Re: [Djigzo users] DKIM Signing that flows through Ciphermail

2018-01-09 Thread Paul Bronson via Users 
The email server is signing message but it seems like as soon as it passes
through cipher mail, it strips the DKIM signature.

Screenshot for current configuration:https://cl.ly/1i3C232s151e


On Tue, Jan 9, 2018 at 10:43 AM, Martijn Brinkers 
wrote:

> On 09-01-18 16:42, Paul Bronson wrote:
> > @martijn are you sure this allows it to pass right through with the
> > settings configured above? (inherit - off)
> >
> > It doesnt seem to want to pass through...
>
> What do you mean with "pass through"? meaning the message is not DKIM
> signed? Or the message is not delivered?
>
> Kind regards,
>
> Martijn Brinkers
>
>
> > On Tue, Jan 9, 2018 at 10:30 AM, Paul Bronson  > > wrote:
> >
> > I have a plesk server that is setup to send DKIM-signed messages.
> > This worked previous to putting in ciphermail.
> >
> > There are many domains on my plesk server sending emails.
> >
> > Do I need to setup something on Ciphermail to allow it to pass
> through?
> >
> > Screenshot for current configuration:https://cl.ly/1i3C232s151e
> >
> >
> >
> > Remember, there are multiple domains on the email server behind the
> > ciphermail that is sending email that needs to keep it's DKIM
> signature
> >
> >
>
>
> --
> CipherMail email encryption
>
> Email encryption with support for S/MIME, OpenPGP, PDF encryption and
> secure webmail pull.
>
> https://www.ciphermail.com
>
> Twitter: http://twitter.com/CipherMail
>
>
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

[Djigzo users] DKIM Signing that flows through Ciphermail

2018-01-09 Thread Paul Bronson via Users 
I have a plesk server that is setup to send DKIM-signed messages. This
worked previous to putting in ciphermail.

There are many domains on my plesk server sending emails.

Do I need to setup something on Ciphermail to allow it to pass through?

Screenshot for current configuration:https://cl.ly/1i3C232s151e



Remember, there are multiple domains on the email server behind the
ciphermail that is sending email that needs to keep it's DKIM signature
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

[Djigzo users] DKIM

2018-01-09 Thread Paul Bronson via Users 
if my mail server behind my cipher mail server is signing DKIM, does cipher
mail strip it?
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] DKIM

2016-03-27 Thread Matthias Henze 

Am 27.03.2016 um 16:29 schrieb Martijn Brinkers:

On 03/27/2016 04:07 PM, Matthias Henze wrote:

my first approach with "opendkim" does not work as "opendkim" uses
milter and Ciphermail is a content filter. Milters are applied before
content filters and the s/Mime signature modifies the body of the mail
with the signature. This invalidates the DKIM signature. Took ma a day
to figure this out as I was not aware of the described processing order.
Finally I found this out just by reading the (previously ignored)
headlines of http://www.postfix.org/FILTER_README.html and
www.postfix.org/MILTER_README.html :-)


Adding the DKIM milter on the reinjection port(s) should work. After
handling the mail (i.e., encryption/decryption etc), the back-end sends
the mail back to postfix on a "reinjection port" (port 10026).

I haven't tested it but the following might work:

See the following line in master under the 127.0.0.1:10026 section:

-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters

You should change this line to something like:

-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,smtpd_milters=REPLACEWITHDKIMMILTER

This should enable the DKIM milet after the message has been
encryped/decrypted/signed.

Again, I have not tested this but this should work (might some minimal
changes though)


Interesting .. thanks for your reply.



Then again, you suggestion of using dkimproxy is also a good alternative
until DKIM support has been added to CipherMail*.

Kind regards,

Martijn Brinkers

* "native" DKIM support is basically working but not enabled for all
SMTP outgoing mail. We will see whether we can make it possible to
enable this for all outgoing email.


Is there a timeline for new releases and a list of planed features.

