Re: [Djigzo users] Docker / Kubernetes

[Martijn Brinkers via Users]

On 05-07-18 02:45, Paul Bronson via Users wrote:
> Is there a docker container or kubernetes available for ciphermail?

Not at the moment

However it seems that someone used docker a while back (3 years)

https://hub.docker.com/r/combro2k/djigzo/~/dockerfile/

When we have time, we will spend some time investigating a docker container.

Kind regards,

Martijn Brinkers


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] PDF Encryption "Generate password to originator" vs. SMS send

[Martijn Brinkers via Users]

On 05-07-18 22:02, Yves Kretzschmar-Schwipper via Users wrote:
> Hello,
> 
> if I enable the option "Generate password to originator" in Settings - PDF 
> the password for new users is sent back to the originator as the name says 
> but even if I specify a mobile number in the Subject Line no SMS is generated.
> 
> If I disable the option "Generate password to originator" sending SMS works 
> but sending a message to a new user fails because the password will not be 
> reported back to the originator.
> 
> I'd like to have the system behave like the following:
> 
> 
> 1.   If a mobile number is given in subject, send the password as SMS
> 
> 2.   If no mobile number is giben, send the password back to the 
> originator
> 
> Is this possible?

This is not possible with the default config. The mail flow is described
in the file config.xml. You can change the order of the mail flow or add
new rules to get the behavior you want.

Take a look at the config.xml and see whether you can add a rule.

For example the rule that checks if the recipient has a phone number is
and if so sends the message as PDF with password sent via SMS is:



   Recipient(s) have phone numbers 
   generate-passwords-sms 


Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] logging SOAP-Events between WEB-GUI and Tomcat-Backend

[Martijn Brinkers via Users]

On 03-07-18 10:15, Sven Kusig via Users wrote:
> Hello,
> 
> i try to find out, how can i generate a new PGP-Key and allocate it to a
> user via script (SOAP-Interface).
> Is it possible to change the Logging-Level so that i can see the
> SOAP-Request, which are the Web-Gui used for this operations ?
> 
> Have anyone an idea ?

You can enable soap logging by editing the file:

/usr/share/djigzo/conf/spring/soap.xml

Uncomment the part just after the comment



Then restart the back-end

sudo service djigzo restart

The soap messages should now be logged to the MPA log (/var/log/djigzo.log)

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] SMS Account does not work

[Martijn Brinkers via Users]

The Clickatell provider uses the old style http provider, not the new 
style rest api. Does clickatell provide you with the option of selecting 
the old style api?


kind regards,

Martijn Brinkers

On 15-06-18 12:38, Sven Halle via Users wrote:

Hi out there,
i course of the is no possibility to choose another SMS Provider in the 
community version i sign up an account at clickatell.com
I got an API Key but chipermail says:

Balance SMS balance (credits)
SMSTransportException: Error sending ...
Update balance
The API Key is ivalid or missing.

But i´m sure that´s the right key.

Who can help?



Sven Halle



___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users


___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] SMS Provider

[Martijn Brinkers via Users]

Additional SMS providers can be added by implementing the SMS provider 
interface. This however required some code developed with Java.


The pro/enterprise comes with some additional SMS providers.

Kind regards,

Martijn Brinkers

On 14-06-18 23:18, Sven Halle via Users wrote:

Hello out there,
is it possible to use an alternativ SMS Provider?

thank you

Sven Halle



___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users


___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] SPAM: Re: Move from virtual appliance v3 to v4

[Martijn Brinkers via Users]

Hi Dietmar,

The CA functionality of CipherMail is limited. For example the root 
certificate is generated and then the intermediate CA is generated. 
Unfortunately only the root certificate is stored. There were various 
reasons for this, some historic. When we improve the CA we will fix 
this. Unfortunately at the moment you need to generate a new CA. if you 
want to keep the root, its best to generate one externally (for example 
with openssl) and then import the root certificate and intermediate 
(with private key). You can the use the CA to generate end user certs.


Kind regards,

Martijn Brinkers

On 14-06-18 10:09, Dietmar Möller via Users wrote:

Hello,
yes, I can export the root certificates. But the problem is:
I created the root certificate and the intermediate certificate with 
Ciphermail. The intermediate certificate expires earlier than the root 
certificate. Therefore, I have to create a new intermediate certificate at some 
point. But this is only possible if I also have the private key for the root 
certificate. But I can't export it. If my intermediate certificate has expired, 
I also have to create a new root certificate.
Since our system has not been running for long and our root certificate is not 
yet so well known, I have now set everything up again - with a new root 
certificate. Hope that this can be done by the backup/restore function during 
the next update.

Thank you very much
Greeting Dietmar




Dietmar Möller
Systemadministrator

Telefon: 07962 - 7128420
Handy: 01577 - 9500600

Fax: 07962 - 7128430
Mail: d.moel...@straphael.de

Marktstraße 2
74579 Fichtenau

St. Raphael
Kinder- und Jugendhilfe

Marktstraße 2
74579 Fichtenau
www.straphael.de
Telefon: (07962) 71284-0
Fax: (07962) 71284-30

Der Inhalt dieser E-Mail ist ausschließlich für den bezeichneten Adressaten 
bestimmt. Jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung und 
Weitergabe dieser E-Mail durch unberechtigte Dritte ist unzulässig. Wir bitten 
Sie, sich mit dem Absender in Verbindung zu setzten, falls Sie nicht der 
Adressat dieser E-Mail sind, und das Material von ihrem Computer zu löschen. 
Herzlichen Dank!




Besuchen Sie auch unser Begegnungsfest · 01. Juli 2018 · in Fichtenau - 
Unterdeufstetten-Ursprüngliche Nachricht-
Von: Users  Im Auftrag von Martijn Brinkers via 
Users
Gesendet: Mittwoch, 13. Juni 2018 21:39
An: users@lists.djigzo.com
Betreff: SPAM: Re: [Djigzo users] Move from virtual appliance v3 to v4

Hi Dietmar,

You can select all the root certificats and download them as a p7b file.
Then import the certs into the new gateway.

Kind regards,

Martijn Brinkers

On 12-06-18 10:56, Dietmar Möller via Users wrote:

Sorry, first Mail in german...

Hello,
I would like to move my existing configuration of the virtual appliance from 
version 3.x to version 4.x. Since this is not possible via the backup function, 
I try this manually. Unfortunately I can't find out how to move my root CA. The 
sub-Ca can be moved in the same way as the user certificates, but not the root 
CA.
Does anyone know how to do this?

regards


Dietmar Möller
Systemadministrator

Telefon: 07962 - 7128420
Handy: 01577 - 9500600

Fax: 07962 - 7128430
Mail: d.moel...@straphael.de

Marktstraße 2
74579 Fichtenau

St. Raphael
Kinder- und Jugendhilfe

Marktstraße 2
74579 Fichtenau
www.straphael.de
Telefon: (07962) 71284-0
Fax: (07962) 71284-30

Der Inhalt dieser E-Mail ist ausschließlich für den bezeichneten Adressaten 
bestimmt. Jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung und 
Weitergabe dieser E-Mail durch unberechtigte Dritte ist unzulässig. Wir bitten 
Sie, sich mit dem Absender in Verbindung zu setzten, falls Sie nicht der 
Adressat dieser E-Mail sind, und das Material von ihrem Computer zu löschen. 
Herzlichen Dank!


___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users




--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure 
webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users



___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users


___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Djigzo (Chipermail) sent PDF does not work

[Martijn Brinkers via Users]

It's important that the global "locality" setting is set to External and 
for the domains you receive email on to internal.


In most cases the MPA log should provide all the information as to why 
en email is not PDF encrypted. If you can not find out from the MPA log 
why the message was not PDF encrypted, please send the relevant MPA log 
to the mailing list.


Kind regards,

Martijn Brinkers


On 13-06-18 21:07, Sven Halle via Users wrote:

Hello and good evening,
after i´ved config User and Domain Settings to „inherit“ in every option and 
under „Settings“ the option „locality“ to „External“ everything works. I read 
in the doku that this option has set to „Internal“, thats why i set this.
Maybe i missunderstoud the doku.

Hope this help somebody

Bye ...

Sven Halle
Schloßstraße 40
55411 Bingen am Rhein

Mobil 0173 9316778


Am 13.06.2018 um 14:59 schrieb Sven Halle :

Hello out there,
i´ve installed the VM for Chipermail. After some hours config, the system works.
Sent and receive encrypted Mails with PGP are possible without problems.

only the function "sent encrypted PDF in case of no signing key from the 
partner exists“ doesnt work.
i enabled PDF in „Settings“, in „Domains“ and in „users“ but the only message i 
get is:

_
The message with Subject

test

has not been sent to the following recipients because the message could not be 
encrypted.
_

Who can help me?

Thanks & nice greetings

Sven Halle
Schloßstraße 40
55411 Bingen am Rhein

Mobil 0173 9316778





___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users




--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and 
secure webmail pull.


https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Move from virtual appliance v3 to v4

[Martijn Brinkers via Users]

Hi Dietmar,

You can select all the root certificats and download them as a p7b file. 
Then import the certs into the new gateway.


Kind regards,

Martijn Brinkers

On 12-06-18 10:56, Dietmar Möller via Users wrote:

Sorry, first Mail in german...

Hello,
I would like to move my existing configuration of the virtual appliance from 
version 3.x to version 4.x. Since this is not possible via the backup function, 
I try this manually. Unfortunately I can't find out how to move my root CA. The 
sub-Ca can be moved in the same way as the user certificates, but not the root 
CA.
Does anyone know how to do this?

regards


Dietmar Möller
Systemadministrator

Telefon: 07962 - 7128420
Handy: 01577 - 9500600

Fax: 07962 - 7128430
Mail: d.moel...@straphael.de

Marktstraße 2
74579 Fichtenau

St. Raphael
Kinder- und Jugendhilfe

Marktstraße 2
74579 Fichtenau
www.straphael.de
Telefon: (07962) 71284-0
Fax: (07962) 71284-30

Der Inhalt dieser E-Mail ist ausschließlich für den bezeichneten Adressaten 
bestimmt. Jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung und 
Weitergabe dieser E-Mail durch unberechtigte Dritte ist unzulässig. Wir bitten 
Sie, sich mit dem Absender in Verbindung zu setzten, falls Sie nicht der 
Adressat dieser E-Mail sind, und das Material von ihrem Computer zu löschen. 
Herzlichen Dank!


___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users




--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and 
secure webmail pull.


https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Back-end is not running or not yet fully started up

[Martijn Brinkers via Users]

The back-end log files are stored in

/usr/share/djigzo/logs

the file /var/log/djigzo.log is symlinked to the latest log file.

Kind regards,

Martijn Brinkers


On 09-06-18 17:33, Dino Edwards via Users wrote:

Hello,

I'm getting this error when trying to login to the Ciphermail Web GUI. Where 
should I look for possible issues?

Thanks



___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users




--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

[Djigzo users] New release of the CipherMail Email Encryption Gateway (4.1.2-1)

[Martijn Brinkers via Users]

A new version of the CipherMail email encryption gateway has been
released (4.1.2-1)

Release notes:

* EFAIL detection added (see 
https://ciphermail.com/blog/efail-detection-and-prevention.html for more 
info)


* TLSv1 and TLSv1.1 are now disabled (only TLSv1.2 is supported). Only 
strong TLS ciphers are enabled.


* "Clickjacking" protection added (the Web GUI now adds an 
"X-Frame-Options: DENY" header)


* SMTP lookup tables GUI option added [PRO/ENT].


Upgrade guide can be downloaded from:

http://www.ciphermail.com/documents/upgrade-guide.pdf

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

http://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Deployment of CipherMail

[Martijn Brinkers via Users]

On 23-05-18 19:44, lists via Users wrote:

I'm on 4.1.0.

I can add the following findings:

The client certificate is issued by this root: CN=D-TRUST CA 2-1
2015, O=D-Trust GmbH, L=Berlin, C=DE

http://www.d-trust.net/cgi-bin/D-TRUST_CA_2-1_2015.crt

It is issued by: CN=COMODO RSA Certification Authority, O=COMODO CA
Limited, L=Salford, ST=Greater Manchester, C=GB

https://support.comodo.com/index.php?/Knowledgebase/Article/View/969/108/root-comodo-rsa-certification-authority-sha-2

 When Ciphermail displays the root CN=D-TRUST CA 2-1 2015, O=D-Trust
GmbH, L=Berlin, C=DE the Comodo root is not displayed as link. So I
guess that Chipermail is for some reason not able to resolve the
chain. Why?


This works for me. The following D-Trust certificate is trusted when I 
import it


http://www.d-trust.net/cgi-bin/D-TRUST_CA_2-1_2015.crt

What is the background color of the D-Trust cert in your gateway? gray 
or white?


Kind regards,

Martijn Brinkers




-Ursprüngliche Nachricht-

Von:Martijn Brinkers via Users  Gesendet:
Mittwoch 23 Mai 2018 14:24 An:  Betreff:
Re: [Djigzo users] Deployment of CipherMail

On 23-05-18 09:34, Ralf Kirmis via Users wrote:

we are planning to deploy ciphermail and use exim as our MTA. Can
you post some of your config snippets, for using exim with
ciphermail?


The CipherMail gateway can basically split up into three parts. The
MTA (postfix), the encryption/decryption back-end and the front-end
(web GUI).

When postfix receives a message, the message is sent to the
back-end for encryption/decryption using an Postfix after-queue
filter. After handling, the email (or multiple in case of different
sender/recipient requirements for example) is sent back to postfix
for delivery. In principle the MTA functionality can be replaced by
some other MTA. Take a look how postfix delivers the email to the
back-end, doing this in a similar way with Exim should not be hard
to figure out.

Kind regards,

Martijn Brinkers


-- CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption
and secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___ Users mailing list 
Users@lists.djigzo.com 
https://lists.djigzo.com/lists/listinfo/users





--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Deployment of CipherMail

[Martijn Brinkers via Users]

On 23-05-18 09:34, Ralf Kirmis via Users wrote:

we are planning to deploy ciphermail and use exim as our MTA.
Can you post some of your config snippets, for using exim with ciphermail?


The CipherMail gateway can basically split up into three parts. The MTA 
(postfix), the encryption/decryption back-end and the front-end (web GUI).


When postfix receives a message, the message is sent to the back-end for 
encryption/decryption using an Postfix after-queue filter. After 
handling, the email (or multiple in case of different sender/recipient 
requirements for example) is sent back to postfix for delivery. In 
principle the MTA functionality can be replaced by some other MTA. Take 
a look how postfix delivers the email to the back-end, doing this in a 
similar way with Exim should not be hard to figure out.


Kind regards,

Martijn Brinkers


--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Invalid S/Mime signatures

[Martijn Brinkers via Users]

On 22-05-18 21:12, lists via Users wrote:> 22 May 2018 20:58:46 | INFO 
incoming; MailID: d6c60f00-eefe-47d9-be9e-cd8fc989034b; Recipients: 
[recip...@dest-domain.com]; Originator: sen...@sender-domain.com; 
Sender: sen...@sender-domain.com; Remote address: 192.168.100.252; 
Subject: test; Message-ID: > 22 May 2018 20:58:46 | INFO S/MIME message 
has been decrypted. MailID: d6c60f00-eefe-47d9-be9e-cd8fc989034b; 
Recipients: [recip...@dest-domain.com] 
(mitm.application.djigzo.james.mailets.SMIMEHandler) [Spool Thread #3]

[SNIP]


22 May 2018 20:58:46 | WARN Signature could not be verified. Message: Message 
content cannot be verified with the signers public key. 
(mitm.common.security.smime.handler.SMIMEInfoHandlerImpl) [Spool Thread #3]
22 May 2018 20:58:46 | WARN S/MIME signature was not valid; Signer IDs: CN=D-TRUST CA 2-1 2015, O=D-Trust GmbH, L=Berlin, C=DE/715FBC297CC280DEF937EF0AF42176B6/; MailID: d6c60f00-eefe-47d9-be9e-cd8fc989034b (mitm.application.djigzo.james.mailets.SMIMEHandler) > 
All certificates and chains are present in certificate store. Wy does the signature not get veified?


There can be all kinds of reasons why a signature does not validate. In 
this case the validation failure seems not to be caused by a missing 
certificate. It's hard to analyze without more information. From the 
logs it looks like you remove the signature. If possible, it would be 
helpful to get a message with signature attached so you can check 
whether some S/MIME email client things the signature is correct.


Which version of CipherMail are you using? 3.3.1-0 introduced support 
for RSASSA-PSS signing. If you use an older version and the message is 
RSASSA-PSS signed, verification will probably fail.


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] PGP New Vulnerabilities

[Martijn Brinkers via Users]

On 15-05-18 12:06, Andi via Users wrote:


Zitat von Martijn Brinkers via Users :

Hi,

I have written a short blog article on EFAIL.

https://www.ciphermail.com/blog/efail-who-is-vulnerable-pgp-smime-or-your-mail-client.html 



Kind regards,

Martijn Brinkers


On 14-05-18 14:40, CipherMail via Users wrote:

Hi,

This morning we were alerted about a new PGP vulnerability.
English: 
https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now 
Dutch: 
https://tweakers.net/nieuws/138557/onderzoekers-stop-direct-met-gebruik-pgp-vanwege-lekken.html 



What might be a secure fallback is to get a setting for ciphermail to 
only decrypt valid signed e-mail and simply pass it along if there is no 
signature or invalid signed. This could be a setting for the security 
aware operator in the spirit of "better safe than sorry", no?


This will prevent ciphermail from using the decryption key in cases 
where the user might get tricked to trust the sender otherwise.


That might work but I do not know how often email is encrypted and not 
signed. Also in theory the attacker should be able to generate a signed 
message (although I think this is not feasible in practice).


I have written a short article on how you can detect whether a decrypted 
email was misused for EFAIL (see other email to mailing list).


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

[Djigzo users] EFAIL: how to detect you are being attacked?

[Martijn Brinkers via Users]

Hi,

A short article on how to detect whether an EFAIL attack was used.

https://www.ciphermail.com/blog/efail-how-to-detect-you-are-being-attacked.html

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] PGP New Vulnerabilities

[Martijn Brinkers via Users]

Hi,

I have written a short blog article on EFAIL.

https://www.ciphermail.com/blog/efail-who-is-vulnerable-pgp-smime-or-your-mail-client.html

Kind regards,

Martijn Brinkers


On 14-05-18 14:40, CipherMail via Users wrote:

Hi,

This morning we were alerted about a new PGP vulnerability.
English: 
https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now 

Dutch: 
https://tweakers.net/nieuws/138557/onderzoekers-stop-direct-met-gebruik-pgp-vanwege-lekken.html 






--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Is Ciphermail save against "Efail"?

[Martijn Brinkers via Users]

On 14-05-18 12:53, Andi via Users wrote:

Hello,

today a new threat againts encrypted e-mail (PGP and S/MIME) is in the 
news:


https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now 



 From what i understand the basic problem is that it is possible to 
inject special data in already encrypted e-mail, which than will be 
reported back after decryption with HTML URLs to the attacker and can be 
used to derive the key used for encryption.


So i guess one would need the following conditions to be true for the 
attack to succeed


- The MUA access external URLs to load content in HTML e-mail 
(automatically)


- The e-mail will be decode despite the altered content (not vaild 
signed at least)


- Probably many e-mails are needed to get the oracle attack to work?

So for Ciphermail there should be no direct problem because it does not 
"read" the e-mail or obey URLs in the e-mail? But the question remains 
if there is a possibilty to prevent the "vulnerable" clients againts 
attack e-mail passing Ciphermail by not decrypting them or something 
like that?


Maybe i'm totaly wrong, but thanks for any feedback on this


I'm still investigating the actual vulnerability but from what I have 
read I would say it's more a vulnerability in email clients which can be 
exploited to get parts of the plain text from a previously sent email.


To be vulnerable, the mail client should automatically retrieve remote 
information (for example images or CSS files). Allowing your mail client 
to automatically retrieve information from remote sources is strongly 
discouraged anyway because it can also be used by trackers (1 pixel images).


The vulnerability is that an attacker can create an email containing 
previously encrypted content which is then decrypted. The decrypted 
content however is embedded into a link (image, css etc.). If the mail 
client then tries to retrieve the remote link, it sends the URL (which 
contains part of the email). The attacked then retrieves the link and 
can extract the text.


To mitigate this, the first step would be to disallow your mail client 
to retrieve remote content (so block loading remote content).


I will do some further analysis and see whether a server side fix can 
work around the issue.


Kind regards,

Martijn Brinkers


--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

[Djigzo users] New release of the CipherMail Email Encryption Gateway available (4.1.0-0)

[Martijn Brinkers via Users]

A new version of the CipherMail Email Encryption Gateway is available 
(4.1.0-0)


Virtual Appliance downloads:

https://www.ciphermail.com/downloads-virtual-appliance.html

Distribution packages downloads:

https://www.ciphermail.com/downloads-gateway-distributions.html

Release notes:

New

* CertStore command line tool can now export certificates and keys
* PGP commons line tool can now export public and secret keys
* The back-end now supports a Mail attribute named
  remote-delivery.smtp.relay-host. It can be used to deliver email to
  a different relay host or local port based on content.
* SetRecipients mailet added. This can be used to change the recipients
  of an email.
* Post smime and pgp processor is now only called when a message was/is
  s/mime or PGP. This can be used to add specific behavior when a
  message is S/MIME or PGP (for example redirect to
  content scanner)
* Systemd fetchmail.service unit file added.
* Matcher added which can match on a user configurable list of
  senders/recipients. This also works for
  Exchange journaling messages by looking inside the journal [PRO/ENT].
* Intellicard Certificate Request handler added [PRO/ENT].
* Export database to XML [PRO/ENT].

