3 Mar
2019
3 Mar
'19
3:24 p.m.
Hi List,
I was trying ciphermail out and I have it configured like the O365 setup
even though I'm not using O365 (link
<https://www.ciphermail.com/documents/ciphermail-o365-intergration-guide.pdf>
):
ciphermail (10.0.10.21 w/virtual public IP on my fireall & all port
forwards necessary) <> Internet. <-- this way it's on the public
Internet. It works perfectly also though I find it odd that port 443 and
8443 serve the same page and admin can log into both (no biggie but seems
redundant).
I then have another site, mail.somedomain.com as the "internal relay" I
think it was noted in the web ui (that is a public IP hosted elsewhere - a
CPanel server used as a mail server). All outbound email is the standard
default setup so it can relay anything outbound to anything that was not
mail.somedomain.com.
On page 7 of the PDF document for O365 setup it said to test via telnet.
That works perfectly, I get the email (someone(a)somedomain.com for example).
someone(a)somedomain.com is a forwarder to my gmail for testing purposes but
I don't think that would affect the content I received below.
When I get the email though I get two file attachments.
noname
encrypted.asc
The contents of the "noname" file are: "Version: 1"
The encrypted.asc file is:
-----BEGIN PGP MESSAGE-----
Version: CipherMail (4.3.0-1)
...with a long encryption string of characters...
-----END PGP MESSAGE-----
So...I assume the content of my message is in the long encryption string
but if I'm looking at that in my GMail for example or other mail clients of
any kind I can't see anything but the encrypted.asc's long string of junk.
How is anyone supposed to use the community version to encrypt & decrypt
stuff so they can see the content of received email? I have a hard time
believing regular users can figure out how to do that who aren't
technical. I've gone through the admin guide but nothing is standing out
to me. I see you can do S/MIME, PGP, PDF, etc. For whatever reason (and
the admin guide states why I think) PGP was selected to encrypt my test
message that I sent inbound. I haven't tried outbound yet.
Any insight would be helpful.
I'm guessing I need to do something with the public key and run that email
through the public key or something but I'm scratching my head and stuck.
I think I'm almost there but I'm struggling to find any help online about
this.
Thanks for any insight!
7 Mar
7 Mar
9:47 a.m.
Hi Rafael,
See my comments inline
On 03-03-19 15:24, Rafael Wolf via Users wrote:
[SNIP]
So...I assume the content of my message is in the long
encryption string
but if I'm looking at that in my GMail for example or other mail clients of
any kind I can't see anything but the encrypted.asc's long string of junk.
How is anyone supposed to use the community version to encrypt & decrypt
stuff so they can see the content of received email? I have a hard time
believing regular users can figure out how to do that who aren't
technical. I've gone through the admin guide but nothing is standing out
to me. I see you can do S/MIME, PGP, PDF, etc. For whatever reason (and
the admin guide states why I think) PGP was selected to encrypt my test
message that I sent inbound. I haven't tried outbound yet.
The most likely reason why your email sent to your internal domains is
encrypted is that you did not configure that domain to be an internal
domain. The CipherMail gateway has to decide whether an email must be
handled by the encryption or by the decryption pipeline. If an email is
sent to an "Internal" domain, the email is handled by the decryption
pipeline and if the email is sent to an "External" domain, the email is
handled by the encryption pipeline. By default a domain is considered to
be "External" (you only own a few domains, the rest of all existing
domains are external). You therefore need to add the domains for which
you receive email (the "Internal" domains) and override the
"Locality"
for those domains from External to Internal.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
2:57 p.m.
Thank you,
I have in relay domains:
domain.com
I have in the internal relay host:
mail.domain.com
So...is it getting a bit confused between the root domain name and the sub
domain perhaps?
The email when testing via telnet to: user(a)domain.com then it gets relayed
to mail.domain...
I would think it just kicks it out and doesn't do anything special with it
but it must be detecting it as an external and not internal address.
domain.com and mail.domain.com are the same IP (shared hosting on CPanel).
Looking at their DNS records their mail.domain.com doesn't have an A record
only an MX...that might be the problem. I'll make an A record and retest.
Thanks,
Rafael
On Thu, Mar 7, 2019 at 3:48 AM Martijn Brinkers via Users <
users(a)lists.ciphermail.com> wrote:
Hi Rafael,
See my comments inline
On 03-03-19 15:24, Rafael Wolf via Users wrote:
[SNIP]
--
Rafael
765-714-7257
So...I assume the content of my message is in the
long encryption string
but if I'm looking at that in my GMail for example or other mail clients
of
any kind I can't see anything but the
encrypted.asc's long string of
junk.
