[Djigzo users] Newbie set-up help

Dimitri Yioulos dyioulos at firstbhph.com
Fri Jun 19 17:42:30 CEST 2009

Greetz, Martijn.

I followed the basic set-up which you outlined for 
the Djigzo MTA.  Next, I created a CA, then 
created a certificate for myself, based on what I 
read in the SMIME setup guide.  I sent that cert 
to myself, and since I received it, I've got to 
believe that my primary MTA is configured 
properly to work with the Djigzo MTA, at least so 

Now, I'm ready to test encrypting mail, but I'm 
not sure how to proceed.  BTW, I'm the only one 
in my shop to use Kmail; everyone else uses MS 
Outlook.  I think I successfully pulled my crt 
into Kmail

Now, do I point my MUA to Djigzo?
What's the next step to encrypting/signing mail?

Apologies for what seem to be very basic 
questions, but email encryption is not an easy 
subject, or it would much more widely used.



On Wednesday 17 June 2009 9:31:21 am you wrote:
> Hi Dimitri,
> Have you downloaded the administration guide?
> It explains how to setup the MTA and gives an
> overview of all the functionality.
> The first step is to make sure that email is
> sent and received via Djigzo.
> A general setup will go as follows:
> Djigzo MTA
> * Allow email relay from your internal sendmail
> (add the IP of the sendmail server to “My
> Networks”)
> * Add the the domains to the “Relay domains”
> for which you receive email (firstbhpb.com
> etc.)
> * Set the ”Internal relay host” to the IP
> address of the sendmail server (or spam
> server/virus scanner) to make sure that
> incoming email gets sent to your internal email
> server.
> * If you want Djigzo to sent email to external
> recipients leave “External relay host” blank.
> If you use an external relay fill in the IP (or
> address) of the relay
> * To make Djigzo know which internal recipients
> are valid recipients enable advanced settings
> and enable “Reject unverified recipient”. This
> option makes Djigzo (actually the internally
> used Postfix server) ask you sendmail server
> whether the user is a known user. Enable this
> option to prevent back-scatter (see
> http://www.postfix.org/BACKSCATTER_README.html)
> Change  “reject code” from 450 (try again
> later) to 550 (reject) if you are certain that
> “Reject unverified recipient” is functional.
> * Apply settings
> Djigzo internally uses Postfix for the MTA part
> so for the fine details see
> http://www.postfix.org/documentation.html.
> Djigzo contains a MTA (responsible for email
> delivery) and MPA (responsible for email
> processing like encryption etc.). The MTA
> determines for which domains you receive email.
> The MPA determines which email should be
> encrypted or decrypted. The MPA has to know
> which domains are internal and which are
> external In most setups incoming email for your
> internal users should be decrypted and outgoing
> email for external users should be encrypted.
> So in most setups you should add a domain (see
> page 22 of the administration guide) for each
> domain you have enabled in the MTA relay
> domains and make sure that the domain is an
> internal domain (to make sure that incoming
> email is decrypted and outgoing email is
> encrypted).
> You should now create a CA server certificate
> and add certificates for your internal and/or
> external users. This is explained in the S/MIME
> setup guide.
> Once you have setup Djigzo for sending and
> receiving email you can start experimenting
> with all the features.
> Hope this helps.
> Feel free to ask if something isn't clear.
> Kind regards,
> Martijn Brinkers
> Dimitri Yioulos wrote:
> > Hello to anyone listening.
> >
> > I'm excited about Djigzo, and would like to
> > implement it in our 65-person shop.  I DL'd,
> > and successfully installed the latest VM
> > version on VMware Server 1.0.9.  I also added
> > the latest version of VMware Tools.  I've
> > read all of the manuals, and have a general
> > idea of what I need to do to make this all
> > work.  But, I can't seem to get my head
> > completely around it.  Someone's help in
> > setting up and getting it running would be
> > much appreciated.
> >
> > Here's my present email set-up:  latest
> > sendmail, as well as MailScanner, MailWatch,
> > clamav, Bit Defender, and spamassassin (which
> > have been in place, and running well, for
> > five years) in DMZ.
> >
> > I'd like to place Djigzo in front of my
> > current mail server, and use self-created
> > certificates.
> >
> > Again, help would be appreciated.
> >
> > Dimitri
> --
> Djigzo open source email encryption

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Users mailing list