A nice feature would be some thing like this:

http://www.dropsend.com/
http://emaillargefile.com/
http://www.filemail.com/

This: https://www.nospamproxy.de/en/ offers this feature.  There are 
several ways to use it. It requires that a web portal is accessible from 
the Internet. On way is to tell the software to detach the attachments 
of mails, store them and generate a mail for the recipient with a link 
for the download. You also can generate a mail which allows the 
recipient to upload a file, and write a comment. Then you get notified 
by mail and you can download it with a generated link.


Just an idea for a enhancement :-)

cheers
Matthias


--

MHC SoftWare GmbH
Fichtera 17  
96274 Itzgrund/Germany   


voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: i...@mhcsoftware.de

HR Coburg: B2242
Geschaeftsfuehrer: Matthias Henze



___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] DKIM

2016-03-27 Thread Martijn Brinkers 
On 03/27/2016 04:07 PM, Matthias Henze wrote:
> my first approach with "opendkim" does not work as "opendkim" uses
> milter and Ciphermail is a content filter. Milters are applied before
> content filters and the s/Mime signature modifies the body of the mail
> with the signature. This invalidates the DKIM signature. Took ma a day
> to figure this out as I was not aware of the described processing order.
> Finally I found this out just by reading the (previously ignored)
> headlines of http://www.postfix.org/FILTER_README.html and
> www.postfix.org/MILTER_README.html :-)

Adding the DKIM milter on the reinjection port(s) should work. After
handling the mail (i.e., encryption/decryption etc), the back-end sends
the mail back to postfix on a "reinjection port" (port 10026).

I haven't tested it but the following might work:

See the following line in master under the 127.0.0.1:10026 section:

-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters

You should change this line to something like:

-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,smtpd_milters=REPLACEWITHDKIMMILTER

This should enable the DKIM milet after the message has been
encryped/decrypted/signed.

Again, I have not tested this but this should work (might some minimal
changes though)

Then again, you suggestion of using dkimproxy is also a good alternative
until DKIM support has been added to CipherMail*.

Kind regards,

Martijn Brinkers

* "native" DKIM support is basically working but not enabled for all
SMTP outgoing mail. We will see whether we can make it possible to
enable this for all outgoing email.


> 
> See https://wiki.mhcsoftware.de/postfix_dkim_support (sorry, German) for
> details.
> 
> cheers
> Matthias
> 
> 
> 
> Am 24.03.2016 um 20:35 schrieb Matthias Henze:
>> Hi,
>>
>> my mail server (Kerio) can apply DKIM signatures. Piping DKIM signed
>> mails through Ciphermail disrupts the validity of the DKIM signatures.
>> Postfix on the Ciphermail server has to apply the DKIM signature after
>> the mail was processd by Ciphermail. This could be achieved by following
>> these howtos:
>>
>> https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
>>
>>
>>
>> http://unixwars.blogspot.de/2015/01/8bitmime-and-dkim-body-authentication.html
>>
>>
>>
>> The second is required at my site because without it mails sent by
>> Thunderbird fail validation by remote servers. My master.cf now looks
>> like this:
>>
>>
>> smtp  inet  n   -   -   -   -   smtpd
>>  -o
>> message_size_limit=${djigzo_before_filter_message_size_limit}
>>  -o content_filter=smtp-downconvert:127.0.0.1:10026
>> pickupfifo  n   -   -   60  1   pickup
>> ...
>> ...
>> ...
>> # cleanup for reinject so we can set the hopcount_limit differently for
>> the reinjection port
>> cleanup_reinject unix  n   -   -   -   0   cleanup
>>  -o hopcount_limit=100
>>
>> smtp-downconvert  unix-   -   -   -   2   smtp
>> -o smtp_discard_ehlo_keywords=8bitmime,silent-discard
>>
>> 127.0.0.1:10026 inet  n   -   n   -   10  smtpd
>>  -o content_filter=
>> ...
>> ...
>> ...
>>
>>
>> Suggestion: Add a DKIM config option to Ciphermail :-)
>>
>> cheers
>> Matthias
>>
>>
> 
> 


