolf via Users wrote:
[SNIP]
So...I assume the content of my message is in the
long encryption
string
but if I'm looking at that in my GMail for
example or other mail
clients of
any kind I can't see anything but the
encrypted.asc's long string
of junk.
How is anyone supposed to use the community version to encrypt &
decrypt
stuff so they can see the content of received
email? I have a
hard time
believing regular users can figure out how to do
that who aren't
technical. I've gone through the admin guide but nothing is
standing out
to me. I see you can do S/MIME, PGP, PDF, etc.
For whatever
reason (and
the admin guide states why I think) PGP was
selected to encrypt my
test
message that I sent inbound. I haven't tried
outbound yet.
The most likely reason why your email sent to your internal domains
is
encrypted is that you did not configure that
domain to be an internal
domain. The CipherMail gateway has to decide whether an email must be
handled by the encryption or by the decryption pipeline. If an email
is
sent to an "Internal" domain, the
email is handled by the decryption
pipeline and if the email is sent to an "External" domain, the email
is
handled by the encryption pipeline. By
default a domain is
considered to
be "External" (you only own a few
domains, the rest of all existing
domains are external). You therefore need to add the domains for
which
you receive email (the "Internal"
domains) and override the
"Locality"
for those domains from External to Internal.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
_______________________________________________
Users mailing list
Users(a)lists.ciphermail.com <mailto:Users@lists.ciphermail.com>
https://lists.ciphermail.com/mailman/listinfo/users
--
Rafael
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.