Bugs/Improvements/Changes

* Cipher suites for HTTPClient are no longer set. The Cipher suites
  config resulted in a bug after a Java update.
  The Java bug was only triggered in old versions of CipherMail that
  used a link to sunjce_provider.jar in
  /usr/share/djigzo/james-2.3.1/lib.
* SleepTimeOnError added to SMSGatewayImpl background thread. The thread
  will sleep for 30 sec (default) if there was an exception in the
  background thread not caused by a transport. This is done to prevent
  filling up the logs if there is a problem with the database.
* SMIME command line tool refactored. Now uses long option names.
* System property ciphermail.crypto.cms.mustProduceEncodableUnwrappedKey
  added. This sets the mustProduceEncodableUnwrappedKey BC property.
  This is needed for supporting Utimaco HSMs.
* MySQL/MariaDB SQL config minor change. varchar columns with size 128
  increased to 255.The alias field was too short to fit a sha512
  thumbprint and some prefix used by a cert request handler
  This resulted in an field too small error when trying to set the key
  alias (this was only an issue with the prof/ent. edition)
* Postgres 10 does not allow the JDBC URL to end with /. The last /
  has been removed from the URL.
* Postgres JDB driver updated to support Postgres 10.
* Most required/depends removed from RPM and DEB conf files. It is
  impossible to support different RH/CentOS, Ubuntu. releases with
  one RPM or DEB because packages are renamed/removed.
* The back-end front-end SOAP layer now uses Basic Authentication mode
  instead of WS security to work around a recently introduced Java bug
  in Java
  1.8.0_162. (https://bugs.openjdk.java.net/browse/JDK-8196491,
  https://github.com/javaee/metro-jax-ws/issues/1209)
* The CipherMail Virtual Appliance is now using CentOS 7 instead of
  Ubuntu and uses MariaDB instead of Postgres. This means that
  back-ups of previous CipherMail Virtual Appliance cannot be
  directly imported because the database type is changed. Users
  with a support contract can contact Us for help with migrating the
  database to the new version. Note: this only impacts users using the
  Virtual Appliance who wish to upgrade to the new CentOS based
  Virtual Appliance.
* HSM module now supports RSAES-OAEP encryption scheme (requirement
  for the German edi@energy standard) [PRO/ENT].
* License check only checked if license was valid at startup [PRO/ENT].
* Selected Certificate Request Handler is now session persistent so
  the selection is remembered while session is active.
* Jetty upgraded to release 9.4. This requires java 8 or up [PRO/ENT].

Upgrade guide can be downloaded from:

http://www.ciphermail.com/documents/upgrade-guide.pdf

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Rookie Question - G Suite

[Martijn Brinkers via Users]

On 02-05-18 17:41, Greg Williams via Users wrote:

Hi,

How to I get Ciphermail to accept email from G Suite (this is where our
emails are hosted)

Our domain is setup both in domains and relay but I do not know how to get
it to accept our outgoing emails without giving access to anyone who uses
gmail?

Any help would be great


This requires a number of changes to Postfix (the MTA uses by 
CipherMail). There is no guide for G Suite but it should be setup in a 
similar as O365


https://www.ciphermail.com/documents/ciphermail-o365-intergration-guide.pdf

The get the list of Google IPs and for more information on how to 
configure G Suite to relay email through and external smart host see:


https://support.google.com/a/answer/178333?hl=en

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Export CRL List from internal CA via command line

[Martijn Brinkers via Users]

On 01-05-18 18:59, gulchi via Users wrote:

Hi Martijn, hi list,

thank you for your help in advance.
I use Ciphermails internal CA for creating SMIME certificates. Now I 
download the CRLs manually from Ciphermails Web Interface.


Is there a way to create and download the crl with the command line tool?


Unfortunately at the moment there is no option to generate the CRL from 
the command line. Getting the CRL from the local database is possible 
though.


The front-end connects to the back-end via SOAP so with some Java code 
(or some other programming language supporting soap) it should however 
not be difficult to get this working.


Alternatively you might try to create a script which logs in and execute 
the correct commands or you might use openssl to generate the CRL on the 
command line.


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Issue with S/MIME decryption most likley caused by Exchange attaching corporate signatures

[Martijn Brinkers via Users]

On 16-04-18 17:27, Olaf Schwarz via Users wrote:

Hi all,


I have an issue with the decryption of S/MIME mails, and hope someone
can be of help.
To be honest I did not got very deep down the rabbit hole with this one,
as I expect it to be a common problem someone else might already have
solved.

Issue description:
S/MIME mail is decrypted but given back to the mail queue as an empty
mail with an attachment called "smime.p7m". This attachment includes the
message in plain and certificate information. But this does not happen
with all S/MIME encrypted mails.

Ciphermail Version:
Version: 3.3.1-0. Built: 2017-10-07-08:36.

Current thoughts:
I guess this might be related to mails which are signed\encrypted by a
local client and the corporate exchange server adds corporate text
signatures to that mail. ( like the "think before print " or legal
disclaimers)


CipherMail contains code to gracefully handle S/MIME unaware disclaimer 
software, i.e., CipherMail can detect whether a disclaimer was added to 
an S/MIME message, thereby creating a non S/MIME message, and repair the 
message. It does this by changing the smime message into an attached 
message (application/rfc822).



Looking into the mails after ciphermail has decrypted them shows the
following difference:
Mails that get decrypted to empty message and "smime.p7m" attachment
shows:
Content-Type: application/x-pkcs7-mime;

Mails decrypted correctly:
Content-Type: application/pkcs7-mime;


The Content-Type application/x-pkcs7-mime is the old content type for 
S/MIME messages. Some email clients like for example Outlook still use 
the old style headers. application/pkcs7-mime is the new style headers 
for S/MIME. Thunderbird and CipherMail are using the new style headers. 
The difference in content type should not be the reason why certain 
emails fail.


Can you share the MIME headers of the message that failed?

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] DLP regex

[Martijn Brinkers via Users]

On 13-04-18 14:01, René Sasse via Users wrote:

Hi Martijn,

Am 13.04.18 um 12:00 schrieb users-requ...@lists.djigzo.com:

The DLP patterns are a sender only property. That means that only the
DLP patterns configured for the sender are taking into account. The main
reason this was designed to be a sender only setting is that it's
unclear how to handle recipient specific DLP rules if there are multiple
recipients of a message. You can configure the DLP rule for the sender.
However that means that if the message is sent to some other domain by
that sender that the DLP fires as well. If you do not want that you can
disable DLP checking by default for all domains and only enable it for
the sender and recipient domain you want the rule for. You might get
more flexibility by editing the xml mail flow file though.


thanks for your answer; but this wasn't my question ;-)

my question was: I'm looking for a way that will drop the delivery for
outgoing mails NOT having the word 'redfox:' in the body, something like
a inverted badword. Is there something in place to build a rule like this?


This is not support out of the box. However by modifying dlp.xml you 
might be able to get what you need.


dlp.xml describes the steps for DLP scanning.

The SenderRegExpPolicyChecker mailet checks the DLP policy and depending 
on which policy is violated, the email will be handled by the next steps.



 DLP checking the message 
 dlp-warn 
 dlp-must-encrypt 
 dlp-quarantine 
 dlp-block 
 dlp-error 
 dlp-delayed-evaluation 




If no policy is violated, the flow "falls through" and the next step 
will be the post-dlp processor.




 post-dlp 


If you change post-dlp to for example dlp-block, the end result will be 
that if no DLP rule is violated, the message will be blocked. You can 
change this to whatever behavior your want.


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] DLP regex

[Martijn Brinkers via Users]

Hi René

On 11-04-18 18:51, René Sasse via Users wrote:

first of all: thanks for this great gateway :-)
I wonder how to deal with the regex-engine within the DLP.

What I'm trying to achieve is, that mails to a specific domain will be
blocked when a special word (classification: *whatever*) is missing.

I tried this as pattern; but it turns out that this isn't working:

\b(?!classification\b).*?\b

could someone give me little hind?


The DLP patterns are a sender only property. That means that only the 
DLP patterns configured for the sender are taking into account. The main 
reason this was designed to be a sender only setting is that it's 
unclear how to handle recipient specific DLP rules if there are multiple 
recipients of a message. You can configure the DLP rule for the sender. 
However that means that if the message is sent to some other domain by 
that sender that the DLP fires as well. If you do not want that you can 
disable DLP checking by default for all domains and only enable it for 
the sender and recipient domain you want the rule for. You might get 
more flexibility by editing the xml mail flow file though.


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Question - PGP/MIME and PGP/INLINE

[Martijn Brinkers via Users]

On 29-03-18 09:51, Robert.Wiegand--- via Users wrote:

I have a question about incoming connections for my domain.
If I activate PGP/INLINE is PGP/MIME still working?

Or if there is a sender just sending PGP/INLINE I have to setup a second
ciphermail server to support PGP/INLINE?


PGP/MIME keeps working if you enable PGP/INLINE.

The main reason why PGP/INLINE is not enabled by default is that 
supporting PGP/INLINE requires that every message is completely scanned 
for PGP/INLINE content because with PGP/INLINE there is not special 
header which can be used to detect whether the email is an PGP email or 
not. If you therefore do not require PGP support, it's better to leave 
PGP/INLINE disabled because otherwise the CipherMail gateway scans every 
message for nothing :)


PGP/MIME works with a special PGP header. This make it therefore easy 
and fast to detect whether an email is PGP/MIME encoded or not.


So, to come back to your question, if you need PGP/INLINE support, 
enable PGP/INLINE for incoming. The gateway will then support PGP/MIME 
and PGP/INLINE.


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Deleting expired certificate

[Martijn Brinkers via Users]

On 27-03-18 19:23, Markus Zimmermann via Users wrote:
  
i would like to delete an expired certificate of an internal user.


  
Unfortunetly i fail with an error message: "some certificates could not be deleted because they are still in use".


  
Can you gibe me advice how to delete this certificate?


If a certificate is "in use", the certificate cannot be deleted. The 
most likely reason is that a certificate is used as a signing 
certificate for a user. You can view which objects uses that certificate 
by opening the certificate info page and then click "usage" (one of the 
links on on the top of the certificate info page). This will show all 
objects that keep this certificate from being deleted. You can either 
make sure that the user or domain no longer uses the certificate or 
remove the user (if the user does not override any inherited settings).


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Mail routing, when external & internal relay host are the same

[Martijn Brinkers via Users]

On 22-03-18 18:23, Stefan Günther via Users wrote:

we just installed Ciphermail as virtual machine on a Univention Corporate 
Server (UCS).

The idea is that UCS grabs emails via fetchmail, sends them to the Ciphermail 
VM and finally stores them in the local Kopano installation.

In the configuration of postfix@UCS I have defined the following transport map:

in-put.cm smtp:[192.168.0.229]

in-put.cm is defined as a relay domain in Ciphermail.

The problem now is, that the email loops between UCS and Ciphermail: Everytime 
Ciphermail returns the email to postfix@UCS the email is forwarded to 
Ciphermail due to the transport map.

I have no idea, whether we could change anything in the Ciphermail 
configuration, so that postfix@UCS recognizes that the email already has been 
forwarded once or do we have to change the configuration of postfix@UCS?

Thanks for any hint or suggestion,


I do not completely understand your setup but I might have some suggestions.

Option 1. rewrite the recipients domain to some internal name after the 
message has been handled by CipherMail.


For example rewrite from input.cm to input.cm.handled. The postfix@UCS 
should be configured to also handle the domain input.cm.handled and not 
only forward email to CipherMail if the recipient domain is input.cm 
(and not input.cm.internal)


Option 2. Add an additional smtpd handler (on a different port) to 
master.cf of postfix@UCS and set transport_maps for that port to an 
empty value (note I have not tested whether you can override 
transport_maps for an smtpd service). Then tell CipherMail to deliver to 
that special port.


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] DLP features

[Martijn Brinkers via Users]

What do you actually mean with "sensitive data"? a list of keywords? or 
some text? or...


Kind regards,

Martijn Brinkers


On 18-03-18 13:30, Dino Edwards via Users wrote:

Hi,

I have a general question about the DLP functionality. Is there a way
to import lists of sensitive data into it from a database source or
something along those lines? As far as I can tell, the DLP works on
patterns but not actual sensitive data.

Thanks


___ Users mailing list 
Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users





--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Upgrade from 2.8.6.2 to 3.3.1.0 fails: Could not load mailet (SenderDKIMVerify)

[Martijn Brinkers via Users]

On 09-03-18 16:18, Stefan Günther via Users wrote:

On 07-03-18 21:34, Stefan Günther via Users wrote:

-Ursprüngliche Nachricht-

Von:Martijn Brinkers via Users 
Gesendet: Mon 5 März 2018 13:08
An: users@lists.djigzo.com
Betreff: Re: [Djigzo users] Upgrade from 2.8.6.2 to 3.3.1.0 fails: Could not 
load mailet (SenderDKIMVerify)



On 02-03-18 19:47, Stefan Günther via Users wrote:

Hello,

yesterday I tried to update an "old" Ciphermail installation from version 
2.8.6.2 to version 3.3.1.0 by installing the three packages as suggested in the 
documentation:

dpkg -i djigzo_3.3.1-0_all.deb
dpkg -i djigzo-postgres_3.3.1-0_all.deb
dpkg -i djigzo-web_3.3.1-0_all.deb

Then I deleted the cache (rm -r /var/cache/tomcat6/Catalina/web) and restarted 
Tomcat6.

Nevertheless it is not possible to start Ciphermail due to the following error:

James Mail Server 2.3.1
01 Mar 2018 18:57:33 | INFO  Initializing matcher: MaxRelay    
(mitm.application.djigzo.james.matchers.MaxRelay) [Phoenix-Monitor]

[SNIP]

Unable to init mailet SenderDKIMVerify
Check spool manager logs for more details.
org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleException: Component named 
"spoolmanager" failed to pass through the Starting stage. (Reason: 
org.apache.mailet.MailetException: Could not load mailet (SenderDKIMVerify);
  nested exception is:
    java.lang.ClassNotFoundException: Requested mailet not found: 
SenderDKIMVerify.  looked in [, mitm.application.djigzo.pro.james.mailets., 
mitm.application.djigzo.james.mailets., org.apache.james.transport.mailets.]).
    at 
org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleHelper.fail(LifecycleHelper.java:354)
    at 
org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleHelper.startup(LifecycleHelper.java:226)
    at 
org.apache.avalon.phoenix.components.application.DefaultApplication.startup(DefaultApplication.java:530)
    at 
org.apache.avalon.phoenix.components.application.DefaultApplication.doRunPhase(DefaultApplication.java:478)
    at 
org.apache.avalon.phoenix.components.application.DefaultApplication.runPhase(DefaultApplication.java:409)
    at 
org.apache.avalon.phoenix.components.application.DefaultApplication.start(DefaultApplication.java:180)
    at 
org.apache.avalon.framework.container.ContainerUtil.start(ContainerUtil.java:260)
    at 
org.apache.avalon.phoenix.components.kernel.DefaultKernel.startup(DefaultKernel.java:295)


Some classes have been renamed. For example:

SenderDKIMVerify -> SenderPropertyDKIMVerify
SenderDKIMSign -> SenderPropertyDKIMSign

The xml file that defines the mail flow was also updated to reflect
those changes. I guess your config.xml file has been locally changed and
you chose not to accept the new config.xml (keeping the modified one).

If you want to keep your modified config.xml, the best is to do a diff
and check the differences or manually rename the mailets.


the timestamp of /usr/share/djigzo/conf/james/SAR-INF/config.xml ist Jul 28. 
2016 and the size 129780 bytes. I don't think/remember that I changed this file 
in any way.

I repeated "dpkg -i djigzo_3.3.1-0_all.deb", but there still isn't a complain 
about a changed config.xml.


Could it be that you have enabled a diversion?

dpkg-divert --list


root@ciphermail:~# dpkg-divert --list
diversion of /usr/share/man/man1/pod2latex.1.gz to 
/usr/share/man/man1/pod2latex.bundled.1.gz by libpod-latex-perl
diversion of /usr/bin/pod2latex to /usr/bin/pod2latex.bundled by 
libpod-latex-perl
diversion of /usr/share/vim/vim74/doc/tags to 
/usr/share/vim/vim74/doc/tags.vim-tiny by vim-runtime
diversion of /usr/bin/pg_config to /usr/bin/pg_config.libpq-dev by 
postgresql-common
diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz 
by dash
diversion of /usr/share/vim/vim74/doc/help.txt to 
/usr/share/vim/vim74/doc/help.txt.vim-tiny by vim-runtime
diversion of /bin/sh to /bin/sh.distrib by dash


If not then there might be some problem with your debian package
integrity. The updated config.xml file is certainly part of the deb and
it contains the updated names.




You might try to move config.xml to some other place (or rename) before
reinstalling the deb file to see whether that works.


Renaming the file and installing the package again fixed the problem.


What might have happened is the following:

Your config.xml was slightly changed from the one provided by the 
packages (even adding a space already is a change because the debian 
package system checks for differences using a hash).


The first time you upgraded, it asked whether you want to keep your 
local changes or use the version from the package. If you selected "keep 
local version", reinstalling the same version will no longer result in 
this question because you already answered it for that version.


Kind regards,

Martijn Brinkers


--
CipherMail email encryption

Email encryption with support for S/M

Re: [Djigzo users] Upgrade from 2.8.6.2 to 3.3.1.0 fails: Could not load mailet (SenderDKIMVerify)

[Martijn Brinkers via Users]

On 07-03-18 21:34, Stefan Günther via Users wrote:

-Ursprüngliche Nachricht-

Von:Martijn Brinkers via Users 
Gesendet: Mon 5 März 2018 13:08
An: users@lists.djigzo.com
Betreff: Re: [Djigzo users] Upgrade from 2.8.6.2 to 3.3.1.0 fails: Could not 
load mailet (SenderDKIMVerify)



On 02-03-18 19:47, Stefan Günther via Users wrote:

Hello,

yesterday I tried to update an "old" Ciphermail installation from version 
2.8.6.2 to version 3.3.1.0 by installing the three packages as suggested in the 
documentation:

dpkg -i djigzo_3.3.1-0_all.deb
dpkg -i djigzo-postgres_3.3.1-0_all.deb
dpkg -i djigzo-web_3.3.1-0_all.deb

Then I deleted the cache (rm -r /var/cache/tomcat6/Catalina/web) and restarted 
Tomcat6.

Nevertheless it is not possible to start Ciphermail due to the following error:

James Mail Server 2.3.1
01 Mar 2018 18:57:33 | INFO  Initializing matcher: MaxRelay
(mitm.application.djigzo.james.matchers.MaxRelay) [Phoenix-Monitor]

[SNIP]

Unable to init mailet SenderDKIMVerify
Check spool manager logs for more details.
org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleException: Component named 
"spoolmanager" failed to pass through the Starting stage. (Reason: 
org.apache.mailet.MailetException: Could not load mailet (SenderDKIMVerify);
nested exception is:
  java.lang.ClassNotFoundException: Requested mailet not found: 
SenderDKIMVerify.  looked in [, mitm.application.djigzo.pro.james.mailets., 
mitm.application.djigzo.james.mailets., org.apache.james.transport.mailets.]).
  at 
org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleHelper.fail(LifecycleHelper.java:354)
  at 
org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleHelper.startup(LifecycleHelper.java:226)
  at 
org.apache.avalon.phoenix.components.application.DefaultApplication.startup(DefaultApplication.java:530)
  at 
org.apache.avalon.phoenix.components.application.DefaultApplication.doRunPhase(DefaultApplication.java:478)
  at 
org.apache.avalon.phoenix.components.application.DefaultApplication.runPhase(DefaultApplication.java:409)
  at 
org.apache.avalon.phoenix.components.application.DefaultApplication.start(DefaultApplication.java:180)
  at 
org.apache.avalon.framework.container.ContainerUtil.start(ContainerUtil.java:260)
  at 
org.apache.avalon.phoenix.components.kernel.DefaultKernel.startup(DefaultKernel.java:295)


Some classes have been renamed. For example:

SenderDKIMVerify -> SenderPropertyDKIMVerify
SenderDKIMSign -> SenderPropertyDKIMSign

The xml file that defines the mail flow was also updated to reflect
those changes. I guess your config.xml file has been locally changed and
you chose not to accept the new config.xml (keeping the modified one).

If you want to keep your modified config.xml, the best is to do a diff
and check the differences or manually rename the mailets.


the timestamp of /usr/share/djigzo/conf/james/SAR-INF/config.xml ist Jul 28. 
2016 and the size 129780 bytes. I don't think/remember that I changed this file 
in any way.

I repeated "dpkg -i djigzo_3.3.1-0_all.deb", but there still isn't a complain 
about a changed config.xml.


Could it be that you have enabled a diversion?

dpkg-divert --list

If not then there might be some problem with your debian package 
integrity. The updated config.xml file is certainly part of the deb and 
it contains the updated names.


You might try to move config.xml to some other place (or rename) before 
reinstalling the deb file to see whether that works.


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Upgrade from 2.8.6.2 to 3.3.1.0 fails: Could not load mailet (SenderDKIMVerify)

[Martijn Brinkers via Users]

On 02-03-18 19:47, Stefan Günther via Users wrote:

Hello,

yesterday I tried to update an "old" Ciphermail installation from version 
2.8.6.2 to version 3.3.1.0 by installing the three packages as suggested in the 
documentation:

dpkg -i djigzo_3.3.1-0_all.deb
dpkg -i djigzo-postgres_3.3.1-0_all.deb
dpkg -i djigzo-web_3.3.1-0_all.deb

Then I deleted the cache (rm -r /var/cache/tomcat6/Catalina/web) and restarted 
Tomcat6.

Nevertheless it is not possible to start Ciphermail due to the following error:

James Mail Server 2.3.1
01 Mar 2018 18:57:33 | INFO  Initializing matcher: MaxRelay
(mitm.application.djigzo.james.matchers.MaxRelay) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  Relay limit 100
(mitm.application.djigzo.james.matchers.MaxRelay) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.CreateMailID) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.Log) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  Initializing matcher: GlobalVerifyHMACHeader
(mitm.application.djigzo.james.matchers.GlobalVerifyHMACHeader) 
[Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.GotoProcessor) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.MailAttributes) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.GotoProcessor) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.GotoProcessor) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.GotoProcessor) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  Initializing matcher: SenderEvaluateUserProperty   
 (mitm.application.djigzo.james.matchers.SenderEvaluateUserProperty) 
[Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  Expression: #{user.subjectFilter.enabled}!='true'  
  (mitm.application.djigzo.james.matchers.SenderEvaluateUserProperty) 
[Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.GotoProcessor) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  Initializing matcher: 
RecipientEvaluateUserProperty
(mitm.application.djigzo.james.matchers.RecipientEvaluateUserProperty) 
[Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  Expression: #{user.subjectFilter.enabled}!='true'  
  (mitm.application.djigzo.james.matchers.RecipientEvaluateUserProperty) 
[Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.GotoProcessor) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.MailAttributes) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.FilterSubject) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.Log) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.GotoProcessor) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  Initializing matcher: RecipientHasLocality
(mitm.application.djigzo.james.matchers.RecipientHasLocality) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  User locality: internal
(mitm.application.djigzo.james.matchers.RecipientHasLocality) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.GotoProcessor) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.GotoProcessor) [Phoenix-Monitor]
01 Mar 2018 18:57:33 | INFO  catchRuntimeExceptions: true; catchErrors: true
(mitm.application.djigzo.james.mailets.Log) [Phoenix-Monitor]
Unable to init mailet SenderDKIMVerify
Check spool manager logs for more details.
org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleException: Component named 
"spoolmanager" failed to pass through the Starting stage. (Reason: 
org.apache.mailet.MailetException: Could not load mailet (SenderDKIMVerify);
   nested exception is:
 java.lang.ClassNotFoundException: Requested mailet not found: 
SenderDKIMVerify.  looked in [, mitm.application.djigzo.pro.james.mailets., 
mitm.application.djigzo.james.mailets., org.apache.james.transport.mailets.]).
 at 
org.apache.avalon.phoenix.containerkit.lifecycle.LifecycleHelper.fail(Life

Re: [Djigzo users] PDF Files not Encrypting

[Martijn Brinkers via Users]

On 23-02-18 00:20, Paul Bronson wrote:

See mine: https://cl.ly/2X0d2y0a411m

It doesn't even show a link over the attachment to attempt to open it? I 
tried Chrome and IE


It could be that your Roundcube has a PDF viewer add-on which does not 
support attachments. Try to download the PDF and view it with a 
different PDF viewer.


