[Djigzo users] Newbie set-up help

Martijn Brinkers martijn at djigzo.com
Fri Jun 19 18:23:41 CEST 2009


Hi Dimitri,

Did you import the pfx file (which is password protected) into KMail?
Because you said "..pulled my crt.." which makes me to believe you only
installed the public certificate. For the most popular email clients I
have added a guide on how to import the pfx
(http://www.djigzo.com/help/import_pfx.html) but I did not yet added a
guide on KMail (I'll see if I can add it).

You can add a SMTP account to your MUA that sends mail through Djigzo. 
If you want Djigzo to encrypt the message you have to make sure you sent 
it to an external recipient. A recipient is external by default. A 
recipient can only be internal when you selected internal for the 
user/domain settings for the recipient (or did set the global settings 
to internal). Djigzo needs the public certificate for the recipient to 
encrypt a message. So, you have to make sure that a public certificate 
is available for the recipient. If the email address of the recipient 
matches the email address of the certificate, and! the certificate is 
trusted (the certificate is not gray or red) Djigzo will automatically 
use the certificate for the recipient (the certificate line will be 
'green' for the encryption certificates page for the recipient). If the 
email address does not match or the certificate is not trusted you can 
manually select the certificate on the encryption certificates page for 
the recipient.

Once this has been setup (and you leave the setting encrypt mode 
"allow", or set it to "mandatory") outgoing email will be encrypted for 
the recipient.
Another option would be to disable encryption by default and use a 
"Subject trigger" to trigger encryption.

Once you have setup the system and are familiar with all the settings 
you can setup your internal email server to relay through Djigzo.

Hope this will keep you going

Kind regards,

Martijn

PS I have been playing with KMail but have not yet been able to import a 
pfx. Perhaps it's because I use Ubuntu which is GNome based. I will look 
into it.

Dimitri Yioulos wrote:
> Greetz, Martijn.
> 
> I followed the basic set-up which you outlined for 
> the Djigzo MTA.  Next, I created a CA, then 
> created a certificate for myself, based on what I 
> read in the SMIME setup guide.  I sent that cert 
> to myself, and since I received it, I've got to 
> believe that my primary MTA is configured 
> properly to work with the Djigzo MTA, at least so 
> far.
> 
> Now, I'm ready to test encrypting mail, but I'm 
> not sure how to proceed.  BTW, I'm the only one 
> in my shop to use Kmail; everyone else uses MS 
> Outlook.  I think I successfully pulled my crt 
> into Kmail
> 
> Now, do I point my MUA to Djigzo?
> What's the next step to encrypting/signing mail?
> 
> Apologies for what seem to be very basic 
> questions, but email encryption is not an easy 
> subject, or it would much more widely used.
> 
> Thanks.
> 
> Dimitri
> 
> On Wednesday 17 June 2009 9:31:21 am you wrote:
>> Hi Dimitri,
>>
>> Have you downloaded the administration guide?
>> It explains how to setup the MTA and gives an
>> overview of all the functionality.
>>
>> The first step is to make sure that email is
>> sent and received via Djigzo.
>>
>> A general setup will go as follows:
>>
>> Djigzo MTA
>>
>> * Allow email relay from your internal sendmail
>> (add the IP of the sendmail server to “My
>> Networks”)
>>
>> * Add the the domains to the “Relay domains”
>> for which you receive email (firstbhpb.com
>> etc.)
>>
>> * Set the ”Internal relay host” to the IP
>> address of the sendmail server (or spam
>> server/virus scanner) to make sure that
>> incoming email gets sent to your internal email
>> server.
>>
>> * If you want Djigzo to sent email to external
>> recipients leave “External relay host” blank.
>> If you use an external relay fill in the IP (or
>> address) of the relay
>>
>> * To make Djigzo know which internal recipients
>> are valid recipients enable advanced settings
>> and enable “Reject unverified recipient”. This
>> option makes Djigzo (actually the internally
>> used Postfix server) ask you sendmail server
>> whether the user is a known user. Enable this
>> option to prevent back-scatter (see
>> http://www.postfix.org/BACKSCATTER_README.html)
>> Change  “reject code” from 450 (try again
>> later) to 550 (reject) if you are certain that
>> “Reject unverified recipient” is functional.
>>
>> * Apply settings
>>
>> Djigzo internally uses Postfix for the MTA part
>> so for the fine details see
>> http://www.postfix.org/documentation.html.
>>
>> Djigzo contains a MTA (responsible for email
>> delivery) and MPA (responsible for email
>> processing like encryption etc.). The MTA
>> determines for which domains you receive email.
>> The MPA determines which email should be
>> encrypted or decrypted. The MPA has to know
>> which domains are internal and which are
>> external In most setups incoming email for your
>> internal users should be decrypted and outgoing
>> email for external users should be encrypted.
>> So in most setups you should add a domain (see
>> page 22 of the administration guide) for each
>> domain you have enabled in the MTA relay
>> domains and make sure that the domain is an
>> internal domain (to make sure that incoming
>> email is decrypted and outgoing email is
>> encrypted).
>>
>> You should now create a CA server certificate
>> and add certificates for your internal and/or
>> external users. This is explained in the S/MIME
>> setup guide.
>>
>> Once you have setup Djigzo for sending and
>> receiving email you can start experimenting
>> with all the features.
>>
>> Hope this helps.
>>
>> Feel free to ask if something isn't clear.
>>
>> Kind regards,
>>
>> Martijn Brinkers
>>
>> Dimitri Yioulos wrote:
>>> Hello to anyone listening.
>>>
>>> I'm excited about Djigzo, and would like to
>>> implement it in our 65-person shop.  I DL'd,
>>> and successfully installed the latest VM
>>> version on VMware Server 1.0.9.  I also added
>>> the latest version of VMware Tools.  I've
>>> read all of the manuals, and have a general
>>> idea of what I need to do to make this all
>>> work.  But, I can't seem to get my head
>>> completely around it.  Someone's help in
>>> setting up and getting it running would be
>>> much appreciated.
>>>
>>> Here's my present email set-up:  latest
>>> sendmail, as well as MailScanner, MailWatch,
>>> clamav, Bit Defender, and spamassassin (which
>>> have been in place, and running well, for
>>> five years) in DMZ.
>>>
>>> I'd like to place Djigzo in front of my
>>> current mail server, and use self-created
>>> certificates.
>>>
>>> Again, help would be appreciated.
>>>
>>> Dimitri
>> --
>> Djigzo open source email encryption
> 


-- 
Djigzo open source email encryption




More information about the Users mailing list