How is anyone supposed to use the community version to encrypt & decrypt
stuff so they can see the content of received email? I have a hard time
believing regular users can figure out how to do that who aren't
technical. I've gone through the admin guide but nothing is standing out
to me. I see you can do S/MIME, PGP, PDF, etc. For whatever reason (and
the admin guide states why I think) PGP was selected to encrypt my test
message that I sent inbound. I haven't tried outbound yet.
The most likely reason why your email sent to your internal domains is
encrypted is that you did not configure that domain to be an internal
domain. The CipherMail gateway has to decide whether an email must be
handled by the encryption or by the decryption pipeline. If an email is
sent to an "Internal" domain, the email is handled by the decryption
pipeline and if the email is sent to an "External" domain, the email is
handled by the encryption pipeline. By default a domain is considered to
be "External" (you only own a few domains, the rest of all existing
domains are external). You therefore need to add the domains for which
you receive email (the "Internal" domains) and override the
"Locality"
for those domains from External to Internal.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
_______________________________________________
Users mailing list
Users(a)lists.ciphermail.com
https://lists.ciphermail.com/mailman/listinfo/users
3:38 p.m.
See my comments inline
On 07-03-19 14:57, Rafael Wolf wrote:
Thank you,
I have in relay domains:
domain.com <http://domain.com>
I have in the internal relay host:
mail.domain.com <http://mail.domain.com>
So...is it getting a bit confused between the root domain name and the
sub domain perhaps?
The gateway is split into separate parts: MTA (Postfix), which is
responsible for sending and receiving email, the MPA (mail processing
agent) which is responsible for encryption/decryption, the database
(which stores all settings), the Web GUI.
The MPA is where all heavy lifting takes place like
encryption/decryption. The MPA need to know for which domains email
should be encrypted or decrypted. Therefore you need to manually add
your domains and set them to Internal.
For all your domains do the following:
1. Add domain (from GUI, select domains, click "Add domain", Click
"Add", then on the "Edit domain" page, uncheck inherit for Locality
and
set Locality to "Internal", then apply
2. Repeat 1 for your other domains.
Kind regards,
Martijn Brinkers
The email when testing via telnet to: user(a)domain.com
<mailto:user@domain.com> then it gets relayed to mail.domain...
I would think it just kicks it out and doesn't do anything special with
it but it must be detecting it as an external and not internal address.
domain.com <http://domain.com> and mail.domain.com
<http://mail.domain.com> are the same IP (shared hosting on CPanel).
Looking at their DNS records their mail.domain.com
<http://mail.domain.com> doesn't have an A record only an MX...that
might be the problem. I'll make an A record and retest.
On Thu, Mar 7, 2019 at 3:48 AM Martijn Brinkers via Users
<users(a)lists.ciphermail.com <mailto:users@lists.ciphermail.com>> wrote:
Hi Rafael,
See my comments inline
On 03-03-19 15:24, Rafael Wolf via Users wrote:
[SNIP]
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
So...I assume the content of my message is in the
long encryption
string
but if I'm looking at that in my GMail for
example or other mail
clients of
any kind I can't see anything but the
encrypted.asc's long string
of junk.
How is anyone supposed to use the community version to encrypt &
decrypt
stuff so they can see the content of received
email? I have a
hard time
believing regular users can figure out how to do
that who aren't
technical. I've gone through the admin guide but nothing is
standing out
to me. I see you can do S/MIME, PGP, PDF, etc.
For whatever
reason (and
the admin guide states why I think) PGP was
selected to encrypt my
test
message that I sent inbound. I haven't tried
outbound yet.
The most likely reason why your email sent to your internal domains is
encrypted is that you did not configure that domain to be an internal
domain. The CipherMail gateway has to decide whether an email must be
handled by the encryption or by the decryption pipeline. If an email is
sent to an "Internal" domain, the email is handled by the decryption
pipeline and if the email is sent to an "External" domain, the email is
handled by the encryption pipeline. By default a domain is considered to
be "External" (you only own a few domains, the rest of all existing
domains are external). You therefore need to add the domains for which
you receive email (the "Internal" domains) and override the
"Locality"
for those domains from External to Internal.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
_______________________________________________
Users mailing list
Users(a)lists.ciphermail.com <mailto:Users@lists.ciphermail.com>
https://lists.ciphermail.com/mailman/listinfo/users
--
Rafael
765-714-7257
29 Mar
29 Mar
5:15 p.m.
Thank you for all your help, I'm picking this back up where we left off.
Setting it to "internal" helped as you suggested. I can now telnet from
off site to the server's port 25 and send email via telnet but of course,
only after adjusting the MTA (admin > mta > config > my networks > add my
current public IP where I'm testing from). I get that, to avoid anonymous
relay.
When I telnet test email it seems to send it in plain text...should I
expect some kind of link to a portal or something? Is it because the mail
was sent via TLS to Gmail that it didn't re-encrypt the contents?
telnet x.x.x.x 25
Trying x.x.x.x...