Kind regards,

Martijn Brinkers



On Thu, Feb 22, 2018 at 5:16 PM, Martijn Brinkers 
mailto:mart...@ciphermail.com>> wrote:


On 22-02-18 22:56, Paul Bronson wrote:

Martijn,

Can you please show me a screenshot of how yours looks and where
you have the option to view the attachment? Maybe you aren't
understanding.

The email message gets turned INTO A PDF, YES, but if I send an
email WITH an attachment (PDF), that is what's not showing.


What do you mean with "that is what's not showing"? You mean that
you can open the encrypted PDF but that you cannot find the
attachment? If so, you need to make sure that you use a PDF viewer
with support for attachments.

I have attached a screen shot of a decrypted PDF opened with firefox
with attachments. On the left hand side you see the attachment pane.
You need to click on the left hand icon to open the extra panes (at
least in Firefox).

Kind regards,

Martijn Brinkers


    On Thu, Feb 22, 2018 at 4:45 PM, Martijn Brinkers via Users
mailto:users@lists.djigzo.com>
<mailto:users@lists.djigzo.com <mailto:users@lists.djigzo.com>>>
wrote:

     On 22-02-18 22:16, Paul Bronson via Users wrote:

         Hi all,

         I was wondering if anyone uses Roundcube and has an
issue where
         Ciphermail
         doesn't encrypt the PDF?

         I have tried enabling deep scan. Doesn't help.

         Here is screenshot. I do not have option to open/view the
         encrypted PDF:
https://cl.ly/2X0d2y0a411m

         As you can see the doc (PDF) is attached and there are no
         buttons anywhere
         to view it.


     The PDF is encrypted and the PDF is included. The PDF
viewer however
     seems not to support PDF attachments. It could also be that it
     supports PDF attachments but that you need to open the
attachment
     view. For example the PDF viewer included with Firefox
supports PDF
     attachments. It's however not immediately clear how to view
those
     attachments.

     This is not a CipherMail issue. The PDF contains the
attached PDF.
     You need a PDF reader with attachment support.

     Kind regards,

     Martijn Brinkers

         Again I am using Roundcube for email.

         Also here is header example:

         MIME-Version: 1.0
         Content-Type: multipart/mixed;
         boundary="=_3b199499ab53c6ef4ad2e57586509928"
         Date: Thu, 10 Aug 2017 13:30:16 -0400
         From: Test Account mailto:cop...@domain2.com> <mailto:cop...@domain2.com
<mailto:cop...@domain2.com>>>
         To: p...@domain.com <mailto:p...@domain.com>
<mailto:p...@domain.com <mailto:p...@domain.com>>
         Subject: TEST
         Message-ID:
mailto:fb30afbe53981f384db3947689e944e...@domain2.com>
         <mailto:fb30afbe53981f384db3947689e944e...@domain2.com
<mailto:fb30afbe53981f384db3947689e944e...@domain2.com>>>


         --=_3b199499ab53c6ef4ad2e57586509928
         Content-Type: multipart/alternative; boundary="=_
         80ff440db566ac1d993915828c1e6412"

         --=_80ff440db566ac1d993915828c1e6412
         Content-Transfer-Encoding: 7bit
         Content-Type: text/plain; charset=US-ASCII

         This is a test message with an attachment.
         --=_80ff440db566ac1d993915828c1e6412
         Content-Transfer-Encoding: quoted-printable
         Content-Type: text/html; charset=UTF-8

         
         
         This is a test message with an attachment.

         

         --=_80ff440db566ac1d993915828c1e6412--
         --=_3b199499ab53c6ef4ad2e57586509928
         Content-Transfer-Encoding: base64
         Content-Type: application/pdf; name="Mixer.pdf"
         Content-Disposition: attachment; filename="Mixer.pdf";
size=9534368


         --=_3b199499ab53c6ef4ad2e57586509928--
         ___
         Users mailing list
Users@lists.djigzo.com <mailt

Re: [Djigzo users] PDF Files not Encrypting

[Martijn Brinkers via Users]

On 22-02-18 22:56, Paul Bronson wrote:

Martijn,

Can you please show me a screenshot of how yours looks and where you 
have the option to view the attachment? Maybe you aren't understanding.


The email message gets turned INTO A PDF, YES, but if I send an email 
WITH an attachment (PDF), that is what's not showing.


What do you mean with "that is what's not showing"? You mean that you 
can open the encrypted PDF but that you cannot find the attachment? If 
so, you need to make sure that you use a PDF viewer with support for 
attachments.


I have attached a screen shot of a decrypted PDF opened with firefox 
with attachments. On the left hand side you see the attachment pane. You 
need to click on the left hand icon to open the extra panes (at least in 
Firefox).


Kind regards,

Martijn Brinkers


On Thu, Feb 22, 2018 at 4:45 PM, Martijn Brinkers via Users 
mailto:users@lists.djigzo.com>> wrote:


On 22-02-18 22:16, Paul Bronson via Users wrote:

Hi all,

I was wondering if anyone uses Roundcube and has an issue where
Ciphermail
doesn't encrypt the PDF?

I have tried enabling deep scan. Doesn't help.

Here is screenshot. I do not have option to open/view the
encrypted PDF:
https://cl.ly/2X0d2y0a411m

As you can see the doc (PDF) is attached and there are no
buttons anywhere
to view it.


The PDF is encrypted and the PDF is included. The PDF viewer however
seems not to support PDF attachments. It could also be that it
supports PDF attachments but that you need to open the attachment
view. For example the PDF viewer included with Firefox supports PDF
attachments. It's however not immediately clear how to view those
attachments.

This is not a CipherMail issue. The PDF contains the attached PDF.
You need a PDF reader with attachment support.

Kind regards,

Martijn Brinkers

Again I am using Roundcube for email.

Also here is header example:

MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_3b199499ab53c6ef4ad2e57586509928"
Date: Thu, 10 Aug 2017 13:30:16 -0400
From: Test Account mailto:cop...@domain2.com>>
To: p...@domain.com <mailto:p...@domain.com>
Subject: TEST
Message-ID: mailto:fb30afbe53981f384db3947689e944e...@domain2.com>>

--=_3b199499ab53c6ef4ad2e57586509928
Content-Type: multipart/alternative; boundary="=_
80ff440db566ac1d993915828c1e6412"

--=_80ff440db566ac1d993915828c1e6412
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII

This is a test message with an attachment.
--=_80ff440db566ac1d993915828c1e6412
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8



This is a test message with an attachment.



--=_80ff440db566ac1d993915828c1e6412--
--=_3b199499ab53c6ef4ad2e57586509928
Content-Transfer-Encoding: base64
Content-Type: application/pdf; name="Mixer.pdf"
Content-Disposition: attachment; filename="Mixer.pdf"; size=9534368


--=_3b199499ab53c6ef4ad2e57586509928--
___
Users mailing list
Users@lists.djigzo.com <mailto:Users@lists.djigzo.com>
https://lists.djigzo.com/lists/listinfo/users
<https://lists.djigzo.com/lists/listinfo/users>



-- 
CipherMail email encryption


Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com <mailto:Users@lists.djigzo.com>
https://lists.djigzo.com/lists/listinfo/users
<https://lists.djigzo.com/lists/listinfo/users>





--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail


___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] PDF Files not Encrypting

[Martijn Brinkers via Users]

On 22-02-18 22:16, Paul Bronson via Users wrote:

Hi all,

I was wondering if anyone uses Roundcube and has an issue where Ciphermail
doesn't encrypt the PDF?

I have tried enabling deep scan. Doesn't help.

Here is screenshot. I do not have option to open/view the encrypted PDF:
https://cl.ly/2X0d2y0a411m

As you can see the doc (PDF) is attached and there are no buttons anywhere
to view it.


The PDF is encrypted and the PDF is included. The PDF viewer however 
seems not to support PDF attachments. It could also be that it supports 
PDF attachments but that you need to open the attachment view. For 
example the PDF viewer included with Firefox supports PDF attachments. 
It's however not immediately clear how to view those attachments.


This is not a CipherMail issue. The PDF contains the attached PDF. You 
need a PDF reader with attachment support.


Kind regards,

Martijn Brinkers


Again I am using Roundcube for email.

Also here is header example:

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=_3b199499ab53c6ef4ad2e57586509928"
Date: Thu, 10 Aug 2017 13:30:16 -0400
From: Test Account 
To: p...@domain.com
Subject: TEST
Message-ID: 

--=_3b199499ab53c6ef4ad2e57586509928
Content-Type: multipart/alternative; boundary="=_
80ff440db566ac1d993915828c1e6412"

--=_80ff440db566ac1d993915828c1e6412
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII

This is a test message with an attachment.
--=_80ff440db566ac1d993915828c1e6412
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8



This is a test message with an attachment.



--=_80ff440db566ac1d993915828c1e6412--
--=_3b199499ab53c6ef4ad2e57586509928
Content-Transfer-Encoding: base64
Content-Type: application/pdf; name="Mixer.pdf"
Content-Disposition: attachment; filename="Mixer.pdf"; size=9534368


--=_3b199499ab53c6ef4ad2e57586509928--
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users




--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] mail forwarding loop

[Martijn Brinkers via Users]

On 21-02-18 12:24, Stefan Günther wrote:

-Ursprüngliche Nachricht-
 > Von:Martijn Brinkers via Users 
 > Gesendet: Mittwoch 21 Februar 2018 09:07
 > An: users@lists.djigzo.com
 > Betreff: Re: [Djigzo users] mail forwarding loop
 >
 > On 20-02-18 18:41, Stefan Günther via Users wrote:
 > > after running a couple of days, the ciphermail system at a customers
 > > site complains about a mail forwarding loop. The customers says that
 > > they didn't change anything, which seems to be true according to the
 > > timestamp of the configuration files.
 > >
 > > Even by running the smtpd daemon in verbose mode, I cannot figure
 > > ouut, what causes the problem. It seems to occur, when the email is
 > > reinjected by ciphermail (Version 3.3.1-0):
 > Hard to tell from the logs. It looks like this system is configured to
 > accept local email, i.e., user mailboxes are stored in the system. The
 > email is delivered to the mailboxes using the local daemon process.
 >
 > according to http://www.postfix.org/local.8.html the local delivery
 > daemon has a loop detection mechanism using a Delivered-To header.
 > Perhaps the message already contains a Delivered-To header?
 >
 > "In order to stop mail forwarding loops early, the software adds an
 > optional Delivered-To: header with the final envelope recipient
 > address. If mail arrives for a recipient that is already listed in a
 > Delivered-To: header, the message is bounced."
 >
 > Is the email forwarded from some mailbox (for example with Fetchmail?)
 >
yes, we use fetchmail to get the email via pop3 from mailbox.org. Since 
this has been working for a couple of days, I have the suspicion that 
mailbox.org changed something.


You should check whether the email stored at mailbox.org already has the 
Delivered-To header.


I already used virtual_maps to map edif...@domain.ag to 
edifact@localhost, but this mapping obviuosly occur before the email is 
forwarded to Ciphermail. It doesn't get decrypted because the email 
address doesn't match.


CipherMail by default does not use the recipient address to find the 
decryption key. It tries to find the correct decryption key based on the 
public certificate used for encryption (with strict mode enabled, which 
is disabled by default, not all keys will be acceptable for a 
recipient). Could it be that the domain localhost is not an internal 
domain (and therefore email to localhost is not decrypted)?


Kind regards,

Martijn Brinkers


--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Message: There are no roots.

[Martijn Brinkers via Users]

On 15-02-18 18:07, Gabi Munteanu via Users wrote:

  Hi Martijn,
Thank you for your reply!
Yes, the actual delivery of the emial.
Best regards,Gabi


The log entry from your previous email is not related to delivery 
failures. The MPA log only shows logs from the internal 
encryption/decryption engine. The MTA (Mail Transfer Agent) logs show 
logs related to mail delivery (incoming and outgoing).


There can be all kinds of reasons why your email is not delivered 
immediately. For example the big mail providers (Gmail, Hotmali etc.) 
quite often throttle receiving of email. Especially if they do not 
"trust" your IP address.


Check the MTA logs (or MTA queue) for information of why your email is 
not always delivered immediately (in most cases email is delivered in 
the end, only with a delay).


Kind regards,

Martijn Brinkers



On 14-02-18 20:59, Gabi Munteanu via Users wrote:

Hi,I'm having some issues while trying to send an email to a specific
address, if sometimes fails to send the email and in the log I see
this.13 Feb 2018 23:59:38 | WARN Error while building path for
certificate. Certificate: Issuer: CN=CA xx BT 98, O=xx eG, C=xx;
Subject: OID.1.3.6.1.5.5.7.9.3=M, EMAILADDRESS=info@xxx,
GIVENNAME=xxx, SURNAME=xxx, CN=xxx,
SERIALNUMBER=015038638001, C=DE; Serial: 70F82D24FC0561EB;
Thumbprint:
8047A7C97E003E6671F9268049643877959118E5DD801366543D1E1218016ED4D0387B909DBC8F3102DA765D3C971D5B1A24BF855139BAAE80F806164869;
SHA1: 974E2E84650CF628954BB0F56858431A0BAFFB1D. Message: There are no
roots. (mitm.common.security.crl.CRLStoreUpdaterImpl) [CRL Updater
thread]

The problem is that if I try again after a while it works. Checked
the certificate for this email address and it is valid. What else
should I check? Thank you !


The WARN message from the MPA log tells you that you do not have any
root certificates installed. This however only means that S/MIME
certificates are not trusted (unless you add them to the CTL). Email is
therefore not S/MIME encrypted. This however does not impact email
delivery unless you require email to be encrypted and then the email
will be bounced.

What do you actually mean with "sometimes fails to send the email"? The
actual delivery of the email to the recipient?

Kind regards,

Martijn Brinkers




--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] mail forwarding loop

[Martijn Brinkers via Users]

On 20-02-18 18:41, Stefan Günther via Users wrote:

after running a couple of days, the ciphermail system at a customers
site complains about a mail forwarding loop. The customers says that
they didn't change anything, which seems to be true according to the
timestamp of the configuration files.

Even by running the smtpd daemon in verbose mode, I cannot figure
ouut, what causes the problem. It seems to occur, when the email is
reinjected by ciphermail (Version 3.3.1-0):
Hard to tell from the logs. It looks like this system is configured to 
accept local email, i.e., user mailboxes are stored in the system. The 
email is delivered to the mailboxes using the local daemon process.


according to http://www.postfix.org/local.8.html the local delivery 
daemon has a loop detection mechanism using a Delivered-To header. 
Perhaps the message already contains a Delivered-To header?


"In order to stop mail forwarding loops early, the software adds an
optional Delivered-To: header with the final envelope recipient
address. If mail arrives for a recipient that is already listed in a
Delivered-To: header, the message is bounced."

Is the email forwarded from some mailbox (for example with Fetchmail?)

Kind regards,

Martijn Brinkers


Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 250 
2.1.5 Ok
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: < localhost[127.0.0.1]: DATA
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 354 End data with 
.
Feb 20 18:15:27 ciphermail postfix/cleanup[1268]: B3E8440CE9: 
message-id=<597517347.2.1519146791208.JavaMail.javamailuser@localhost>
Feb 20 18:15:27 ciphermail postfix/qmgr[1231]: B3E8440CE9: 
from=, size=12829, nrcpt=1 (queue active)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted 
attribute: status
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: status
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute value: 0
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted 
attribute: reason
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: reason
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute value: (end)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted 
attribute: (list terminator)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: (end)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 250 
2.0.0 Ok: queued as B3E8440CE9
Feb 20 18:15:27 ciphermail postfix/smtp[1269]: B3E8440CE9: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=0.18, 
delays=0.07/0.01/0.05/0.05, dsn=2.6.0, status=sent (250 2.6.0 Message received)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: < localhost[127.0.0.1]: QUIT
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 221 
2.0.0 Bye
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: match_hostname: 
smtpd_client_event_limit_exceptions: localhost ~? 127.0.0.0/8
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 127.0.0.0/8
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: master_notify: status 1
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: connection closed
Feb 20 18:15:28 ciphermail postfix/smtpd[1270]: 3462140CEC: 
client=localhost[127.0.0.1], orig_client=localhost[127.0.0.1]
Feb 20 18:15:28 ciphermail postfix/cleanup[1271]: 3462140CEC: 
message-id=<597517347.2.1519146791208.JavaMail.javamailuser@localhost>
Feb 20 18:15:28 ciphermail postfix/qmgr[1231]: 3462140CEC: 
from=, size=10553, nrcpt=1 (queue active)
Feb 20 18:15:28 ciphermail postfix/local[1272]: 3462140CEC: 
to=, relay=local, delay=0.04, delays=0.03/0.01/0/0.01, 
dsn=5.4.6, status=bounced (mail forwarding loop for edif...@domain.ag)
Feb 20 18:15:28 ciphermail postfix/cleanup[1268]: 3CCA940CF3: 
message-id=<20180220171528.3cca940...@ciphermail.domain.ag>
Feb 20 18:15:28 ciphermail postfix/qmgr[1231]: 3CCA940CF3: from=<>, size=12508, 
nrcpt=1 (queue active)
Feb 20 18:15:28 ciphermail postfix/bounce[1273]: 3462140CEC: sender 
non-delivery notification: 3CCA940CF3
Feb 20 18:15:28 ciphermail postfix/smtp[1275]: 3CCA940CF3: 
to=, relay=smtp.mailbox.org[80.241.60.196]:465, delay=0.33, 
delays=0/0.01/0.17/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 83ACD11F9)

/etc/postfix/main.cf
djigzo_myhostname = ciphermail.DOMAIN.ag
djigzo_mydestination = DOMAIN.ag
djigzo_mynetworks = 127.0.0.1/32
djigzo_relayhost = smtp.mailbox.org
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_relay_domains = DOMAIN.ag
djigzo_before_filter_message_size_limit = 10240
djigzo_after_filter_message_size_limit = 10240
djigzo_mailbox_size_limit = 10240
djigzo_smtp_helo_name =
djigzo_relay_transport_host = 127.0.0.1
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_doma

Re: [Djigzo users] Message: There are no roots.

[Martijn Brinkers via Users]

Hi Gabi,

On 14-02-18 20:59, Gabi Munteanu via Users wrote:

Hi,I'm having some issues while trying to send an email to a specific
address, if sometimes fails to send the email and in the log I see
this.13 Feb 2018 23:59:38 | WARN Error while building path for
certificate. Certificate: Issuer: CN=CA xx BT 98, O=xx eG, C=xx;
Subject: OID.1.3.6.1.5.5.7.9.3=M, EMAILADDRESS=info@xxx,
GIVENNAME=xxx, SURNAME=xxx, CN=xxx,
SERIALNUMBER=015038638001, C=DE; Serial: 70F82D24FC0561EB;
Thumbprint:
8047A7C97E003E6671F9268049643877959118E5DD801366543D1E1218016ED4D0387B909DBC8F3102DA765D3C971D5B1A24BF855139BAAE80F806164869;
SHA1: 974E2E84650CF628954BB0F56858431A0BAFFB1D. Message: There are no
roots. (mitm.common.security.crl.CRLStoreUpdaterImpl) [CRL Updater
thread]

The problem is that if I try again after a while it works. Checked
the certificate for this email address and it is valid. What else
should I check? Thank you ! 


The WARN message from the MPA log tells you that you do not have any 
root certificates installed. This however only means that S/MIME 
certificates are not trusted (unless you add them to the CTL). Email is 
therefore not S/MIME encrypted. This however does not impact email 
delivery unless you require email to be encrypted and then the email 
will be bounced.


What do you actually mean with "sometimes fails to send the email"? The 
actual delivery of the email to the recipient?


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Problem with TLS/SSL

[Martijn Brinkers via Users]

On 05-02-18 13:51, Stefan Günther via Users wrote:

Hello,

we have setup a server for a client (domain: client.ag), where the external MX 
requires a connection on port 465 with SSL/TLS.
Therefore we added the following lines to main.cf

relayhost = smtp.mailbox.org:465
# SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and 
"smtp_tls_security_level = encrypt" (or stronger)
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt

With these setting postfix is able to connect to the external server, but 
internal connections fail:

Feb  5 13:34:56 ciphermail postfix/qmgr[6260]: 0D70040AA5: 
from=, size=601, nrcpt=1 (queue active)
Feb  5 13:34:56 ciphermail postfix/smtp[6269]: SSL_connect error to 
127.0.0.1[127.0.0.1]:10025: -1
Feb  5 13:34:56 ciphermail postfix/smtp[6269]: warning: TLS library problem: 
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:s23_clnt.c:794:
Feb  5 13:34:56 ciphermail postfix/smtp[6269]: 0D70040AA5: to=, 
relay=127.0.0.1[127.0.0.1]:10025, delay=0.14, delays=0.12/0.01/0/0, dsn=4.7.5, 
status=deferred (Cannot start TLS: handshake failure)

This is the current main.cf

djigzo_myhostname = ciphermail.client.ag
djigzo_mydestination = client.ag
djigzo_mynetworks = 127.0.0.1/32
djigzo_relayhost = smtp.mailbox.org
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 465
djigzo_relay_domains =
djigzo_before_filter_message_size_limit = 10240
djigzo_after_filter_message_size_limit = 10240
djigzo_mailbox_size_limit = 10240
djigzo_smtp_helo_name =
djigzo_relay_transport_host = 127.0.0.1
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains =
djigzo_rbl_clients =
myhostname = ${djigzo_myhostname}
mydestination = ciphermail, $myhostname, ubuntu-2gb-nbg1-dc3-1, 
localhost.localdomain, localhost,  ${djigzo_mydestination}
mynetworks = 127.0.0.0/8, ${djigzo_mynetworks}
relay_domains = ${djigzo_relay_domains}
parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains}
smtp_helo_name = 
${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}}
relay_transport = 
relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}}
relayhost = 
${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated 
reject_unauth_destination  reject_invalid_hostname reject_unknown_sender_domain 
reject_unknown_recipient_domain
 ${djigzo_rbl_clients}
 ${djigzo_reject_unverified_recipient? reject_unverified_recipient}
smtpd_discard_ehlo_keywords = silent-discard VRFY ETRN DSN
unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code}
compatibility_level=2
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
defer_unauth_destination
mydomain = client.ag
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mailbox_transport =  cyrus
content_filter = djigzo:[127.0.0.1]:10025
recipient_delimiter = +
mailbox_size_limit = ${djigzo_mailbox_size_limit}
message_size_limit = ${djigzo_after_filter_message_size_limit}
inet_interfaces = all
inet_protocols = ipv4
myorigin = client.ag
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
smtp_sasl_security_options =
sender_canonical_maps = hash:/etc/postfix/sender_canonical

Which parameters do we have to change, to achieve a communication in both 
directions?


Because you changed the global values for smtp_tls_wrappermode and 
smtp_tls_security_level, you should override these values for the 
connection to the back-end.


In master.cf, add smtp_tls_wrappermode=no and 
smtp_tls_security_level=none to the djigzo service definition.


djigzo unix -   -   n   -   4  smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=
-o smtp_tls_wrappermode=no
-o smtp_tls_security_level=none

After modifying master.cf, restart postfix

There are probably other option like not changing the global settings 
but only override for some destinations. See 
http://www.postfix.org/TLS_README.html (Postfix ≥ 3.0: Sending only mail 
for a specific destination via SMTPS) for some examples


Note: the smtp_tls_wrappermode settings is only supported on Postfix >= 3.

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email 

Re: [Djigzo users] Missing attachments in encrypted pdf

[Martijn Brinkers via Users]

On 30-01-18 12:37, Stefan Günther via Users wrote:

Hello,

we just setup the pdf encryption on ciphermail 3.3.1-0 for one of our clients.

When he sends me an email with 2 images and a pdf attached to the email, the 
email is encrypted. But when I open it, the attachments are missing.

Is there a parameter in the logging options which we should increase to find 
out, what happens to the attachments?


Could you check whether it works after you enable the PDF advanced 
setting "Deep scan" (see https://jira.djigzo.com/browse/GATEWAY-89 for 
more info about "PDF deep scan")


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Ciphermail crashes regularly

[Martijn Brinkers via Users]

On 22-01-18 10:21, Stefan Michael Guenther via Users wrote:

Good morning,

on one of our client's server we are running Ciphermail Version: 3.2.7-5. 
Built: 2017-04-18-21:39.

The process crashes every 2-3 days with the following messages in 
james.wrapper.log:

22 Jan 2018 06:48:13 | INFO  Replacing Issuer: CN=VPS-CA-1, O=Bundesagentur 
fuer Arbeit, C=DE; CRL number: 98378; Thumbprint: 
3663997E3157C83F295546E6F84EEFDB0200489FFBE553978634A025715319179681806545A5E105D0E09
1F77EC6EDE4FA7005DFBEDCD53C2EE177A1BCD10CBE; SHA1: 
452DE5AA5EC1758AFC2F308C7D388FD1CADCBD96 with Issuer: CN=VPS-CA-1, 
O=Bundesagentur fuer Arbeit, C=DE; CRL number: 98379; Thumbprint: 
0A8290102A6ACD8B7E1EFA7B482
F96F7163A9B8D04F9317968B251036F409E16802863837BF8EF7B610E8015FD7F547A570F852907ABE74206AFDE13573EFBD1;
 SHA1: 03AE7FA2B4E7A503089EE29D35347A9D56DC650C    
(mitm.common.security.crl.CRLStoreMaintainerImpl) [CRL Updater thread]
22 Jan 2018 06:48:30 | ERROR Error in certificate request handler thread.    
(mitm.common.security.ca.CAImpl) [Certificate request handler thread]
java.lang.OutOfMemoryError: GC overhead limit exceeded
22 Jan 2018 06:48:31 | ERROR Error reading CRL. Skipping CRL    
(mitm.common.security.crl.CRLStoreMaintainerImpl) [CRL Updater thread]
mitm.common.security.crlstore.CRLStoreException: 
mitm.common.hibernate.DatabaseException: 
mitm.common.security.crlstore.CRLStoreException: java.lang.OutOfMemoryError: GC 
overhead limit exceeded
     at 
mitm.common.security.crl.TransactedCRLStoreMaintainer.internalAddCRL(TransactedCRLStoreMaintainer.java:124)
     at 
mitm.common.security.crl.CRLStoreMaintainerImpl.addCRLs(CRLStoreMaintainerImpl.java:406)
     at 
mitm.common.security.crl.CRLStoreUpdaterImpl.downloadCRLs(CRLStoreUpdaterImpl.java:337)
     at 
mitm.common.security.crl.CRLStoreUpdaterImpl.update(CRLStoreUpdaterImpl.java:413)
     at 
mitm.common.security.crl.ThreadedCRLStoreUpdaterImpl$Updater.updateCRLStore(ThreadedCRLStoreUpdaterImpl.java:161)
     at 
mitm.common.security.crl.ThreadedCRLStoreUpdaterImpl$Updater.access$200(ThreadedCRLStoreUpdaterImpl.java:98)
     at 
mitm.common.security.crl.ThreadedCRLStoreUpdaterImpl$Updater$1.doAction(ThreadedCRLStoreUpdaterImpl.java:130)
     at 
mitm.common.hibernate.DatabaseActionExecutorImpl$1.doAction(DatabaseActionExecutorImpl.java:164)
     at 
mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:81)
     at 
mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:158)
     at 
mitm.common.security.crl.ThreadedCRLStoreUpdaterImpl$Updater.run(ThreadedCRLStoreUpdaterImpl.java:118)
     at java.lang.Thread.run(Thread.java:748)
Caused by: mitm.common.hibernate.DatabaseException: 
mitm.common.security.crlstore.CRLStoreException: java.lang.OutOfMemoryError: GC 
overhead limit exceeded
     at 
mitm.common.security.crl.TransactedCRLStoreMaintainer$1.doAction(TransactedCRLStoreMaintainer.java:110)
     at 
mitm.common.security.crl.TransactedCRLStoreMaintainer$1.doAction(TransactedCRLStoreMaintainer.java:96)
     at 
mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:81)
     at 
mitm.common.security.crl.TransactedCRLStoreMaintainer.internalAddCRL(TransactedCRLStoreMaintainer.java:94)
     ... 11 more
Caused by: mitm.common.security.crlstore.CRLStoreException: 
java.lang.OutOfMemoryError: GC overhead limit exceeded
     at 
mitm.common.security.crl.CRLStoreMaintainerImpl.internalAddCRL(CRLStoreMaintainerImpl.java:369)
     at 
mitm.common.security.crl.TransactedCRLStoreMaintainer.access$101(TransactedCRLStoreMaintainer.java:53)
     at 
mitm.common.security.crl.TransactedCRLStoreMaintainer$1.doAction(TransactedCRLStoreMaintainer.java:107)
     ... 14 more
Caused by: java.lang.OutOfMemoryError: GC overhead limit exceeded
22 Jan 2018 06:48:31 | INFO  Trying to download CRL from 
http://crl.globalsign.com/gspersonalsign2sha2g3.crl    
(mitm.common.security.crl.CRLDownloaderImpl) [CRL Updater thread]

When we start the process, information of the memory is missing:

* DJIGZO_HOME=/usr/local/djigzo
* Starting CipherMail
* Total memory:  MB
* JVM max memory:  MB

The system is a Ubuntu 16.04 64bit with 8 GB RAM and 4 GB SWAP. There is only 
Ciphermail running, together with nearly 20 IPSec VPNs.

Shall we fine tune the memory settings of Ciphermail? And if yes, what are 
recommended settings?


Hi Stefan,

This appears to be a low memory issue.

The total memory and JVM max memory is not displayed so this seem to 
suggest that this is not working on your system.


It looks like CipherMail was installed from the tar files and not with 
the deb files. The file /etc/default/djigzo might therefore be missing.


Can you check whether the file /etc/default/djigzo exists?

If not try the attached file and place it in /etc/default/djigzo.

Kind regards,

Martij

Re: [Djigzo users] S/MIME signing

[Martijn Brinkers via Users]

On 11-01-18 23:10, Craig Andrews wrote:
> That did it. I had originally set up the domain as internal. Eventually
> I moved the Global settings to match in an attempt at troubleshooting. I
> moved them both to external and the mail is now signed.
> 
> Outlook is showing "This message has been tampered with" which is an
> issue I had when attempting to write a solution in Python, though I
> don't know that this is a ciphermail issue.

A messages signed by CipherMail should not result in a tampered email.
Could it be that there is some SMTP service after signing that modifies
the message? (like for example adding a banner)

Can you send me a signed email (off list) so I can check whether the
signature is valid?

Kind regards,

Martijn Brinkers


> On Thu, Jan 11, 2018 at 9:38 PM, Martijn Brinkers
> mailto:mart...@ciphermail.com>> wrote:
> 
> On 11-01-18 22:25, Craig Andrews wrote:
> >
> > Hi Martijn,
> >
> > I just sent this test email via the ciphermail web ui
> >
> > 11 Jan 2018 21:18:08 | INFO incoming; MailID:
> > acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [us...@domain.tld];
> > Originator: us...@domain.tld; Sender: <>; Remote address: 127.0.0.1;
> > Subject: test mail [sign]; Message-ID:
> > <477865062.0.1515705488493.javamail.tomc...@ciphermail.internal.tld>;
> > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
> > 11 Jan 2018 21:18:09 | INFO Subject filter is disabled for the sender;
> > MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients:
> > [us...@domain.tld] (mitm.application.djigzo.james.mailets.Default)
> > [Spool Thread #0]
> > 11 Jan 2018 21:18:09 | INFO To internal recipient(s); MailID:
> > acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [us...@domain.tld]
> > (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
> > 11 Jan 2018 21:18:09 | INFO Message handling is finished. Sending to
> > final recipient(s); MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077;
> > Recipients: [us...@domain.tld]; Originator: us...@domain.tld; Sender:
> > <>; Remote address: 127.0.0.1; Subject: test mail [sign]; Message-ID:
> > <477865062.0.1515705488493.javamail.tomc...@ciphermail.internal.tld>;
> > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
> 
> The recipient is considered to be an internal user. Email sent to
> internal users follow the decryption pipeline and email sent to external
> recipient follow the encryption pipeline. You either configured the
> global settings, a domain or a user as being in internal users. This is
> normal for the domain you receive email for because those emails in
> typical setups need to be decrypted. All other user, the email addresses
> for which you want to sign and/or encrypt need to be external. So, you
> either sent a message to a valid internal recipient or you accidentally
> mis-configured the Locality of the global settings/domain or user.
> 
> Kind regards,
> 
> Martijn Brinkers
> 
> 
> > On Thu, Jan 11, 2018 at 6:15 PM, Martijn Brinkers via Users
> > mailto:users@lists.djigzo.com>
> <mailto:users@lists.djigzo.com <mailto:users@lists.djigzo.com>>> wrote:
> >
> >     On 11-01-18 19:09, Craig Andrews via Users wrote:
> >     > Hello,
> >     > I have two test users, both with valid root, intermediate, and
> >     personal
> >     > certs with the correct usage entitlements. Both certificates
> have a
> >     > white, valid background,
> >     >
> >     > For the two users, I have their S/MIME certificates selected
> in their
> >     > profile for signing and encryption (though I'm only trying
> to get
> >     > signing to work at the moment). I have both forced signing
> via header
> >     > "X-Sign" and subject signing via the example in the
> documentation (
> >     > (?i)\[\s*sign\s*\] ). I am using this script to test both
> the subject
> >     > and header, and Thunderbird to test the subject by sending a
> mail via
> >     > ciphercrypt.
> >     >
> >     > #!/usr/bin/env python
> >     > import smtplib
> >     > from email.MIMEMultipart import MIMEMultipart
> >     > from email.MIMEText import MIMEText
> >     >
> >     >
> >     > fromaddr = "us...@domain.tld"
> >     > toaddr = "u

Re: [Djigzo users] S/MIME signing

[Martijn Brinkers via Users]

On 11-01-18 22:25, Craig Andrews wrote:
> 
> Hi Martijn,
> 
> I just sent this test email via the ciphermail web ui
> 
> 11 Jan 2018 21:18:08 | INFO incoming; MailID:
> acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [us...@domain.tld];
> Originator: us...@domain.tld; Sender: <>; Remote address: 127.0.0.1;
> Subject: test mail [sign]; Message-ID:
> <477865062.0.1515705488493.javamail.tomc...@ciphermail.internal.tld>;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
> 11 Jan 2018 21:18:09 | INFO Subject filter is disabled for the sender;
> MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients:
> [us...@domain.tld] (mitm.application.djigzo.james.mailets.Default)
> [Spool Thread #0]
> 11 Jan 2018 21:18:09 | INFO To internal recipient(s); MailID:
> acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [us...@domain.tld]
> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
> 11 Jan 2018 21:18:09 | INFO Message handling is finished. Sending to
> final recipient(s); MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077;
> Recipients: [us...@domain.tld]; Originator: us...@domain.tld; Sender:
> <>; Remote address: 127.0.0.1; Subject: test mail [sign]; Message-ID:
> <477865062.0.1515705488493.javamail.tomc...@ciphermail.internal.tld>;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

The recipient is considered to be an internal user. Email sent to
internal users follow the decryption pipeline and email sent to external
recipient follow the encryption pipeline. You either configured the
global settings, a domain or a user as being in internal users. This is
normal for the domain you receive email for because those emails in
typical setups need to be decrypted. All other user, the email addresses
for which you want to sign and/or encrypt need to be external. So, you
either sent a message to a valid internal recipient or you accidentally
mis-configured the Locality of the global settings/domain or user.

Kind regards,

Martijn Brinkers


> On Thu, Jan 11, 2018 at 6:15 PM, Martijn Brinkers via Users
> mailto:users@lists.djigzo.com>> wrote:
> 
> On 11-01-18 19:09, Craig Andrews via Users wrote:
> > Hello,
> > I have two test users, both with valid root, intermediate, and
> personal
> > certs with the correct usage entitlements. Both certificates have a
> > white, valid background,
> >
> > For the two users, I have their S/MIME certificates selected in their
> > profile for signing and encryption (though I'm only trying to get
> > signing to work at the moment). I have both forced signing via header
> > "X-Sign" and subject signing via the example in the documentation (
> > (?i)\[\s*sign\s*\] ). I am using this script to test both the subject
> > and header, and Thunderbird to test the subject by sending a mail via
> > ciphercrypt.
> >
> > #!/usr/bin/env python
> > import smtplib
> > from email.MIMEMultipart import MIMEMultipart
> > from email.MIMEText import MIMEText
> >
> >
> > fromaddr = "us...@domain.tld"
> > toaddr = "us...@domain.tld"
> > msg = MIMEMultipart()
> > msg['From'] = fromaddr
> > msg['To'] = toaddr
> > msg['Subject'] = "mail subject [sign]"
> > msg['X-Sign'] = ""
> >
> > body = "dummy body message"
> > msg.attach(MIMEText(body, 'plain'))
> >
> > server = smtplib.SMTP('ciphermail.domain.tld', 25)
> > server.ehlo('ciphermail.domain.tld')
> > text = msg.as_string()
> > server.sendmail(fromaddr, toaddr, text)
> > server.quit()
> >
> >
> > I receive the email in the destination inbox, however, it is never
> > signed. I can verify from the headers that the "X-Sign" header is
> > present in the email. Currently the MTA/MPA isn't giving a lot of
> > information to debug. I can see the mail passing through, but there is
> > no mention of an attempt for any extra processing. I was wondering
> what
> > options in logging I can turn on to help debug this issue.
> 
> Hi Craig,
> 
> Can you send the relevant lines from the MPA log? The easiest is to
> filter on the MailID value (which is shown as a green GUID, looking
> similar to MailID: 28dde42b-3de0-4d8e-bc99-e0b32c8a00b3). Every email
> gets an unique MailID value. This makes it easier to filter out the
> relevant lines for an email.
> 
> Kind regards,
> 
> Mar

Re: [Djigzo users] S/MIME signing

[Martijn Brinkers via Users]

On 11-01-18 19:09, Craig Andrews via Users wrote:
> Hello,
> I have two test users, both with valid root, intermediate, and personal
> certs with the correct usage entitlements. Both certificates have a
> white, valid background,
> 
> For the two users, I have their S/MIME certificates selected in their
> profile for signing and encryption (though I'm only trying to get
> signing to work at the moment). I have both forced signing via header
> "X-Sign" and subject signing via the example in the documentation (
> (?i)\[\s*sign\s*\] ). I am using this script to test both the subject
> and header, and Thunderbird to test the subject by sending a mail via
> ciphercrypt.
> 
> #!/usr/bin/env python
> import smtplib
> from email.MIMEMultipart import MIMEMultipart
> from email.MIMEText import MIMEText
> 
> 
> fromaddr = "us...@domain.tld"
> toaddr = "us...@domain.tld"
> msg = MIMEMultipart()
> msg['From'] = fromaddr
> msg['To'] = toaddr
> msg['Subject'] = "mail subject [sign]"
> msg['X-Sign'] = ""
> 
> body = "dummy body message"
> msg.attach(MIMEText(body, 'plain'))
> 
> server = smtplib.SMTP('ciphermail.domain.tld', 25)
> server.ehlo('ciphermail.domain.tld')
> text = msg.as_string()
> server.sendmail(fromaddr, toaddr, text)
> server.quit()
> 
> 
> I receive the email in the destination inbox, however, it is never
> signed. I can verify from the headers that the "X-Sign" header is
> present in the email. Currently the MTA/MPA isn't giving a lot of
> information to debug. I can see the mail passing through, but there is
> no mention of an attempt for any extra processing. I was wondering what
> options in logging I can turn on to help debug this issue.

Hi Craig,

Can you send the relevant lines from the MPA log? The easiest is to
filter on the MailID value (which is shown as a green GUID, looking
similar to MailID: 28dde42b-3de0-4d8e-bc99-e0b32c8a00b3). Every email
gets an unique MailID value. This makes it easier to filter out the
relevant lines for an email.

Kind regards,

Martijn Brinkers


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] DKIM Signing that flows through Ciphermail

[Martijn Brinkers via Users]

On 09-01-18 18:22, Paul Bronson wrote:
> Okay. How would you advise the built in one be setup? Not sure how that
> would work if I have multiple domains that need to be signed and all
> separate keys. I tried looking on KB and I am not sure that applies to
> me because I have multiple different domains.

Yes can configure DKIM on a domain basis. So for every domain you sent
email for (and want to DKIM sign for) configure DKIM. Do not configure
DKIM on the global level but per domain.

> I tried looking on KB and I am not sure that applies to
> me because I have multiple different domains.

What do you mean with KB?

Kind regards,

Martijn Brinkers


> On Tue, Jan 9, 2018 at 12:19 PM, Martijn Brinkers
> mailto:mart...@ciphermail.com>> wrote:
> 
> On 09-01-18 17:53, Paul Bronson wrote:
> > The email server is signing message but it seems like as soon as it
> > passes through cipher mail, it strips the DKIM signature.
> 
> I'm not aware of any reason why CipherMail strips a DKIM signature.
> 
> Does this happen for all outgoing email? or only for email which is
> signed or encrypted?
> 
> Note that if a message is modified by CipherMail, the original DKIM
> signature is no longer valid. It is therefore advised to DKIM signing
> after encryption/signing (either using the built-in DKIM signer or using
> some postfix DKIM signing milter)
> 
> Kind regards,
> 
> Martijn Brinkers
> 
> 
> > Screenshot for current configuration:    https://cl.ly/1i3C232s151e
> >
> >
> > On Tue, Jan 9, 2018 at 10:43 AM, Martijn Brinkers
> > mailto:mart...@ciphermail.com>
> >> wrote:
> >
> >     On 09-01-18 16:42, Paul Bronson wrote:
> >     > @martijn are you sure this allows it to pass right through with 
> the
> >     > settings configured above? (inherit - off)
> >     >
> >     > It doesnt seem to want to pass through...
> >
> >     What do you mean with "pass through"? meaning the message is not 
> DKIM
> >     signed? Or the message is not delivered?
> >
> >     Kind regards,
> >
> >     Martijn Brinkers
> >
> >
> >     > On Tue, Jan 9, 2018 at 10:30 AM, Paul Bronson 
> mailto:signaldevelo...@gmail.com>
> >
> >     >  
> >       >     >
> >     >     I have a plesk server that is setup to send DKIM-signed
> messages.
> >     >     This worked previous to putting in ciphermail.
> >     >
> >     >     There are many domains on my plesk server sending emails.
> >     >
> >     >     Do I need to setup something on Ciphermail to allow it
> to pass
> >     through?
> >     >
> >     >     Screenshot for current configuration:   
> >     https://cl.ly/1i3C232s151e
> >     >
> >     >
> >     >
> >     >     Remember, there are multiple domains on the email server
> >     behind the
> >     >     ciphermail that is sending email that needs to keep it's
> DKIM
> >     signature
> >     >
> >     >
> >
> >
> >     --
> >     CipherMail email encryption
> >
> >     Email encryption with support for S/MIME, OpenPGP, PDF
> encryption and
> >     secure webmail pull.
> >
> >     https://www.ciphermail.com
> >
> >     Twitter: http://twitter.com/CipherMail
> >
> >
> 
> 
> --
> CipherMail email encryption
> 
> Email encryption with support for S/MIME, OpenPGP, PDF encryption and
> secure webmail pull.
> 
> https://www.ciphermail.com
> 
> Twitter: http://twitter.com/CipherMail
> 
> 


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] DKIM Signing that flows through Ciphermail

[Martijn Brinkers via Users]

On 09-01-18 17:53, Paul Bronson wrote:
> The email server is signing message but it seems like as soon as it
> passes through cipher mail, it strips the DKIM signature.

I'm not aware of any reason why CipherMail strips a DKIM signature.

Does this happen for all outgoing email? or only for email which is
signed or encrypted?