Connected to x.x.x.x.
Escape character is '^]'.
220 cipher.domain.com ESMTP CipherMail
ehlo mail.internaldomain.com
250-cipher.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:user@domain.com
250 2.1.0 Ok
rcpt to:user@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: Encrypt
Test encryption number 5.
.
250 2.0.0 Ok: queued as 44W61p2hVVz7SFG3
quit
221 2.0.0 Bye
I was expecting Ciphermail to encrypt the contents somehow. I'm also
confused a bit when the recipient gets the email (contents, attachments,
etc) how the user decrypts the contents or the message.
I'm still a bit foggy on that with my setup of ciphermail.
I haven't found anything clear on the exact setup. Of course, I haven't
put this server "in line" (internet > ciperhmail <> mail server) yet
instead it's internet | ciphermail > mail server and the ciphermail is kind
of standing out there with nothing pointing at it which lets me be able to
test with telnet to see how it reacts both inbound from outside (telnet,
from outside domain) and inside from (telnet trusted IP in MTA, from inside
user(a)domain.com).
Hope that all makes sense. Maybe it's encrypting via TLS so since it's
doing that it doesn't need to encrypt PGP or any other way...?
Thanks for the help in understanding the process.
On Thu, Mar 7, 2019 at 9:38 AM Martijn Brinkers <martijn(a)ciphermail.com>
wrote:
See my comments inline
On 07-03-19 14:57, Rafael Wolf wrote:
--
Rafael
Thank you,
I have in relay domains:
domain.com <http://domain.com>
I have in the internal relay host:
mail.domain.com <http://mail.domain.com>
So...is it getting a bit confused between the root domain name and the
sub domain perhaps?
The gateway is split into separate parts: MTA (Postfix), which is
responsible for sending and receiving email, the MPA (mail processing
agent) which is responsible for encryption/decryption, the database
(which stores all settings), the Web GUI.
The MPA is where all heavy lifting takes place like
encryption/decryption. The MPA need to know for which domains email
should be encrypted or decrypted. Therefore you need to manually add
your domains and set them to Internal.
For all your domains do the following:
1. Add domain (from GUI, select domains, click "Add domain", Click
"Add", then on the "Edit domain" page, uncheck inherit for Locality
and
set Locality to "Internal", then apply
2. Repeat 1 for your other domains.
Kind regards,
Martijn Brinkers
The email when testing via telnet to:
user(a)domain.com
<mailto:user@domain.com> then it gets relayed to mail.domain...
I would think it just kicks it out and doesn't do anything special with
it but it must be detecting it as an external and not internal address.
domain.com <http://domain.com> and mail.domain.com
<http://mail.domain.com> are the same IP (shared hosting on CPanel).
Looking at their DNS records their mail.domain.com
<http://mail.domain.com> doesn't have an A record only an MX...that
might be the problem. I'll make an A record and retest.
On Thu, Mar 7, 2019 at 3:48 AM Martijn Brinkers via Users
<users(a)lists.ciphermail.com <mailto:users@lists.ciphermail.com>> wrote:
Hi Rafael,
See my comments inline
On 03-03-19 15:24, Rafael Wolf via Users wrote:
[SNIP]
is
So...I assume the content of my message is in the
long encryption
string
but if I'm looking at that in my GMail for
example or other mail
clients of
any kind I can't see anything but the
encrypted.asc's long string
of junk.
How is anyone supposed to use the community version to encrypt &
decrypt
stuff so they can see the content of received
email? I have a
hard time
believing regular users can figure out how to do
that who aren't
technical. I've gone through the admin guide but nothing is
standing out
to me. I see you can do S/MIME, PGP, PDF, etc.
For whatever
reason (and
the admin guide states why I think) PGP was
selected to encrypt my
test
message that I sent inbound. I haven't tried
outbound yet.
The most likely reason why your email sent to your internal domains encrypted is that you did not configure that
domain to be an internal
domain. The CipherMail gateway has to decide whether an email must be
handled by the encryption or by the decryption pipeline. If an email
is
sent to an "Internal" domain, the
email is handled by the decryption
pipeline and if the email is sent to an "External" domain, the email
is
handled by the encryption pipeline. By
default a domain is
considered to
be "External" (you only own a few
domains, the rest of all existing
domains are external). You therefore need to add the domains for
which
you receive email (the "Internal"
domains) and override the
"Locality"
for those domains from External to Internal.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
_______________________________________________
Users mailing list
Users(a)lists.ciphermail.com <mailto:Users@lists.ciphermail.com>
https://lists.ciphermail.com/mailman/listinfo/users
--
Rafael
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
984
days inactive
1010
days old
4 comments
2 participants
participants (2)
-
Martijn Brinkers -
Rafael Wolf