Note that if a message is modified by CipherMail, the original DKIM
signature is no longer valid. It is therefore advised to DKIM signing
after encryption/signing (either using the built-in DKIM signer or using
some postfix DKIM signing milter)

Kind regards,

Martijn Brinkers


> Screenshot for current configuration:    https://cl.ly/1i3C232s151e
> 
> 
> On Tue, Jan 9, 2018 at 10:43 AM, Martijn Brinkers
> mailto:mart...@ciphermail.com>> wrote:
> 
> On 09-01-18 16:42, Paul Bronson wrote:
> > @martijn are you sure this allows it to pass right through with the
> > settings configured above? (inherit - off)
> >
> > It doesnt seem to want to pass through...
> 
> What do you mean with "pass through"? meaning the message is not DKIM
> signed? Or the message is not delivered?
> 
> Kind regards,
> 
> Martijn Brinkers
> 
> 
> > On Tue, Jan 9, 2018 at 10:30 AM, Paul Bronson 
> mailto:signaldevelo...@gmail.com>
> >  >> wrote:
> >
> >     I have a plesk server that is setup to send DKIM-signed messages.
> >     This worked previous to putting in ciphermail.
> >
> >     There are many domains on my plesk server sending emails.
> >
> >     Do I need to setup something on Ciphermail to allow it to pass
> through?
> >
> >     Screenshot for current configuration:   
> https://cl.ly/1i3C232s151e
> >
> >
> >
> >     Remember, there are multiple domains on the email server
> behind the
> >     ciphermail that is sending email that needs to keep it's DKIM
> signature
> >
> >
> 
> 
> --
> CipherMail email encryption
> 
> Email encryption with support for S/MIME, OpenPGP, PDF encryption and
> secure webmail pull.
> 
> https://www.ciphermail.com
> 
> Twitter: http://twitter.com/CipherMail
> 
> 


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Set encryption scheme and signing algorith for certain senders

[Martijn Brinkers via Users]

On 09-01-18 17:06, Andi via Users wrote:
> 
> Zitat von Philipp Thielke via Users :
> 
>> Hi Martijn,
>>
>> thanks for adding new encryption scheme and signing algorithm in 3.3.1-0.
>> (RSAES-OAEP)
>>
>> As these are required for German energy market and beyond this not widely
>> supported by many destination systems I would like to configure
>> ciphermail
>> to only use for certain sending (internal) users.
>>
>> Currently I cannot set this. It seems that S/MIME encr. scheme and
>> signing
>> algo. can only be set for (external) receivers.
>>
>> In case of using that feature for enery market there might be 1000
>> external
>> partners and 1-2 internal senders for whom this feature may be enabled.
>>
>> Any idea how to configure that?
>>
>>
>>
>> Mit freundlichen Grüßen
>>
>> Philipp Thielke
>>
> 
> To my knowledge you can create "Users" identified by e-mail address
> which can be internal or external, there is even a setting to create
> them at first e-mail with valid S/MIME type. You should be able to
> assign this Users the encryption settings you need.

Unfortunately, by default, the signing and encryption algorithm is a
recipient only property. This makes sense in most cases because not
every recipient might support the new signing algorithm (RSASSA-PSS) or
padding scheme (RSAES-OAEP). You can then select per domain (or
recipient) whether the recipient support it or not. The OP however want
to use RSAES-OAEP when an email is sent by some domain (or users)
irrespective of whether the recipient support this (at least that is my
understanding). This is not possible with the default config. This can
however be changed by modifying the file that defines the mail flow. The
mail flow, i.e., what should happen when, is defined in the file
config.xml. Within this file you have a processor called "smime" (search
for ).
Within this processor there are rules that setup s/mime signing. For
example there is the rule:


 SHA256WithRSAEncryption

 smime-sign 


This rule defines that if the S/MIME signing algorithm of a recipient is
set to SHA256WithRSAEncryption, then a local attribute for that email
will set to make sure the message is signed with SHA256 and then the
flow continues (jumps) to the "smime-sign" processor.

One option is to short circuit this with a check for a sender property.
For example add the following part before the SHA256WithRSAEncryption
check (not tested!!)


 SHA256WithRSAAndMGF1

 smime-sign 


This will check whether the sender configured SHA256WithRSAAndMGF1
(RSASSA-PSS) as the signing algorithm and if so, will sign the message
with RSASSA-PSS SHA256.

It's important that this check is done before the other signing
algorithm checks. With this new rule in place, if a sender has
configured SHA256WithRSAAndMGF1 as the signing algorithm, the email will
be signed with RSASSA-PSS SHA256.

Similar changes can be done for the encryption algorithm.

I did not test the above changes (but it should work :)

Note: after changing config.xml it's important to restart the back-end
(sudo service djigzo restart)

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] DKIM Signing that flows through Ciphermail

[Martijn Brinkers via Users]

On 09-01-18 16:42, Paul Bronson wrote:
> @martijn are you sure this allows it to pass right through with the
> settings configured above? (inherit - off)
> 
> It doesnt seem to want to pass through...

What do you mean with "pass through"? meaning the message is not DKIM
signed? Or the message is not delivered?

Kind regards,

Martijn Brinkers


> On Tue, Jan 9, 2018 at 10:30 AM, Paul Bronson  > wrote:
> 
> I have a plesk server that is setup to send DKIM-signed messages.
> This worked previous to putting in ciphermail.
> 
> There are many domains on my plesk server sending emails.
> 
> Do I need to setup something on Ciphermail to allow it to pass through?
> 
> Screenshot for current configuration:    https://cl.ly/1i3C232s151e
> 
> 
> 
> Remember, there are multiple domains on the email server behind the
> ciphermail that is sending email that needs to keep it's DKIM signature
> 
> 


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] DKIM

[Martijn Brinkers via Users]

On 09-01-18 16:05, Paul Bronson via Users wrote:
> if my mail server behind my cipher mail server is signing DKIM, does cipher
> mail strip it?

No CipherMail does not strip DKIM. However if DKIM signing on CipherMail
is enabled, email to external recipients will be DKIM signed replacing
the existing DKIM signature.

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Warning about JCE

[Martijn Brinkers via Users]

On 12-12-17 21:45, Martijn Brinkers via Users wrote:
> On 12-12-17 21:40, ratatouille wrote:
>> Hello!
>>
>> Martijn Brinkers via Users  schrieb am 12.12.17 um 
>> 21:23:54 Uhr:
>>
>>>> Since I rebootet the host I see a red warning after logging in.
>>>>
>>>> "The unlimited strength JCE policy files are not properly installed."
>>>>
>>>> Do I have to do so?  
>>>
>>> Which version of Java are you using? Are you using Oracle (SUN) or OpenJDK?
>>
>> # java -version
>> java version "1.8.0_152"
>> Java(TM) SE Runtime Environment (build 1.8.0_152-b16)
>> Java HotSpot(TM) Server VM (build 25.152-b16, mixed mode)
>>
>> This is SUN Oracle I guess.
>>
>> There are two folders in /usr/java/jdk1.8.0_152/jre/lib/security/policy,
>> limited and unlimited and in both are a local_policy.jar and a
>> US_export_policy.jar
> 
> It advised to use OpenJDK and not use SUN Oracle. OpenJDK does not
> require a separate export policy.
> 
> Before starting to experiment with a non standard installation, it's
> best to first start with a standard installation by following the
> installation steps closely.

If you really must use Oracle JDK, you can download the Java
Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
Files here:

http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Warning about JCE

[Martijn Brinkers via Users]

On 12-12-17 21:40, ratatouille wrote:
> Hello!
> 
> Martijn Brinkers via Users  schrieb am 12.12.17 um 
> 21:23:54 Uhr:
> 
>>> Since I rebootet the host I see a red warning after logging in.
>>>
>>> "The unlimited strength JCE policy files are not properly installed."
>>>
>>> Do I have to do so?  
>>
>> Which version of Java are you using? Are you using Oracle (SUN) or OpenJDK?
> 
> # java -version
> java version "1.8.0_152"
> Java(TM) SE Runtime Environment (build 1.8.0_152-b16)
> Java HotSpot(TM) Server VM (build 25.152-b16, mixed mode)
> 
> This is SUN Oracle I guess.
> 
> There are two folders in /usr/java/jdk1.8.0_152/jre/lib/security/policy,
> limited and unlimited and in both are a local_policy.jar and a
> US_export_policy.jar

It advised to use OpenJDK and not use SUN Oracle. OpenJDK does not
require a separate export policy.

Before starting to experiment with a non standard installation, it's
best to first start with a standard installation by following the
installation steps closely.

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Warning about JCE

[Martijn Brinkers via Users]

On 12-12-17 21:21, ratatouille via Users wrote:
> Hello!
> 
> Since I rebootet the host I see a red warning after logging in.
> 
> "The unlimited strength JCE policy files are not properly installed."
> 
> Do I have to do so?

Which version of Java are you using? Are you using Oracle (SUN) or OpenJDK?

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] merging server.xml of tomcat

[Martijn Brinkers via Users]

On 12-12-17 14:28, ratatouille via Users wrote:
> Hello!
> 
> I have djigzo and djigzo-web up and running by copying the server.xml
> of djigzo to /usr/local/tomcat/conf overwriting the default one of tomcat.
> 
> My problem is I tried to merge the djigzo server.xml with default
> tomcat server.xml by inserting the server-block but got an error then:
> 
> Parse Fatal Error at line 146 column 2: Markup im Dokument nach dem 
> Root-Element muss ordnungsgemäß formatiert sein.
> org.xml.sax.SAXParseException; systemId: 
> file:/usr/local/tomcat/conf/server.xml; lineNumber: 146; columnNumber: 2; 
> Markup im Dokument nach dem Root-Element muss ordnungsgemäß formatiert sein.
> 
> Line 146 starts with  followed by the rest of the server.xml
> of djigzo.
> 
> 
> Heavy stuff, new to java and tomcat and djigzo.
> 
> Whats wrong? Is it possbible to merge this two into one server.xml?

It is possible to merge. Perhaps you have an error in your XML (i.e.,
not valid XML). Why do you want to merge it with the existing settings
and not use the provided server.xml?

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] RSAES-OAEP

[Martijn Brinkers via Users]

On 11-12-17 17:21, Stefan Michael Guenther via Users wrote:
> Hello Martijn,
> 
> does CipherMail use RSAES-OAEP (IETF RFC 3447) for key encryption?

Yes since version 3.3.1-0

See

https://www.ciphermail.com/gateway-release-notes.html

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] ciphermail does not start

[Martijn Brinkers via Users]

On 11-12-17 14:05, ratatouille wrote:
> Hello!
> 
> Martijn Brinkers  schrieb am 11.12.17 um 13:34:49 Uhr:
> 
 ls -al /usr/share/djigzo/lib/FastInfoset-1.2.2.jar  
>>>
>>> ls -al /usr/share/djigzo/lib/FastInfoset-1.2.2.jar
>>> -rw-rw-r-- 1 djigzo djigzo 291779  7. Okt 08:34 
>>> /usr/share/djigzo/lib/FastInfoset-1.2.2.jar  
>>
>> Perhaps you have some permission problems with the /usr/share/djigzo
>> directory. Can you try to uninstall the djigzo package and complete
>> remove the /usr/share/djigzo dir and reinstall.
>>
>> I just did a complete install on OpenSUSE Leap 42.2 and it installed
>> without any problems. OpenSUSE 13 is already end of life so perhaps you
>> should try a more recent OpenSUSE.
> 
> The fresh installation went fine, all symlinks were created.
> 
> workstation:/usr/share/djigzo # ll
> insgesamt 2652
> -rw-rw-r-- 1 djigzo djigzo8425  7. Okt 08:34 build.xml
> drwxrwxr-x 8 djigzo djigzo4096 11. Dez 13:45 conf
> -rw-rw-r-- 1 djigzo djigzo 2606134  7. Okt 08:34 djigzo.jar
> drwxrwxr-x 9 djigzo djigzo4096 11. Dez 13:45 james-2.3.1
> drwxrwxr-x 4 djigzo djigzo4096 11. Dez 13:45 lib
> -rw-rw-r-- 1 djigzo djigzo   12062  7. Okt 08:34 LIBRARIES.txt
> drwxrwxr-x 2 djigzo djigzo4096 11. Dez 13:45 licenses
> -rw-rw-r-- 1 djigzo djigzo   34520  7. Okt 08:34 LICENSE.txt
> drwxrwxr-x 2 djigzo djigzo4096  7. Okt 08:34 logs
> -rw-rw-r-- 1 djigzo djigzo 631  7. Okt 08:34 README.txt
> drwxrwxr-x 7 djigzo djigzo4096 11. Dez 13:45 resources
> drwxrwxr-x 3 djigzo djigzo4096 11. Dez 13:45 scripts
> -rw-rw-r-- 1 djigzo djigzo 147 11. Dez 13:56 start-djigzo.sh
> drwxrwxr-x 3 djigzo djigzo4096 11. Dez 13:45 wrapper
> -rw-r--r-- 1 root   root   568 11. Dez 13:56 wrapper.log
> 
> workstation:/usr/share/djigzo/wrapper # ll
> insgesamt 1072
> -rw-rw-r-- 1 djigzo djigzo   2075  7. Okt 08:34 build.xml
> -rw-rw-r-- 1 djigzo djigzo   7975  7. Okt 08:34 djigzo.wrapper.conf
> lrwxrwxrwx 1 djigzo users  45 11. Dez 13:45 libwrapper.so -> 
> wrapper-linux-x86-32-3.5.28/lib/libwrapper.so
> -rw-rw-r-- 1 djigzo djigzo163  7. Okt 08:34 
> wrapper-additional-parameters.conf
> -rw-rw-r-- 1 djigzo djigzo 52  7. Okt 08:34 
> wrapper.dist.Linux.amd64.properties
> -rw-rw-r-- 1 djigzo djigzo 52  7. Okt 08:34 
> wrapper.dist.Linux.i386.properties
> lrwxrwxrwx 1 djigzo users  39 11. Dez 13:45 wrapper-djigzo -> 
> wrapper-linux-x86-32-3.5.28/bin/wrapper
> lrwxrwxrwx 1 djigzo users  43 11. Dez 13:45 wrapper.jar -> 
> wrapper-linux-x86-32-3.5.28/lib/wrapper.jar
> drwxr-xr-x 8 djigzo users4096 11. Dez 13:45 wrapper-linux-x86-32-3.5.28
> -rw-rw-r-- 1 djigzo djigzo 523858  7. Okt 08:34 
> wrapper-linux-x86-32-3.5.28.tar.gz
> -rw-rw-r-- 1 djigzo djigzo 542587  7. Okt 08:34 
> wrapper-linux-x86-64-3.5.28.tar.gz
> 
> workstation:/usr/share/djigzo/wrapper/wrapper-linux-x86-32-3.5.28 # ll
> insgesamt 56
> drwxr-xr-x 2 djigzo users 4096 11. Dez 13:45 bin
> drwxr-xr-x 2 djigzo users 4096 11. Dez 13:45 conf
> drwxr-xr-x 2 djigzo users 4096 11. Dez 13:45 doc
> drwxr-xr-x 2 djigzo users 4096 11. Dez 13:45 lib
> drwxr-xr-x 2 djigzo users 4096 11. Dez 13:45 logs
> -rw-r--r-- 1 djigzo users 6100 13. Jan 2016  README_de.txt
> -rw-r--r-- 1 djigzo users 5627 13. Jan 2016  README_en.txt
> -rw-r--r-- 1 djigzo users 6923 13. Jan 2016  README_es.txt
> -rw-r--r-- 1 djigzo users 7693 13. Jan 2016  README_ja.txt
> drwxr-xr-x 4 djigzo users 4096 11. Dez 13:45 src
> 
> workstation:/usr/share/djigzo/wrapper/wrapper-linux-x86-32-3.5.28/bin # ll
> insgesamt 448
> -rw-r--r-- 1 djigzo users  75811 13. Jan 2016  demoapp
> -rw-r--r-- 1 djigzo users  76260 13. Jan 2016  testwrapper
> -rwxr--r-- 1 djigzo users 302400 13. Jan 2016  wrapper
> 
> workstation:/usr/share/djigzo # sh start-djigzo.sh
> FATAL  | wrapper  | Unable to get the path for 
> './wrapper/wrapper-djigzo'-Datei oder Verzeichnis nicht gefunden
> 
> Even if I put full path into start-djigzo.sh I get
> workstation:/usr/share/djigzo # sh start-djigzo.sh
> FATAL  | wrapper  | Unable to get the path for 
> '/usr/share/djigzo/wrapper/wrapper-djigzo'-Datei oder Verzeichnis nicht 
> gefunden

Files which were generated by the installer or ant script have a
unexpected group. The other files are djigzo:djigzo but some files are
djigzo:users. Could it be that you have umask, ACL or stick bit set to
/usr/ or /usr/share ?

Kind regards,

Martijn Brinkers


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] ciphermail does not start

[Martijn Brinkers via Users]

On 11-12-17 13:13, ratatouille wrote:
> Hello!
> 
>>> # sudo -u djigzo ant -f /usr/share/djigzo/build.xml
>>> Buildfile: /usr/share/djigzo/build.xml
>>>
>>> create-symlinks:
>>>[delete] Deleting directory 
>>> /usr/share/djigzo/james-2.3.1/apps/james/SAR-INF/lib
>>> [mkdir] Created dir: 
>>> /usr/share/djigzo/james-2.3.1/apps/james/SAR-INF/lib
>>>
>>> create-symlink:
>>>  [echo] /usr/share/djigzo/lib/FastInfoset-1.2.2.jar
>>>   [symlink] ln: die symbolische Verknüpfung 
>>> „james-2.3.1/apps/james/SAR-INF/lib/FastInfoset-1.2.2.jar“ konnte nicht 
>>> angelegt werden: Datei oder Verzeichnis nicht gefunden
>>>
>>> BUILD FAILED
>>> /usr/share/djigzo/build.xml:74: The following error occurred while 
>>> executing this line:
>>> /usr/share/djigzo/build.xml:98: ln failed with return code 1  
>>
>> Weird.
>>
>> Does the file /usr/share/djigzo/lib/FastInfoset-1.2.2.jar exist?
> 
> yes
> 
>> If so what is the file permissions/owner?
>>
>> ls -al /usr/share/djigzo/lib/FastInfoset-1.2.2.jar
> 
> ls -al /usr/share/djigzo/lib/FastInfoset-1.2.2.jar
> -rw-rw-r-- 1 djigzo djigzo 291779  7. Okt 08:34 
> /usr/share/djigzo/lib/FastInfoset-1.2.2.jar

Perhaps you have some permission problems with the /usr/share/djigzo
directory. Can you try to uninstall the djigzo package and complete
remove the /usr/share/djigzo dir and reinstall.

I just did a complete install on OpenSUSE Leap 42.2 and it installed
without any problems. OpenSUSE 13 is already end of life so perhaps you
should try a more recent OpenSUSE.

Kind regards,

Martijn Brinkers


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] ciphermail does not start

[Martijn Brinkers via Users]

On 11-12-17 12:03, ratatouille wrote:
> Hello!
> 
> Martijn Brinkers  schrieb am 10.12.17 um 15:53:55 Uhr:
> 
>>> # ant --execdebug
>>> exec "/usr/lib/jvm/java/bin/java" -classpath 
>>> "/usr/share/java/ant.jar:/usr/share/java/ant-launcher.jar:/usr/share/java/jaxp_parser_impl.jar:/usr/share/java/xml-commons-apis.jar:/usr/lib/jvm/java/lib/tools.jar"
>>>  -Dant.home="/usr/share/ant" -Dant.library.dir="/usr/share/ant/lib" 
>>> org.apache.tools.ant.launch.Launcher -cp ""
>>> Buildfile: build.xml does not exist!
>>> Build failed
> 
>> The installation script runs ant with sudo under the user djigzo.
>>
>> What is the output of
>>
>> sudo -u djigzo ant
> 
> Found this one out:
> 
> # ant -f /usr/local/tomcat/webapps/docs/appdev/sample/build.xml
> Buildfile: /usr/local/tomcat/webapps/docs/appdev/sample/build.xml
> Trying to override old definition of datatype resources
> 
> prepare:
> 
> compile:
> [javac] /usr/local/tomcat/webapps/docs/appdev/sample/build.xml:297: 
> warning: 'includeantruntime' was not set, defaulting to 
> build.sysclasspath=last; set to false for repeatable builds
> 
> BUILD SUCCESSFUL
> Total time: 0 seconds
> 
> 
> # sudo -u djigzo ant -f /usr/share/djigzo/build.xml
> Buildfile: /usr/share/djigzo/build.xml
> 
> create-symlinks:
>[delete] Deleting directory 
> /usr/share/djigzo/james-2.3.1/apps/james/SAR-INF/lib
> [mkdir] Created dir: /usr/share/djigzo/james-2.3.1/apps/james/SAR-INF/lib
> 
> create-symlink:
>  [echo] /usr/share/djigzo/lib/FastInfoset-1.2.2.jar
>   [symlink] ln: die symbolische Verknüpfung 
> „james-2.3.1/apps/james/SAR-INF/lib/FastInfoset-1.2.2.jar“ konnte nicht 
> angelegt werden: Datei oder Verzeichnis nicht gefunden
> 
> BUILD FAILED
> /usr/share/djigzo/build.xml:74: The following error occurred while executing 
> this line:
> /usr/share/djigzo/build.xml:98: ln failed with return code 1

Weird.

Does the file /usr/share/djigzo/lib/FastInfoset-1.2.2.jar exist?

If so what is the file permissions/owner?

ls -al /usr/share/djigzo/lib/FastInfoset-1.2.2.jar

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] ciphermail does not start

[Martijn Brinkers via Users]

On 10-12-17 14:09, ratatouille via Users wrote:
> Hello!
> 
> Martijn Brinkers  schrieb am 10.12.17 um 11:18:32 Uhr:
> 
>>> This is an openSUSE 13.2 with
>>>
>>> # java -version
>>> java version "1.8.0_152"
>>> Java(TM) SE Runtime Environment (build 1.8.0_152-b16)
>>> Java HotSpot(TM) Server VM (build 25.152-b16, mixed mode)
>>>
>>> # rpm -ihv djigzo-3.3.1-0.SUSE.noarch.rpm
>>> warning: djigzo-3.3.1-0.SUSE.noarch.rpm: Header V4 DSA/SHA1 Signature, key 
>>> ID 0c345bcc: NOKEY
>>> Preparing...  # 
>>> [100%]
>>> Updating / installing...
>>>1:djigzo-3.3.1-0   # 
>>> [100%]
>>> groupadd: Gruppe »djigzo« existiert bereits.
>>> Fehler: Hauptklasse org.apache.tools.ant.launch.Launcher konnte nicht 
>>> gefunden oder geladen werden
>>> /etc/sudoers.d/x2goserver: Falsche Zugriffsrechte, sollten Modus 0440 sein  
>>
>> There was an error running ant.
>>
>> What if the output of the following command:
>>
>> ant
> 
> # ant --execdebug
> exec "/usr/lib/jvm/java/bin/java" -classpath 
> "/usr/share/java/ant.jar:/usr/share/java/ant-launcher.jar:/usr/share/java/jaxp_parser_impl.jar:/usr/share/java/xml-commons-apis.jar:/usr/lib/jvm/java/lib/tools.jar"
>  -Dant.home="/usr/share/ant" -Dant.library.dir="/usr/share/ant/lib" 
> org.apache.tools.ant.launch.Launcher -cp ""
> Buildfile: build.xml does not exist!
> Build failed
> 
> No matter what version of java I use ant does start.
> 
> # /usr/sbin/update-alternatives --config java
> There are 4 choices for the alternative java (providing /usr/bin/java).
> 
>   SelectionPath Priority   Status
> 
>   0/usr/lib/jvm/jre-1.8.0-openjdk/bin/java   18040 auto mode
>   1/usr/java/latest/bin/java 1 manual mode
>   2/usr/lib/jvm/jre-1.5.0-gcj/bin/java   1500  manual mode
>   3/usr/lib/jvm/jre-1.7.0-openjdk/bin/java   17147 manual mode
> * 4/usr/lib/jvm/jre-1.8.0-openjdk/bin/java   18040 manual mode

The installation script runs ant with sudo under the user djigzo.

What is the output of

sudo -u djigzo ant

Kind regards,

Martijn Brinkers


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] ciphermail does not start

[Martijn Brinkers via Users]

On 09-12-17 23:39, ratatouille wrote:
> Hello!
> 
> This is an openSUSE 13.2 with
> 
> # java -version
> java version "1.8.0_152"
> Java(TM) SE Runtime Environment (build 1.8.0_152-b16)
> Java HotSpot(TM) Server VM (build 25.152-b16, mixed mode)
> 
> # rpm -ihv djigzo-3.3.1-0.SUSE.noarch.rpm
> warning: djigzo-3.3.1-0.SUSE.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID 
> 0c345bcc: NOKEY
> Preparing...  # [100%]
> Updating / installing...
>1:djigzo-3.3.1-0   # [100%]
> groupadd: Gruppe »djigzo« existiert bereits.
> Fehler: Hauptklasse org.apache.tools.ant.launch.Launcher konnte nicht 
> gefunden oder geladen werden
> /etc/sudoers.d/x2goserver: Falsche Zugriffsrechte, sollten Modus 0440 sein

There was an error running ant.

What if the output of the following command:

ant

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] ciphermail does not start

[Martijn Brinkers via Users]

On which SUSE release did you installed it?

Kind regards,

Martijn Brinkers

On 09-12-17 22:07, ratatouille via Users wrote:
> Hello!
> 
> Installed djigzo-3.3.1-0.SUSE.noarch.rpm but I get a
> 
> # ./start-djigzo.sh
> ./start-djigzo.sh: Zeile 3: ./wrapper/wrapper-djigzo: Datei oder Verzeichnis 
> nicht gefunden
> 
> workstation:/usr/share/djigzo/wrapper # ll
> -rw-rw-r-- 1 djigzo djigzo   2075  7. Okt 08:34 build.xml
> -rw-rw-r-- 1 djigzo djigzo   7975  7. Okt 08:34 djigzo.wrapper.conf
> -rw-rw-r-- 1 djigzo djigzo163  7. Okt 08:34 
> wrapper-additional-parameters.conf
> -rw-rw-r-- 1 djigzo djigzo 52  7. Okt 08:34 
> wrapper.dist.Linux.amd64.properties
> -rw-rw-r-- 1 djigzo djigzo 52  7. Okt 08:34 
> wrapper.dist.Linux.i386.properties
> -rw-rw-r-- 1 djigzo djigzo 523858  7. Okt 08:34 
> wrapper-linux-x86-32-3.5.28.tar.gz
> -rw-rw-r-- 1 djigzo djigzo 542587  7. Okt 08:34 
> wrapper-linux-x86-64-3.5.28.tar.gz
> 
> What's wrong? How do I get wrapper-djigzo?
> 
> Greetings
> 
>   Andreas
> ___
> Users mailing list
> Users@lists.djigzo.com
> https://lists.djigzo.com/lists/listinfo/users
> 


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] There are no valid S/MIME encryption certificates for the recipient

[Martijn Brinkers via Users]

On 21-11-17 21:10, de Longpre, Dale wrote:

For my test address I have 3 certificates, they all show in a white
background, they have different validity dates and are all in range.
The key usage on them digitalSignature, extended emailProtection,
clientAuth.   A user that works has a couple like that but also one
cert with a usage of keyEncipherment and extended of
emailProtection.

I would have thought any of them would have worked.



A certificate with a key usage of "digitalSignature, extended 
emailProtection, clientAuth" cannot be used for encryption only for 
digital signing.


The key usage for encryption should either be empty or contain 
"keyEncipherment".


Kind regards,

Martijn Brinkers


-Original Message- From: Martijn Brinkers
[mailto:mart...@ciphermail.com] Sent: Tuesday, November 21, 2017 2:52
PM To: users@lists.djigzo.com Cc: de Longpre, Dale Subject: Re:
[Djigzo users] There are no valid S/MIME encryption certificates for
the recipient

On 21-11-17 20:42, de Longpre, Dale via Users wrote:

As far as I can tell this just started to happen today.  I thought
no emails were being encrypted (all domain based or subject
triggers) but it appears some are going through.  All of the
certificates for domain xyzzy.com come from the same place and when
I look at them they all seem to be valid and similar.  How can I
tell why it isn't selecting a certificate?  I have sent emails to
these people in the past and it has worked.


Can you check the following:

1. Open certificates view

2. filter on email address for which the system reports there is no
valid certificate (but there should be)

3. Check if the found certificates are valid, i.e., shown with a
white background. If the background is gray or red, click on the
subject field to view the certificate details.

Kind regards,

Martijn Brinkers


21 Nov 2017 08:42:33 | INFO There are valid S/MIME encryption 
certificates for the recipient(s); MailID: 
cbb2820b-75a5-4c00-9ddf-8eda62aea341; Recipients: 
[tim.t...@us.xyzzy.com] 
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]


21 Nov 2017 09:09:41 | INFO There are no valid S/MIME encryption 
certificates for the recipient(s); MailID: 
e13bd596-ed8d-49e4-a99f-9027d26aec96; Recipients: 
[keyserv...@de.xyzzy.com]; 
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]


21 Nov 2017 09:14:01 | INFO There are no valid S/MIME encryption 
certificates for the recipient(s); MailID: 
f2a3e321-ecc7-4746-aa45-0363872a10be; Recipients: 
[rb.trustcen...@de.xyzzy.com]; 
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]


21 Nov 2017 10:05:26 | INFO There are no valid S/MIME encryption 
certificates for the recipient(s); MailID: 
18462f58-9ffb-45cc-8d87-1bea8aa23270; Recipients: 
[manny@us.xyzzy.com];

(mitm.application.djigzo.james.mailets.Log) [Spool Thread #3]

21 Nov 2017 11:44:38 | INFO There are no valid S/MIME encryption 
certificates for the recipient(s); MailID: 
ba0c27df-02e7-452b-8545-6abc87df205f; Recipients: 
[manny@us.xyzzy.com];

(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

21 Nov 2017 13:30:58 | INFO There are valid S/MIME encryption 
certificates for the recipient(s); MailID: 
5d6fc5f7-c259-4ee0-8ef7-a3d7cfad4c4b; Recipients: 
[sar@us.xyzzy.com] 
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]


21 Nov 2017 14:07:45 | INFO There are no valid S/MIME encryption 
certificates for the recipient(s); MailID: 
c237b9f6-36bc-412c-a3c4-406d261b19fe; Recipients: [d...@howdy.com]; 
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]


21 Nov 2017 14:08:12 | INFO There are no valid S/MIME encryption 
certificates for the recipient(s); MailID: 
9bebe358-6597-4819-b0e2-1aef3e01a3e3; Recipients:

[d...@howdy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #3]

21 Nov 2017 14:12:26 | INFO There are no valid S/MIME encryption 
certificates for the recipient(s); MailID: 
54f21d50-bcf0-47d9-9e16-1e2cf8bdff5c; Recipients:

[d...@howdy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #2]


Thanks,

Dale

___ Users mailing list 
Users@lists.djigzo.com

https://lists.djigzo.com/lists/listinfo/users




-- CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail




--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] There are no valid S/MIME encryption certificates for the recipient

[Martijn Brinkers via Users]

On 21-11-17 20:42, de Longpre, Dale via Users wrote:

As far as I can tell this just started to happen today.  I thought no
emails were being encrypted (all domain based or subject triggers)
but it appears some are going through.  All of the certificates for
domain xyzzy.com come from the same place and when I look at them
they all seem to be valid and similar.  How can I tell why it isn't
selecting a certificate?  I have sent emails to these people in the
past and it has worked.


Can you check the following:

1. Open certificates view

2. filter on email address for which the system reports there is no 
valid certificate (but there should be)


3. Check if the found certificates are valid, i.e., shown with a white 
background. If the background is gray or red, click on the subject field 
to view the certificate details.


Kind regards,

Martijn Brinkers



21 Nov 2017 08:42:33 | INFO There are valid S/MIME encryption
certificates for the recipient(s); MailID:
cbb2820b-75a5-4c00-9ddf-8eda62aea341; Recipients:
[tim.t...@us.xyzzy.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 09:09:41 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
e13bd596-ed8d-49e4-a99f-9027d26aec96; Recipients:
[keyserv...@de.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

21 Nov 2017 09:14:01 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
f2a3e321-ecc7-4746-aa45-0363872a10be; Recipients:
[rb.trustcen...@de.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]

21 Nov 2017 10:05:26 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
18462f58-9ffb-45cc-8d87-1bea8aa23270; Recipients:
[manny@us.xyzzy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #3]

21 Nov 2017 11:44:38 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
ba0c27df-02e7-452b-8545-6abc87df205f; Recipients:
[manny@us.xyzzy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #0]

21 Nov 2017 13:30:58 | INFO There are valid S/MIME encryption
certificates for the recipient(s); MailID:
5d6fc5f7-c259-4ee0-8ef7-a3d7cfad4c4b; Recipients:
[sar@us.xyzzy.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 14:07:45 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
c237b9f6-36bc-412c-a3c4-406d261b19fe; Recipients: [d...@howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

21 Nov 2017 14:08:12 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
9bebe358-6597-4819-b0e2-1aef3e01a3e3; Recipients: [d...@howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #3]

21 Nov 2017 14:12:26 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
54f21d50-bcf0-47d9-9e16-1e2cf8bdff5c; Recipients: [d...@howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]


Thanks,

Dale

___ Users mailing list 
Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users





--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Archive for old djigzo/ciphermail versions?

[Martijn Brinkers via Users]

On 07-11-17 08:43, Stefan Günther via Users wrote:

is there an archive for older djigzo versions where I could download a 2.x.x 
virtual appliance?


Not online but I can upload an older version. Which version do you need?

Kind regards,

Martijn

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Restore DB from an old Djigzo installation fails partially

[Martijn Brinkers via Users]

On 06-11-17 21:56, Stefan Michael Guenther via Users wrote:

Good evening,

one of our clients decided to only use pg_dump to backup his Djigzo 
Installation, which was probably about 6 years old.

During the last weekend the single(!) hard disk gave up.

A restore of the database produced a number of error messages which seemed to 
be related to the postgresql db itself.


What error messages are produced?


The current status of the ciphermail installation is, that all certificates 
were imported, but the aren't any users.

Has this been caused by a change in the structure of the database?

Shall we try to install an old 2.x djigzo, import the database and than perform 
a regular backup via the webinterface?


The database changes between versions were minimal. Only tables were 
added but not modified.


Is the SQL dump in binary format or text format? If in binary format it 
could be that the binary format is not compatible with a newer 
PostgreSQL release. One option in that case would be to import the dump 
into an older version of PostgreSQL and then dump in text format.


Kind regards,

Martijn

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

[Djigzo users] New release of the CipherMail gateway (3.3.1-0)

[Martijn Brinkers via Users]

A new version of the CipherMail email encryption gateway has been
released (3.3.1-0)

Virtual Appliance downloads:

https://www.ciphermail.com/downloads-virtual-appliance.html

Distribution packages downloads:

https://www.ciphermail.com/downloads-gateway-distributions.html

Release notes:

New

* S/MIME support for RSASSA-PSS signing algorithm added (requirement for
  the German edi@energy standard)
* S/MIME support for RSAES-OAEP encryption scheme added (requirement for
  the German edi@energy standard)
* RPM packages can now be relocated
* PGPSkipSignOnly property added
* Active Directory GUI authenticator added [enterprise only]

Bugs/Improvements/Changes

* Trying to export a PGP secret key to a file resulted in a
  NullPointerException if the selected keys did not contain any private
  key.
* BouncyCastle updated to 1.58. Note: the updated BC jar now strictly
  follows the standards for ASN1 Integer encoding. Because of this some
  old incorrectly encoded certificates might now be considered invalid.
  To revert to the old less strict encoding, set the following Java
  System property 'org.bouncycastle.asn1.allow_unsafe_integer' to 'true'
* Freemarker updated
* MPA log search filter now has a "context" option. If the context is
  set, context number of log lines before and after the match will be
  shown. This makes it easier to search for multi line log output.
* SMTP transport config is now directly editable from the GUI
  [enterprise only]
* SMTP transport now allows mapping from email address to relay
  [enterprise only]
* Virtual Appliance: DHCP client was not stopped when changing from DHCP
  to static IP

Upgrade guide can be downloaded from:

http://www.ciphermail.com/documents/upgrade-guide.pdf

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

http://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] backend tool to export keys available?

[Martijn Brinkers via Users]

On 05-10-17 17:25, Olaf Schwarz via Users wrote:

Hi all,

is there a way to export all "keys" (pgp public keys and S/MIME public
keys) from a ciphermail instance?
So far I found a way to import keys via the backend
(mitm.application.djigzo.tools.CertManager). This is already very helpful.
But I could not find a way to export.
Doing it one by one via the web-interface is not an option. Would need a
solution which can be automated (preferably via a cron job).


I have uploaded a jar file which you can use to export the certificates 
and public PGP keys.


The command should be run from the command line of the CipherMail gateway

1) download

wget https://www.ciphermail.com/downloads/other/export-tool.jar
wget https://www.ciphermail.com/downloads/other/export-tool.jar.asc

verify jar

gpg --verify export-tool.jar.asc

2) Exporting certificates

java -cp 
export-tool.jar:/usr/share/djigzo/djigzo.jar:/usr/share/djigzo/lib/* 
mitm.application.djigzo.tools.CertStore --export-certificates --dir 
/home/sa/temp


Note: replace /home/sa/temp with the correct dir to which the exported 
certs will be written to


3) Exporting PGP public keys

java -cp 
export-tool.jar:/usr/share/djigzo/djigzo.jar:/usr/share/djigzo/lib/* 
mitm.application.djigzo.tools.PGPTool --export-public-keys --dir 
/home/sa/temp


Note: replace /home/sa/temp with the correct dir to which the exported 
PGP key will be written to



The jar is an updated version of the CertStore and PGPTool command. The 
upcoming CipherMail release will already have these updates.


Kind regards,

Martijn Brinkers
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] backend tool to export keys available?

[Martijn Brinkers via Users]

On 05-10-17 17:25, Olaf Schwarz via Users wrote:

Hi all,

is there a way to export all "keys" (pgp public keys and S/MIME public
keys) from a ciphermail instance?
So far I found a way to import keys via the backend
(mitm.application.djigzo.tools.CertManager). This is already very helpful.
But I could not find a way to export.
Doing it one by one via the web-interface is not an option. Would need a
solution which can be automated (preferably via a cron job).

Any hint/help would be very much appreciated.


At the moment there there is no command line tool supporting export. 
However adding this functionality is not difficult. I'll see whether I 
can make a tool available which allows you to export the PGP public keys 
and certificates.


Kind regards,

Martijn Brinkers
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] convert mailvelope keys from .asc format to ciphermail .p12 format

[Martijn Brinkers via Users]

He was using the Android App, not the gateway :)

The Android App does not support PGP keys. He wanted to reuse the PGP 
key for S/MIME. Since PGP keys and S/MIME keys are completely different, 
this is not supported.


Kind regards,

Martijn

On 28-09-17 13:08, Dino Edwards via Users wrote:

What version of ciphermail are you running?

-Original Message-
From: Ohad Hershkovitz via Users [users@lists.djigzo.com]
Received: Thursday, 28 Sep 2017, 6:29AM
To: users@lists.djigzo.com [users@lists.djigzo.com]
Subject: Re: [Djigzo users] convert mailvelope keys from .asc format to 
ciphermail .p12 format

thanx Martijn, but where do i select PGP? i see no such option in
ciphermail...

Ohad




On Thu, Sep 28, 2017 at 1:00 PM,  wrote:


Send Users mailing list submissions to
 users@lists.djigzo.com

To subscribe or unsubscribe via the World Wide Web, visit
 https://lists.djigzo.com/lists/listinfo/users
or, via email, send a message with subject or body 'help' to
 users-requ...@lists.djigzo.com

You can reach the person managing the list at
 users-ow...@lists.djigzo.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Users digest..."


Today's Topics:

1. convert mailvelope keys from .asc format to   ciphermail .p12
   format (Ohad Hershkovitz)
2. Re: convert mailvelope keys from .asc format to ciphermail
   .p12 format (Martijn Brinkers)


--

Message: 1
Date: Mon, 25 Sep 2017 13:51:27 +0300
From: Ohad Hershkovitz 
To: users@lists.djigzo.com
Subject: [Djigzo users] convert mailvelope keys from .asc format to
 ciphermail .p12 format
Message-ID:
 
Content-Type: text/plain; charset="UTF-8"

hello, i am trying to setup ciphermail and would like to import my existing
keys from mailvelope. mailvelope exports .asc format and ciphermail
requires .p* format. how do we convert them? thanx


--

Message: 2
Date: Wed, 27 Sep 2017 12:35:00 +0200
From: Martijn Brinkers 
To: users@lists.djigzo.com
Subject: Re: [Djigzo users] convert mailvelope keys from .asc format
 to ciphermail .p12 format
Message-ID: <9ce80343-07e5-dd1d-c0ee-68f554f34...@ciphermail.com>
Content-Type: text/plain; charset=utf-8; format=flowed

Hi Ohad,

On 25-09-17 12:51, Ohad Hershkovitz via Users wrote:

hello, i am trying to setup ciphermail and would like to import my

existing

keys from mailvelope. mailvelope exports .asc format and ciphermail
requires .p* format. how do we convert them? thanx


You cannot user your PGP key for S/MIME. An S/MIME is imported from a
.p12 file. PGP keys get imported from .asc files.

To import your PGP key (.asc), click on PGP, then on left hand menu
click "Import keyring", select asc file and provide password.

Kind regards,

Martijn Brinkers


--

Subject: Digest Footer

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users


--

End of Users Digest, Vol 96, Issue 1



___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users



___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] convert mailvelope keys from .asc format to ciphermail .p12 format

[Martijn Brinkers via Users]

Hi Ohad,

On 25-09-17 12:51, Ohad Hershkovitz via Users wrote:

hello, i am trying to setup ciphermail and would like to import my existing
keys from mailvelope. mailvelope exports .asc format and ciphermail
requires .p* format. how do we convert them? thanx


You cannot user your PGP key for S/MIME. An S/MIME is imported from a 
.p12 file. PGP keys get imported from .asc files.


To import your PGP key (.asc), click on PGP, then on left hand menu 
click "Import keyring", select asc file and provide password.


Kind regards,

Martijn Brinkers
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Upgrade error

[Martijn Brinkers via Users]

On 28-08-17 21:14, Arie Koppelaar wrote:

The difference turned out to be the rule (in the latest appliance version):
message_size_limit = ${djigzo_after_filter_message_size_limit}
of the file main.cf, rule 71


The line message_size_limit = ${djigzo_after_filter_message_size_limit} 
was already part of main.cf from the first release.


Not sure why this was different in your case. Perhaps some postfix 
upgrade script changed it...


Did it work after you set message_size_limit to?:

message_size_limit = ${djigzo_after_filter_message_size_limit}

Kind regards,

Martijn Brinkers



Arie Koppelaar via Users schreef op 27-08-2017 18:37:

Thanks for your reply. Your remark about the sudo rights was spot on.
For some reason the file /etc/sudoer.d/ciphermail was lost during the
upgrade. After recreating it, the problem was solved.

Here's the first part of the mail.conf, presuming that the info you need.

# setting starting with djigzo_ will be overwritten when applying the
MTA settings
djigzo_myhostname = ciphermail.example.com
djigzo_mydestination =
djigzo_mynetworks = 192.168.1.0/24
djigzo_relayhost = mail2.example.com
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_relay_domains = example.com, example.nl, example.net
djigzo_before_filter_message_size_limit = 10240
djigzo_after_filter_message_size_limit = 51200
djigzo_mailbox_size_limit = 51200
djigzo_smtp_helo_name =
djigzo_relay_transport_host = mail.example.com
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains =
djigzo_rbl_clients =


---
Groetjes,

Arie

Martijn Brinkers via Users schreef op 27-08-2017 18:14:

On 27-08-17 00:39, Arie Koppelaar via Users wrote:

After upgrading from 3.1.1 to 3.2.7 a couple of things went wrong.
- From the webinterface menu: Admin/MTA/config - The following error 
appeared:

An unexpected application exception has occurred.

Render queue error in 
BeforeRenderTemplate[admin/mta/Config:relaydomains]: Failure reading 
parameter 'model' of component admin/mta/Config:relaydomains: 
ProcessException: Error running 
[/usr/share/djigzo/scripts/execute-script.sh,postfix-main-config,-g]. exit 
value: 1 (1), Class: class mitm.common.util.ProcessException




This error is shown when the script cannot be executed. This might be
cause by some sudoers issue or a script which cannot be executed or
some config file which cannot be loaded

Try to execute the following command

sudo -u djigzo /usr/share/djigzo/scripts/execute-script.sh
postfix-main-config -g

It should only ask for your password (for sudo) and not for the
password of the djigzo user. The command should return the postfix
main config file and execute without any errors.

- When restarting postfix from the Bash shell, the following error 
appears:
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
djigzo_after_filter_message_size_limit=51200


This is a warning from Postfix. In a default CipherMail Postfix config
this parameter should be used. The warning is just a warning. Postfix
should still be able to run. It could be that you modified the main
config and that this parameter is not used (hence the warning). Can
you show you postfix main config?

Kind regards,

Martijn Brinkers

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users



--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Upgrade error

[Martijn Brinkers via Users]

On 27-08-17 00:39, Arie Koppelaar via Users wrote:

After upgrading from 3.1.1 to 3.2.7 a couple of things went wrong.
- From the webinterface menu: Admin/MTA/config - The following error 
appeared:

An unexpected application exception has occurred.

Render queue error in 
BeforeRenderTemplate[admin/mta/Config:relaydomains]: Failure reading 
parameter 'model' of component admin/mta/Config:relaydomains: 
ProcessException: Error running 
[/usr/share/djigzo/scripts/execute-script.sh,postfix-main-config,-g]. 
exit value: 1 (1), Class: class mitm.common.util.ProcessException




This error is shown when the script cannot be executed. This might be 
cause by some sudoers issue or a script which cannot be executed or some 
config file which cannot be loaded


Try to execute the following command

sudo -u djigzo /usr/share/djigzo/scripts/execute-script.sh 
postfix-main-config -g


It should only ask for your password (for sudo) and not for the password 
of the djigzo user. The command should return the postfix main config 
file and execute without any errors.



- When restarting postfix from the Bash shell, the following error appears:
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
djigzo_after_filter_message_size_limit=51200


This is a warning from Postfix. In a default CipherMail Postfix config 
this parameter should be used. The warning is just a warning. Postfix 
should still be able to run. It could be that you modified the main 
config and that this parameter is not used (hence the warning). Can you 
show you postfix main config?


Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Encrypting attachment

[Martijn Brinkers via Users]

On 09-08-17 17:50, Paul Bronson via Users wrote:

Using OTP, when someone encrypts a message outbound and it has a PDF
attachment, it doesn't get attached. Is that expected behavior?


Is the sender using Mac Mail?

You might try to enable the advanced PDF options "Deep scan"

From release notes (https://www.ciphermail.com/gateway-release-notes.html):

"PDF encryption now supports deep scanning which scans the complete MIME 
message"


For more info see https://jira.djigzo.com/browse/GATEWAY-89

Kind regards,

Martijn Brinkers


___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] TLS Not Enabled by Default?

[Martijn Brinkers via Users]

On 08/06/2017 12:00 AM, Paul Bronson via Users wrote:
> I noticed that the TLS option is commented out.. and I noticed the
> ciphermail system doesn't use TLS? Why is this?

Nothing stops you from enabling TLS. If you want the SMTP server to
accept TLS, you need to configure a SSL/TLS certificate with private key
(with the enterprise and SME edition, there is functionality to upload a
key/cert, with the free edition you need to install this on the command
line but that is easy). For client side TLS (i.e., use TLS when
CipherMail connects to another SMTP server) a cert is not required. You
can enable the following settings in the MTA config file (Admin -> MTA
-> MTA config file)

smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_loglevel = 1

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] HTML on template

[Martijn Brinkers via Users]

Please send the template off-list. It looks like the mailing software
strips attachments (for security reasons).

I'll have a quick look (but I can't promise I'll fix it)

Kind regards,

Martijn

On 06/28/2017 05:20 PM, Paul Bronson wrote:
> HI Martijn,  can you help with this template?
> 
> On Tue, Jun 27, 2017 at 4:01 PM, Paul Bronson  <mailto:signaldevelo...@gmail.com>> wrote:
> 
> Hi,
> 
> I have been trying with this template but had a hard time making the
> button work.
> 
> Can you assist?
> 
> 
> 
> On Tue, Jun 27, 2017 at 11:30 AM, Martijn Brinkers via Users
> mailto:users@lists.djigzo.com>> wrote:
> 
> On 06/27/2017 04:30 PM, Paul Bronson via Users wrote:
> > Hi everyone,
> >
> > Can someone help me with inserting HTML into the OTP template?
> I have tired
> > many different times and I am not familiar with the syntax
> that the system
> > users. Any help would be appreciated. I have tried looking at
> websites for
> > learning the syntax but It doesn't give a clear understanding
> of inserting
> > the HTML.
> 
> Creating an HTML template is more or less similar to creating an
> HTML
> email. The only thing that should be added is some freemarker
> code that
> adds certain content. I'm not going to explain all details on how to
> create an HTML email because there are probably a lot of tutorials
> online for doing that.
> 
> For example, the "Encrypted PDF OTP Invite" mail contains the
> following
> text part (take the text between BEGIN PART and END PART)
> 
> =BEGIN PART=
> Content-Type: text/plain; charset=UTF-8; format=flowed
> Content-Transfer-Encoding: quoted-printable
> 
> [SNIP]
> 
> <#assign passwordID = passwordContainer.passwordID!>
> <#assign passwordLength = passwordContainer.passwordLength!>
> <#assign baseURL = .vars["user.otpURL"]!>
> <#if baseURL != "">
> <#assign recipient = recipients[0]>
> <#assign portalInvitations =
> mail.getAttribute("djigzo.portalInvitations")>
> <#assign portalInvitation = portalInvitations[recipient]>
> <#assign
> 
> url=baseURL+'?id='+passwordID+'&pwl='+passwordLength+'&email='+recipient?url('UTF-8')+'&ts='+portalInvitation.timestamp?c+'&action=signup&mac='+portalInvitation.mac>
> ${qp(url)}
> 
> 
> The password ID of this email is: ${passwordID}
> 
> <#if (from.personal)??>
> Best regards,
> 
> ${qp(from.personal)}
> 
> =END PART=
> 
> The above part will result in the body text of the invite email.
> You can
> replace this by replacing it with HTML content.
> 
> You should be careful with adding HTML because the body should be
> quoted-printable encoded (this for example means that = need to be
> written as =3D when used in the body). Alternatively you can base64
> encode the complete body and set Content-Transfer-Encoding to
> base64.
> This way you can use HTML without having to encode the = symbols.
> 
> Basic example (this is just an example of an HTML template and not
> optimized nor good looking)
> 
> =BEGIN PART=
> Content-Type: text/html; charset=UTF-8;
> Content-Transfer-Encoding: quoted-printable
> 
> 
> 
> Hi,
> 
> 
> This message contains a password encrypted pdf file. The
> password for
> the pdf can be retrieved by logging into the web portal.
> 
> 
> 
> The first time you login, you need to choose a new password.
> 
> 
> 
> You can read the message by following these steps:
> 
> 
> 
>   click the link below.
>   choose a password, and confirm it by typing it again.
>   log in to the site with the password you just chose.
>   press 'generate' to generate the password to the pdf
> file.
>   copy the generated password.
>   open the pdf file, attached to the email you received, and
> paste
> the password in 

Re: [Djigzo users] Servers wont talk to me!

[Martijn Brinkers via Users]

>> lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:user
>>> s...@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:use
>>> r...@lists.djigzo.com<mailto:users@lists.djigzo.com>>>>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@
>>> lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:user
>>> s...@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:use
>>> r...@lists.djigzo.com<mailto:users@lists.djigzo.com>>>>>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@
>>> lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:user
>>> s...@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:use
>>> r...@lists.djigzo.com<mailto:users@lists.djigzo.com>>>>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@
>>> lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:user
>>> s...@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:use
>>> r...@lists.djigzo.com<mailto:users@lists.djigzo.com>>>>>>> wrote:
>>> You don't need both. One or the other, although Postfix is recommended.
>>>
>>> Different site, meaning different server?
>>>
>>> -Original Message-
>>> From: Users [mailto:users-boun...@lists.djigzo.com<mailto:users-bounces@
>>> lists.djigzo.com><mailto:users-boun...@lists.djigzo.com>> users-boun...@lists.djigzo.com>><mailto:users-boun...@lists.djigzo.com<
>>> mailto:users-boun...@lists.djigzo.com><mailto:users-
>>> boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com>>>>> users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com
>>>> <mailto:users-boun...@lists.djigzo.com<mailto:users-bounces@lists.
>>> djigzo.com>><mailto:users-boun...@lists.djigzo.com>> users-boun...@lists.djigzo.com><mailto:users-boun...@lists.djigzo.com<
>>> mailto:users-boun...@lists.djigzo.com>>>><mailto:users-
>>> boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com>>> users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com
>>>>> <mailto:users-boun...@lists.djigzo.com<mailto:users-bounces@lists.
>>> djigzo.com><mailto:users-boun...@lists.djigzo.com>> users-boun...@lists.djigzo.com>>><mailto:users-boun...@lists.djigzo.com<
>>> mailto:users-boun...@lists.djigzo.com><mailto:users-
>>> boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com>>>> users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com
>>>> <mailto:users-boun...@lists.djigzo.com<mailto:users-bounces@lists.
>>> djigzo.com>>>>><mailto:users-boun...@lists.djigzo.com>> users-boun...@lists.djigzo.com><mailto:users-boun...@lists.djigzo.com<
>>> mailto:users-boun...@lists.djigzo.com>><mailto:users-
>>> boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com>>> users-boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com
>>>>>> <mailto:users-boun...@lists.djigzo.com<mailto:users-bounces@lists.
>>> djigzo.com><mailto:users-boun...@lists.djigzo.com>> users-boun...@lists.djigzo.com>><mailto:users-boun...@lists.djigzo.com<
>>> mailto:users-boun...@lists.djigzo.com><mailto:users-
>>> boun...@lists.djigzo.com<mailto:users-boun...@lists.djigzo.com
>>>>>>> <mailto:users-boun...@lists.djigzo.com<mailto:users-bounces@lists.
>>> djigzo.com><mailto:users-boun...@lists.djigzo.com>> users-boun...@lists.djigzo.com>><mailto:users-b

Re: [Djigzo users] Servers wont talk to me!

[Martijn Brinkers via Users]

lt;mailto:users-
>> boun...@lists.djigzo.com>><mailto:users-boun...@lists.djigzo.com> users-boun...@lists.djigzo.com><mailto:users-boun...@lists.djigzo.com
>> <mailto:users-boun...@lists.djigzo.com>>>>>>] On Behalf Of Paul Bronson
>> via Users
>> Sent: Monday, June 26, 2017 1:57 PM
>> To: Martijn Brinkers mailto:mart...@ciphermail.com
>>> <mailto:mart...@ciphermail.com<mailto:mart...@ciphermail.com>>> mart...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:martijn@
>> ciphermail.com<mailto:mart...@ciphermail.com>>><mailto:marti
>> j...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:mart
>> i...@ciphermail.com<mailto:mart...@ciphermail.com>><mailto:ma
>> rt...@ciphermail.com<mailto:mart...@ciphermail.com>> art...@ciphermail.com<mailto:mart...@ciphermail.com>>>>> mart...@ciphermail.com<mailto:mart...@ciphermail.com>> mart...@ciphermail.com<mailto:mart...@ciphermail.com>>> mart...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:martijn@
>> ciphermail.com<mailto:mart...@ciphermail.com>>><mailto:marti
>> j...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:mart
>> i...@ciphermail.com<mailto:mart...@ciphermail.com>><mailto:ma
>> rt...@ciphermail.com<mailto:mart...@ciphermail.com>> art...@ciphermail.com<mailto:mart...@ciphermail.com>>>>>> mart...@ciphermail.com<mailto:mart...@ciphermail.com>> mart...@ciphermail.com<mailto:mart...@ciphermail.com>>> mart...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:martijn@
>> ciphermail.com<mailto:mart...@ciphermail.com>>><mailto:marti
>> j...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:mart
>> i...@ciphermail.com<mailto:mart...@ciphermail.com>><mailto:ma
>> rt...@ciphermail.com<mailto:mart...@ciphermail.com>> art...@ciphermail.com<mailto:mart...@ciphermail.com>>>>> mart...@ciphermail.com<mailto:mart...@ciphermail.com>> mart...@ciphermail.com<mailto:mart...@ciphermail.com>>> mart...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:martijn@
>> ciphermail.com<mailto:mart...@ciphermail.com>>><mailto:marti
>> j...@ciphermail.com<mailto:mart...@ciphermail.com><mailto:mart
>> i...@ciphermail.com<mailto:mart...@ciphermail.com>><mailto:ma
>> rt...@ciphermail.com<mailto:mart...@ciphermail.com>> art...@ciphermail.com<mailto:mart...@ciphermail.com>>>>>>>
>> Cc: users@lists.djigzo.com<mailto:users@lists.djigzo.com>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.
>> djigzo.com<mailto:users@lists.djigzo.com>>><mailto:users@lists.djigzo.com
>> <mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users
>> @lists.djigzo.com>><mailto:users@lists.djigzo.com<mailto:use
>> r...@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:us
>> e...@lists.djigzo.com>>>><mailto:users@lists.djigzo.com> users@lists.djigzo.com><mailto:users@lists.djigzo.com> users@lists.djigzo.com>><mailto:users@lists.djigzo.com> users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.
>> djigzo.com>>><mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com
>>> <mailto:users@lists.djigzo.com<mailto:users@lists.djigzo.com>><mailto:use
>> r...@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:us
>> e...@lists.djigzo.com<mailto:users@lists.djigzo.com>>>>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>> users@lists.djigzo.com<mailto:users@lists.djigzo.com>>> users@lists.djigzo.com<mailto:users@lists.djigzo.com><mailto:users@lists.
>> djigzo.com<mailto:users@lists.djigzo.com>>><mailto:users@lists.djigzo.com
>> <mailto:users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users
>> @lists.djigzo.com>><mailto:users@lists.djigzo.com<mailto:use
>> r...@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:us
>> e...@lists.djigzo.com>>>><mailto:users@lists.djigzo.com> users@lists.djigzo.com><mailto:users@lists.djigzo.com> users@lists.djigzo.com>><mailto:users@lists.djigzo.com> users@lists.djigzo.com><mailto:users@lists.djigzo.com<mailto:users@lists.
>> djigzo.com>>><mailto:users@lists.djigzo.com<ma

Re: [Djigzo users] DLP Encryption

[Martijn Brinkers via Users]

On 06/27/2017 04:37 PM, Paul Bronson via Users wrote:
> Hey Martijn!
> 
> I would be taking the keywords from:
> 
> https://www.fda.gov/downloads/Drugs/DevelopmentApprovalProcess/UCM071118.pdf
> 
> and putting them into a list. I'd like the trigger to check if one of these
> words is in an email and if it's NOT encrypt, to encrypt it.
> 
> Can you help me with the settings? Thanks :)

A list of keywords to match on is easy. Just make sure the keywords are
added in lowercase and the keywords are separated with |

Did you read the DLP setup guide?

https://www.ciphermail.com/documents/html/dlp-setup-guide/

There should be examples of what you need.

I have attached an example of a couple of keywords. The example xml file
can be imported using "Import patterns" on the DLP Policy Patterns page.

Because the list is a long list of keywords, I suggest you create
several patterns, for example a file with all products names starting
with A, a file with product names starting with B etc. But that is up to
you.

If you created the list you might share it with the group so others
might benefit.

Kind regards,

Martijn Brinkers



> On Tue, Jun 27, 2017 at 10:33 AM, Martijn Brinkers via Users <
> users@lists.djigzo.com> wrote:
> 
>> On 06/27/2017 04:29 PM, Paul Bronson via Users wrote:
>>> Hi,
>>>
>>> Anyone have any ideas on this? On other solutions it's possible to select
>>> HIPAA triggers in DLP and just encrypt it and let it go out. Does this
>>> solution do it?
>>
>> There are no HIPAA specific triggers. You can however create a list of
>> HIPAA specific DLP patterns. The DLP triggers are regular expression
>> patterns which can match certain content in the body (or subject) of an
>> email.
>>
>> Do you have a list of keywords/patterns that should be detected for HIPAA?
>>
>> Kind regards,
>>
>> Martijn Brinkers
>>
>> --
>> CipherMail email encryption
>>
>> Email encryption with support for S/MIME, OpenPGP, PDF encryption and
>> secure webmail pull.
>>
>> https://www.ciphermail.com
>>
>> Twitter: http://twitter.com/CipherMail
>> ___
>> Users mailing list
>> Users@lists.djigzo.com
>> https://lists.djigzo.com/lists/listinfo/users
>>
> ___
> Users mailing list
> Users@lists.djigzo.com
> https://lists.djigzo.com/lists/listinfo/users
> 


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail



false
HIPAA product names A
MUST_ENCRYPT
a-hydrocort|hydrocortisone|sodium|succinate|a-methapred|methylprednisolone sodium succinate
1


___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] HTML on template

[Martijn Brinkers via Users]

On 06/27/2017 04:30 PM, Paul Bronson via Users wrote:
> Hi everyone,
> 
> Can someone help me with inserting HTML into the OTP template? I have tired
> many different times and I am not familiar with the syntax that the system
> users. Any help would be appreciated. I have tried looking at websites for
> learning the syntax but It doesn't give a clear understanding of inserting
> the HTML.

Creating an HTML template is more or less similar to creating an HTML
email. The only thing that should be added is some freemarker code that
adds certain content. I'm not going to explain all details on how to
create an HTML email because there are probably a lot of tutorials
online for doing that.

For example, the "Encrypted PDF OTP Invite" mail contains the following
text part (take the text between BEGIN PART and END PART)

=BEGIN PART=
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

[SNIP]

<#assign passwordID = passwordContainer.passwordID!>
<#assign passwordLength = passwordContainer.passwordLength!>
<#assign baseURL = .vars["user.otpURL"]!>
<#if baseURL != "">
<#assign recipient = recipients[0]>
<#assign portalInvitations = mail.getAttribute("djigzo.portalInvitations")>
<#assign portalInvitation = portalInvitations[recipient]>
<#assign
url=baseURL+'?id='+passwordID+'&pwl='+passwordLength+'&email='+recipient?url('UTF-8')+'&ts='+portalInvitation.timestamp?c+'&action=signup&mac='+portalInvitation.mac>
${qp(url)}


The password ID of this email is: ${passwordID}

<#if (from.personal)??>
Best regards,

${qp(from.personal)}

=END PART=

The above part will result in the body text of the invite email. You can
replace this by replacing it with HTML content.

You should be careful with adding HTML because the body should be
quoted-printable encoded (this for example means that = need to be
written as =3D when used in the body). Alternatively you can base64
encode the complete body and set Content-Transfer-Encoding to base64.
This way you can use HTML without having to encode the = symbols.

Basic example (this is just an example of an HTML template and not
optimized nor good looking)

=BEGIN PART=
Content-Type: text/html; charset=UTF-8;
Content-Transfer-Encoding: quoted-printable



Hi,


This message contains a password encrypted pdf file. The password for
the pdf can be retrieved by logging into the web portal.



The first time you login, you need to choose a new password.



You can read the message by following these steps:



  click the link below.
  choose a password, and confirm it by typing it again.
  log in to the site with the password you just chose.
  press 'generate' to generate the password to the pdf file.
  copy the generated password.
  open the pdf file, attached to the email you received, and paste
the password in the password box.



Next time you receive an encrypted pdf file, the email will contain a
link, and you can login with your password


<#assign passwordID = passwordContainer.passwordID!>
<#assign passwordLength = passwordContainer.passwordLength!>
<#assign baseURL = .vars["user.otpURL"]!>
<#if baseURL != "">
<#assign recipient = recipients[0]>
<#assign portalInvitations = mail.getAttribute("djigzo.portalInvitations")>
<#assign portalInvitation = portalInvitations[recipient]>
<#assign
url=baseURL+'?id='+passwordID+'&pwl='+passwordLength+'&email='+recipient?url('UTF-8')+'&ts='+portalInvitation.timestamp?c+'&action=signup&mac='+portalInvitation.mac>
link



The password ID of this email is: ${passwordID}


<#if (from.personal)??>

Best regards,

${qp(from.personal)}




---
Sent with CIPHERMAIL

=END PART=

I have attached the full example template. Other templates should be
done in a similar way.

An easy way to create HTML email is to use MJML (https://mjml.io/).

Kind regards,

Martijn Brinkers


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
Content-Type: multipart/mixed; boundary="${boundary}"

--${boundary}
Content-Type: text/html; charset=UTF-8;
Content-Transfer-Encoding: quoted-printable



Hi,


This message contains a password encrypted pdf file. The password for
the pdf can be retrieved by logging into the web portal.



The first time you login, you need to choose a new password.



You can read the message by following these steps:



  click the link below.
  choose a password, and confirm it by typing it again.
  log in to the site with the password you just chose.
  press 'generate' to generate the password to the pdf file.
  copy the generated password.
  open the pdf file, attached to the email you received, and paste the 
password in the password box.
 


Next time you receive an encrypted pdf file, the email will contain a
link, and you can login with your password


<#assign passwo

Re: [Djigzo users] DLP Encryption

[Martijn Brinkers via Users]

On 06/27/2017 04:29 PM, Paul Bronson via Users wrote:
> Hi,
> 
> Anyone have any ideas on this? On other solutions it's possible to select
> HIPAA triggers in DLP and just encrypt it and let it go out. Does this
> solution do it?

There are no HIPAA specific triggers. You can however create a list of
HIPAA specific DLP patterns. The DLP triggers are regular expression
patterns which can match certain content in the body (or subject) of an
email.

Do you have a list of keywords/patterns that should be detected for HIPAA?

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Servers wont talk to me!

[Martijn Brinkers via Users]

On 06/22/2017 10:32 PM, Paul Bronson via Users wrote:
> Okay here is what I have.. Still not sure what's wrong.
> 
> http://imgur.com/a/k0ysM
> http://imgur.com/a/QuyaO
> http://imgur.com/a/9pNyl
> 
> I have the IP listed in my networks.
> 
> So my setup goes like this:
> 
> Incoming email >> firewall >> email server
> 
> Cipher mail is not used for incoming, but my outgoing setup is:
> 
> Outgoing email >> email server >> ciphermail server >> firewall >> internet
> 
> For some reason I think something is getting clogged up on CM server. I
> have the email server (postfix) setup with a relayhost, so it will forward
> all mails to the ciphermail server. The "locality" setting on my server is
> "external" - does this matter? It's behind our firewall and should only be
> sending mail off from our internal mail server.
> 
> I had it on in the morning and the others told me they are getting a lot of
> bouncebacks. I have a feeling this is because of the SFP records but I want
> to make sure the server is setup properly.
> 
> The OTP you helped me with works now also, thank you!
> 
> Everything is inherited from global also.

Once the email has been handled by the back-end (MPA), the email is
handed over to the MTA (Postfix). The MTA is responsible for delivering
the email. If the email is not delivered you should check the MTA logs
to see why. There can be a number of reasons why the recipients mail
server won't accept email: your IP address might be dynamic (i.e., some
consumer type ISP), there is no IP reverse name for your IP address, the
reverse IP name is not the same as the SMTP helo name. your IP might be
black-listed.

Solving this does not involve making changes in the CipherMail global
settings. The only change in CipherMail that influences delivery is the
MTA helo name.

Could you sent some MTA logs showing which mails were not delivered?

What is the IP address the CipherMail gateway is using?

Kind regards,

Martijn Brinkers


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] HTML Notifications

[Martijn Brinkers via Users]

On 06/20/2017 02:19 AM, Paul Bronson via Users wrote:
> hi,
> 
> I'd like to add some HTML into mt OTP notifications. Is this possible? I
> have tried inserted and it gives me a big exception into MPA.

The email template should be a valid email with the correct encoding and
can contain anything a normal valid email can contain. The template is
handled by the freemarker template tool (http://freemarker.org/). You
should therefore be careful that the template keeps the freemarker
markup and that the markup is valid.

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Encryption Issue

[Martijn Brinkers via Users]

On 06/19/2017 04:11 AM, Paul Bronson via Users wrote:
> Hi All,
> 
> I setup a new Ciphermail server and am getting some errors.
> 
> Everything works except for the fact that I have my internal mail server
> relaying to the cipher mail server for PDF encryption but I am getting the
> following error:
> 
> PDF encryption is disabled for the sender
> 
> I have the following enabled: http://i63.tinypic.com/esuqma.png
> 
> The configuration settings are extremely confusing. I want all mail NOT to
> be encryption EXCEPT for the subject tag set to [encrypt]
> 
> If thats set, the message should get encrypted.
> 
> Can someone help me out with which settings I need to turn on and off?

The MPA log should tell you why the email was not encrypted. The entry
"PDF encryption is disabled for the sender" from the log more or less
tells you why it was not encrypted :)

From your screenshot it looks like "PDF enabled" is not checked and
therefore disabled (hence the message in the log).

Some (most?) settings are sender *and* recipient settings, i.e., they
are checked for the sender and recipient(s). The main reason for this is
that this provides the greatest flexibility. You should therefore make
sure that changes are done for sender and recipients. The easiest to
accomplish this is to set the global settings because every user
inherits the global settings.

To configure PDF encryption with PDF with OTP password mode I suggest
the following steps

1. remove existing users and domains to make sure all settings are
inherited from global
2. Open the global settings page
3. Set all settings to inherit to start with a clean setup
4  Set "Encrypt Mode" to "No Encryption" (you want encryption off by
default unless encryption is triggered in some way)
5. select PDF "OTP enabled" (for OTP password mode)
6. Set "Encryption subject trigger" to [encrypt]
7. Select "Encryption subject trigger enabled"
8. Click Apply button
9. Click on "portal" link (the link to the right of S/MIME at the top of
the page)
10. On "Portal settings for global preferences" page set Base URL to:

https://192.168.88.126/web/portal

Where the IP should be replaced by the IP or fqdn of your server
11. Click Apply button

PDF encryption with OTP mode should now be enabled. Email will only be
encrypted if the subject contains the keyword [encrypt]

Setting up the different password modes for PDF encryption is explained
in the following guide

https://www.ciphermail.com/documents/html/pdf-encryption-setup-guide/

The PDF version
https://www.ciphermail.com/documents/pdf-encryption-setup-guide.pdf

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Experience and Implementation Guide for RSASSA-PSS / BDEW EDI Energy

[Martijn Brinkers via Users]

On 06/06/2017 11:16 AM, Martijn Brinkers via Users wrote:
> On 06/03/2017 01:06 AM, Wolfgang Krauss via Users wrote:
>> since the 1st of June RSASSA-PSS is mandatory to be used in the German
>> energy market for communication between market partners. What are your
>> operational and implementation experiences ?
>>
>> For S/MIME we are using AES128 / Encryption with RAES-PKCS-1-v1_5 and
>> signing algo. with RSA-PSS SHA512.
>> For PGP our setup is SHA512 and encryption AES-128.
> 
> The upcoming release of CipherMail has support for RSASSA-PSS and
> RSAES-OAEP with S/MIME which is now required with German edi@energy
> standard.

I forgot the link to the release candidate with support for RSASSA-PSS
and RSAES-OAEP

https://www.ciphermail.com/beta.html


Kind regards,

Martijn Brinkers


> Unfortunately support for RSASSA-PSS and RSAES-OAEP is not wide-spread.
> Most S/MIME clients do not support RSASSA-PSS and RSAES-OAEP. Outlook
> supports RSAES-OAEP but not RSASSA-PSS. Thunderbird does not support
> RSASSA-PSS nor RSAES-OAEP. OpenSSL support both RSAES-OAEP and RSASSA-PSS.


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Experience and Implementation Guide for RSASSA-PSS / BDEW EDI Energy

[Martijn Brinkers via Users]

On 06/03/2017 01:06 AM, Wolfgang Krauss via Users wrote:
> since the 1st of June RSASSA-PSS is mandatory to be used in the German
> energy market for communication between market partners. What are your
> operational and implementation experiences ?
> 
> For S/MIME we are using AES128 / Encryption with RAES-PKCS-1-v1_5 and
> signing algo. with RSA-PSS SHA512.
> For PGP our setup is SHA512 and encryption AES-128.

The upcoming release of CipherMail has support for RSASSA-PSS and
RSAES-OAEP with S/MIME which is now required with German edi@energy
standard.

Unfortunately support for RSASSA-PSS and RSAES-OAEP is not wide-spread.
Most S/MIME clients do not support RSASSA-PSS and RSAES-OAEP. Outlook
supports RSAES-OAEP but not RSASSA-PSS. Thunderbird does not support
RSASSA-PSS nor RSAES-OAEP. OpenSSL support both RSAES-OAEP and RSASSA-PSS.

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] rejected mail for []:25 loops back to myself

[Martijn Brinkers via Users]

On 05/13/2017 11:24 AM, Gabi Munteanu via Users wrote:
> Hi Martijn,
> While the gateway works great after setting it up between a Centos 7 based 
> email server and a firewall (Direct delivery setup), unfortunately after 
> trying to set it up between an exchange server and firewall I'm running into 
> a reject error (Recipient address rejected: unverified address: mail for 
> []:25 loops back to myself.)
> There are 2 exchange servers running in DAG with 1 ciphermail gateway 
> configured for each of the exchange servers. 
> At first I thought the hostname of the exchange servers are the same as the 
> ciphermail but they are different, as advised in the documentation the MTA 
> hostname is set to the fully qualified domain name of the external IP 
> address. Also there is no virus scanneror external relay server in the setup.
> Any idea what else I could be missing ?

The MTA logs should provide more information. Can you send the MTA logs?

Kind regards,

Martijn

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Pricing info for enterprise version

[Martijn Brinkers via Users]

On 05/09/2017 06:59 PM, Sebastian Nielsen via Users wrote:
> I recently sent a email with questions about pricing and availablity of the
> Enterprise/SME version of Ciphermail ( i...@ciphermail.com
>   ) .
> 
>  
> 
> Have not got a reply. How I do to reach out to Ciphermail about this?

My apologies for the delay. I have sent a reply to your request.

Kind regards,

Martijn Brinkers


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Does ciphermail support RSASSA-PSS?

[Martijn Brinkers via Users]

On 05/09/2017 06:50 PM, Andre Bürger via Users wrote:
> Does ciphermail support the signature scheme RSASSA-PSS (PKCS #1 v2.1)?
> And if so, how is it configured?
> 
> Since ciphermail version 2.5.0-04 there is support for S/MIME v3.2 as
> described in rfc5751. This RFC denotes RSASSA-PSS as "SHOULD+". I didn't
> find any reference to it in ciphermail documentation.

I forgot to add that even though S/MIME v3.2 says it should be
supported, to my knowledge no email client currently supports
RSASSA-PSS. Only really recent versions of OpenSSL support RSASSA-PSS
but Outlook, Thunderbird etc. do not support RSASSA-PSS nor RSAES-OAEP.
The upcoming CipherMail gateway does so will be able to use gateway to
gateway encryption/signing using RSASSA-PSS and RSAES-OAEP.

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Does ciphermail support RSASSA-PSS?

[Martijn Brinkers via Users]

On 05/09/2017 06:50 PM, Andre Bürger via Users wrote:
> Does ciphermail support the signature scheme RSASSA-PSS (PKCS #1 v2.1)?
> And if so, how is it configured?
> 
> Since ciphermail version 2.5.0-04 there is support for S/MIME v3.2 as
> described in rfc5751. This RFC denotes RSASSA-PSS as "SHOULD+". I didn't
> find any reference to it in ciphermail documentation.

At the moment this is not supported. At least not for sending. However
for the last couple of days we have been working on supporting
RSASSA-PSS and RSAES-OAEP since this is required by "EDI@Energy" (a
German standard). If you are interested I might be able to provide you
with a pre release version with support for RSASSA-PSS and RSAES-OAEP in
a couple of days.

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] HTML code in the body

[Martijn Brinkers via Users]

On 05/06/2017 08:34 PM, Gabi Munteanu via Users wrote:
> PGP/INLINE.
> Gabi

The problem with PGP/INLINE is that there is no standard support for
HTML mail. Engimail creates different PGP/INLINE encoded HTML mails than
PGP desktop (from Symantec). PGP desktop uses it's own non standard
approach (called PGP partitioned). If CipherMail needs to PGP encrypt or
PGP sign a message it will generate a message which can be handled by
PGP desktop and Enigmail. Unfortunately this creates a message where
there is an HTML part and a text part.

As discussed, if possible use PGP/MIME encoding. PGP/MIME leaves the
complete MIME structure intact. This is supported by most PGP clients.
Only use PGP/INLINE if a mail client does not support PGP/MIME.

Kind regards,

Martijn Brinkers

>   On Sat, 6 May 2017 at 20:32, Martijn Brinkers via 
> Users wrote:   On 05/06/2017 08:22 PM, Gabi Munteanu 
> via Users wrote:
>> Sorry for not mentioning this from the beginning, the email is sent
>> from an Outlook client, encrypted using the ciphermail gateway, then
>> the recipient is also using ciphermail as a gateway for decripting
>> the email and then reads it in Outlook. Best regards,Gabi
> 
> And is the message PGP/MIME or PGP/INLINE encoded?
> 
> Martijn
> 
>> On Sat, 6 May 2017 at 20:15, Martijn Brinkers via
>> Users wrote:  On 05/06/2017 08:09 PM, Gabi
>> Munteanu via Users wrote:
>>>
>>>
>>> Yes, I am using PGP encryption.The email client is Outlook. Best
>>> regards,Gabi
>>
>> But Outlook does not support PGP directly so you must be using some 
>> plugin. Which plugin?
>>
>> PGP desktop (from Symantec) ?
>>
>> Kind regards,
>>
>> Martijn Brinkers
>>
>>
>>> On Sat, 6 May 2017 at 20:02, Martijn Brinkers via
>>> Users wrote:  On 05/03/2017 10:08 AM, Gabi
>>> Munteanu via Users wrote:
>>>> Hello, Once an email(rich text or html) is being decripted the
>>>> html code is also added to the body of the message along with the
>>>> message itself. Any idea if that can be avoided somehow without
>>>> switching to plain text format? Thanks !
>>>
>>> Are you using PGP encryption? Which application was used to send
>>> the email?
>>>
>>> Kind regards,
>>>
>>> Martijn Brinkers
>>>
>>
>>
> 
> 


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] HTML code in the body

[Martijn Brinkers via Users]

On 05/06/2017 08:34 PM, Gabi Munteanu via Users wrote:
> PGP/INLINE.
> Gabi

Is there a reason you do not use PGP/MIME? PGP/MIME encrypts the
complete MIME structure and has the best support for HTML. For
PGP/INLINE there is no official support for HTML. If the receiving party
has a PGP client (like a CipherMail gateway) which can support PGP/MIME,
it's highly recommended to use PGP/MIME.

If some recipients do not support PGP/MIME you can select PGP/INLINE for
those recipients (or domains). If you insist on setting the global PGP
encoding to PGP/INLINE, you can also override it for some domains (to
PGP/MIME).

Note: I'm talking about the setting "PGP encoding to external". This is
for outgoing email to external recipients

Kind regards,

Martijn Brinkers

>   On Sat, 6 May 2017 at 20:32, Martijn Brinkers via 
> Users wrote:   On 05/06/2017 08:22 PM, Gabi Munteanu 
> via Users wrote:
>> Sorry for not mentioning this from the beginning, the email is sent
>> from an Outlook client, encrypted using the ciphermail gateway, then
>> the recipient is also using ciphermail as a gateway for decripting
>> the email and then reads it in Outlook. Best regards,Gabi
> 
> And is the message PGP/MIME or PGP/INLINE encoded?
> 
> Martijn
> 
>> On Sat, 6 May 2017 at 20:15, Martijn Brinkers via
>> Users wrote:  On 05/06/2017 08:09 PM, Gabi
>> Munteanu via Users wrote:
>>>
>>>
>>> Yes, I am using PGP encryption.The email client is Outlook. Best
>>> regards,Gabi
>>
>> But Outlook does not support PGP directly so you must be using some 
>> plugin. Which plugin?
>>
>> PGP desktop (from Symantec) ?
>>
>> Kind regards,
>>
>> Martijn Brinkers
>>
>>
>>> On Sat, 6 May 2017 at 20:02, Martijn Brinkers via
>>> Users wrote:  On 05/03/2017 10:08 AM, Gabi
>>> Munteanu via Users wrote:
>>>> Hello, Once an email(rich text or html) is being decripted the
>>>> html code is also added to the body of the message along with the
>>>> message itself. Any idea if that can be avoided somehow without
>>>> switching to plain text format? Thanks !
>>>
>>> Are you using PGP encryption? Which application was used to send
>>> the email?
>>>
>>> Kind regards,
>>>
>>> Martijn Brinkers
>>>
>>
>>
> 
> 


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] HTML code in the body

[Martijn Brinkers via Users]

On 05/06/2017 08:22 PM, Gabi Munteanu via Users wrote:
> Sorry for not mentioning this from the beginning, the email is sent
> from an Outlook client, encrypted using the ciphermail gateway, then
> the recipient is also using ciphermail as a gateway for decripting
> the email and then reads it in Outlook. Best regards,Gabi

And is the message PGP/MIME or PGP/INLINE encoded?

Martijn

> On Sat, 6 May 2017 at 20:15, Martijn Brinkers via
> Users wrote:   On 05/06/2017 08:09 PM, Gabi
> Munteanu via Users wrote:
>> 
>> 
>> Yes, I am using PGP encryption.The email client is Outlook. Best
>> regards,Gabi
> 
> But Outlook does not support PGP directly so you must be using some 
> plugin. Which plugin?
> 
> PGP desktop (from Symantec) ?
> 
> Kind regards,
> 
> Martijn Brinkers
> 
> 
>> On Sat, 6 May 2017 at 20:02, Martijn Brinkers via
>> Users wrote:  On 05/03/2017 10:08 AM, Gabi
>> Munteanu via Users wrote:
>>> Hello, Once an email(rich text or html) is being decripted the
>>> html code is also added to the body of the message along with the
>>> message itself. Any idea if that can be avoided somehow without
>>> switching to plain text format? Thanks !
>> 
>> Are you using PGP encryption? Which application was used to send
>> the email?
>> 
>> Kind regards,
>> 
>> Martijn Brinkers
>> 
> 
> 


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Restoring a backup from an old system fails: backup file to large

[Martijn Brinkers via Users]

On 05/06/2017 08:21 PM, Stefan Michael Guenther via Users wrote:
> -Ursprüngliche Nachricht-
>> Von:Martijn Brinkers via Users 
>> Gesendet: Sam 6 Mai 2017 19:53
>> An: users@lists.djigzo.com
>> Betreff: Re: [Djigzo users] Restoring a backup from an old system fails: 
>> backup file to large
>>
>> On 05/06/2017 07:49 PM, Stefan Günther via Users wrote:
>>> Hello,
>>>
>>> one of our clients is running a six year old Djigzo 2.3.1-7 (tar 
>>> installation)
>>>
>>> The backup creates a nice 58 MB tar backup file.
>>>
>>> But when we try to import the backup on a 3.2.7-5, (virtual appliance) we 
>>> get the error message "Restore failed. Message: Socket Exception: 
>>> Connection reset."
>>>
>>> /var/log/djigzo.log contains the following error:
>>>
>>> 06 May 2017 21:39:49 | ERROR Unexpected exception from downstream in Netty 
>>> servlet handler, due to: {0}.
>>> (org.apache.cxf.transport.http.netty.server.NettyHttpServletHandler) 
>>> [defaultEventExecutorGroup-4-3] 
>>> io.netty.handler.codec.TooLongFrameException: HTTP content length exceeded 
>>> 52428800 bytes.
>>> at 
>>> io.netty.handler.codec.http.HttpObjectAggregator.decode(HttpObjectAggregator.java:218)
>>> at 
>>> io.netty.handler.codec.http.HttpObjectAggregator.decode(HttpObjectAggregator.java:57)
>>> at 
>>> io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:89)
>>> at 
>>> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292)
>>> at 
>>> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278)
>>> at 
>>> io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277)
>>> at 
>>> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:372)
>>> at 
>>> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:245)
>>> at 
>>> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292)
>>> at 
>>> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278)
>>> at 
>>> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962)
>>> at 
>>> io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
>>> at 
>>> io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:528)
>>> at 
>>> io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:485)
>>> at 
>>> io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:399)
>>> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:371)
>>> at 
>>> io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)
>>> at 
>>> io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
>>> at java.lang.Thread.run(Thread.java:745)
>>>
>>> How can I raise the limit of 52428800 bytes or is there something in the 
>>> backup file that may savely be removed?
>>
>> What happens if you try to restore the backup from the console
>> application? (i.e., login with ssh, then select backup -> restore
>>
> THX, works!
> 
> But, the dialog window on the command line did not find/display the tar file.
> I had to enter the file name manually.

Hmm yes. Old versions created a .tar file. Newer version create .tar.gz
files (i.e., the backup is gzipped). The file filter only shows .tar.gz.
Since there is a workaround to support very old backups (multiple years
old), I'll leave it as is :)

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] HTML code in the body

[Martijn Brinkers via Users]

On 05/06/2017 08:09 PM, Gabi Munteanu via Users wrote:
> 
> 
> Yes, I am using PGP encryption.The email client is Outlook.
> Best regards,Gabi 

But Outlook does not support PGP directly so you must be using some
plugin. Which plugin?

PGP desktop (from Symantec) ?

Kind regards,

Martijn Brinkers


>   On Sat, 6 May 2017 at 20:02, Martijn Brinkers via 
> Users wrote:   On 05/03/2017 10:08 AM, Gabi Munteanu 
> via Users wrote:
>> Hello, Once an email(rich text or html) is being decripted the html
>> code is also added to the body of the message along with the message
>> itself. Any idea if that can be avoided somehow without switching to
>> plain text format? Thanks !
> 
> Are you using PGP encryption? Which application was used to send the email?
> 
> Kind regards,
> 
> Martijn Brinkers
> 


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] HTML code in the body

[Martijn Brinkers via Users]

On 05/03/2017 10:08 AM, Gabi Munteanu via Users wrote:
> Hello, Once an email(rich text or html) is being decripted the html
> code is also added to the body of the message along with the message
> itself. Any idea if that can be avoided somehow without switching to
> plain text format? Thanks !

Are you using PGP encryption? Which application was used to send the email?

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Restoring a backup from an old system fails: backup file to large

[Martijn Brinkers via Users]

On 05/06/2017 07:49 PM, Stefan Günther via Users wrote:
> Hello,
> 
> one of our clients is running a six year old Djigzo 2.3.1-7 (tar installation)
> 
> The backup creates a nice 58 MB tar backup file.
> 
> But when we try to import the backup on a 3.2.7-5, (virtual appliance) we get 
> the error message "Restore failed. Message: Socket Exception: Connection 
> reset."
> 
> /var/log/djigzo.log contains the following error:
> 
> 06 May 2017 21:39:49 | ERROR Unexpected exception from downstream in Netty 
> servlet handler, due to: {0}.
> (org.apache.cxf.transport.http.netty.server.NettyHttpServletHandler) 
> [defaultEventExecutorGroup-4-3] 
> io.netty.handler.codec.TooLongFrameException: HTTP content length exceeded 
> 52428800 bytes.
> at 
> io.netty.handler.codec.http.HttpObjectAggregator.decode(HttpObjectAggregator.java:218)
> at 
> io.netty.handler.codec.http.HttpObjectAggregator.decode(HttpObjectAggregator.java:57)
> at 
> io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:89)
> at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292)
> at 
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278)
> at 
> io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277)
> at 
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:372)
> at 
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:245)
> at 
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292)
> at 
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278)
> at 
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962)
> at 
> io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
> at 
> io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:528)
> at 
> io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:485)
> at 
> io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:399)
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:371)
> at 
> io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)
> at 
> io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
> at java.lang.Thread.run(Thread.java:745)
> 
> How can I raise the limit of 52428800 bytes or is there something in the 
> backup file that may savely be removed?

What happens if you try to restore the backup from the console
application? (i.e., login with ssh, then select backup -> restore

Kind regards,

Martijn

-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

[Djigzo users] New release of the CipherMail gateway (3.2.7-5)

[Martijn Brinkers via Users]

A new version of the CipherMail email encryption gateway has been
released (3.2.7-5)

Release notes:

New

* IsSMIMEDeepScan matcher added. The IsSMIMEDeepScan matcher can be
  used to detect whether the email is S/MIME and/or whether the email
  contains an attached message (message/rfc822) which is S/MIME.
* Add special header to the message if the message could not be
  decrypted (S/MIME or PGP) because there was no suitable decryption
  key for the message.
* CertStore command line tool added which can be used to manage the
  certificate store from the command line.  CertManager command line
  tool is removed because it's functionality is replaced by the
  CertStore tool.
* SMTPSink command line tool added which can be used to test incoming
  email.
* CheckKeyStore command line too added which can be used to check
  whether keys are accessible (only used when using an HSM for secure
  key storage).
* conf/spring/spring.properties.d directory added from which properties
  files are read. This allows you to use ${...} placeholders in spring
  xml config files which will be replaced by the values defined in the
  properties files. This allows for easier configuration without having
  to change any xml file.
* REST service API added [enterprise only]
* Respool option added. This can for example be used to retry to
  decrypt a message which could not be decrypted because the private
  key was not available when the message was received [enterprise only]
* Meta certificate request resolver added which can be used to try
  multiple certificate request resolvers in succession until one
  returns a valid Distinguished Name (DN) for the certificate request
  [enterprise only]
* Static certificate request resolver added. This allows you to specify
  a static mapping from domain or email address to Distinguished Name
  (DN) parameters [enterprise only]
* Milter added which can check the MTA queue size and temp error (450)
  if MTA queue size exceeds the max size. This can for example be used
  in a clustered setup to refuse incoming connections if a server is
  too busy [enterprise only]
* Thales (nCipher) HSM can now be used in clustered mode where the HSM
  keys are replicated between nodes of the cluster [enterprise only]
* "On demand key store" added. This key store can be extended with
  client code to retrieve decryption keys on demand from external
  resources (for example an external key store) [enterprise only]

Bugs/Improvements/Changes

* Every CRL is now imported in a separate transaction instead of one
  transaction containing all new CRLs. This improves memory usage and
  makes it less likely that the transaction is rolled back in a
  clustered setup because the CRL was already imported on another node.
* A "do nothing" post-smime-incoming processor added. This can be used
  to dynamically add new mail rules without having to change the xml
  config file.
* CLI command line tool functionality added to manage users.
* Some libraries (jar files) updated.
* PDF encryption now supports deep scanning which scans the complete
  MIME message (this fixes bug GATEWAY-89)
* system.trustAnchorBuilder.updateCheckInterval changed from 30 min to
  5 min. This was needed to make sure that in a clustered setup the
  cached list of root certificates is automatically refreshed every 5
  min (was 30 min).
* Because some NIO classes are now used, Java 7 or up is now required.
* Postgres NOCREATEUSER NOCREATEDB is no longer used in the
  installation scripts. In Postgres 9.6 NOCREATEUSER is no longer
  supported (this fixes bug GATEWAY-108)
* The "installation guide" is renamed to "installation-reference-guide"
  and the "quick install guide" is renamed to "installation guide".
* Support for SLES 12 added.

Upgrade guide can be downloaded from:

http://www.ciphermail.com/documents/upgrade-guide.pdf

Kind regards,

Martijn Brinkers

-- 
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

http://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users