-- 
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] DKIM

2016-03-27 Thread Matthias Henze 

Hi,

my first approach with "opendkim" does not work as "opendkim" uses 
milter and Ciphermail is a content filter. Milters are applied before 
content filters and the s/Mime signature modifies the body of the mail 
with the signature. This invalidates the DKIM signature. Took ma a day 
to figure this out as I was not aware of the described processing order. 
Finally I found this out just by reading the (previously ignored) 
headlines of http://www.postfix.org/FILTER_README.html and 
www.postfix.org/MILTER_README.html :-)


See https://wiki.mhcsoftware.de/postfix_dkim_support (sorry, German) for 
details.


cheers
Matthias



Am 24.03.2016 um 20:35 schrieb Matthias Henze:

Hi,

my mail server (Kerio) can apply DKIM signatures. Piping DKIM signed
mails through Ciphermail disrupts the validity of the DKIM signatures.
Postfix on the Ciphermail server has to apply the DKIM signature after
the mail was processd by Ciphermail. This could be achieved by following
these howtos:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy


http://unixwars.blogspot.de/2015/01/8bitmime-and-dkim-body-authentication.html


The second is required at my site because without it mails sent by
Thunderbird fail validation by remote servers. My master.cf now looks
like this:


smtp  inet  n   -   -   -   -   smtpd
 -o
message_size_limit=${djigzo_before_filter_message_size_limit}
 -o content_filter=smtp-downconvert:127.0.0.1:10026
pickupfifo  n   -   -   60  1   pickup
...
...
...
# cleanup for reinject so we can set the hopcount_limit differently for
the reinjection port
cleanup_reinject unix  n   -   -   -   0   cleanup
 -o hopcount_limit=100

smtp-downconvert  unix-   -   -   -   2   smtp
-o smtp_discard_ehlo_keywords=8bitmime,silent-discard

127.0.0.1:10026 inet  n   -   n   -   10  smtpd
 -o content_filter=
...
...
...


Suggestion: Add a DKIM config option to Ciphermail :-)

cheers
Matthias





--

MHC SoftWare GmbH
Fichtera 17  
96274 Itzgrund/Germany   


voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: i...@mhcsoftware.de

HR Coburg: B2242
Geschaeftsfuehrer: Matthias Henze



___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

[Djigzo users] DKIM

2016-03-24 Thread Matthias Henze 

Hi,

my mail server (Kerio) can apply DKIM signatures. Piping DKIM signed 
mails through Ciphermail disrupts the validity of the DKIM signatures. 
Postfix on the Ciphermail server has to apply the DKIM signature after 
the mail was processd by Ciphermail. This could be achieved by following 
these howtos:


https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy

http://unixwars.blogspot.de/2015/01/8bitmime-and-dkim-body-authentication.html

The second is required at my site because without it mails sent by 
Thunderbird fail validation by remote servers. My master.cf now looks 
like this:



smtp  inet  n   -   -   -   -   smtpd
-o 
message_size_limit=${djigzo_before_filter_message_size_limit}

-o content_filter=smtp-downconvert:127.0.0.1:10026
pickupfifo  n   -   -   60  1   pickup
...
...
...
# cleanup for reinject so we can set the hopcount_limit differently for 
the reinjection port

cleanup_reinject unix  n   -   -   -   0   cleanup
-o hopcount_limit=100

smtp-downconvert  unix-   -   -   -   2   smtp
   -o smtp_discard_ehlo_keywords=8bitmime,silent-discard

127.0.0.1:10026 inet  n   -   n   -   10  smtpd
-o content_filter=
...
...
...


Suggestion: Add a DKIM config option to Ciphermail :-)

cheers
Matthias


--

MHC SoftWare GmbH
Fichtera 17  
96274 Itzgrund/Germany   


voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: i...@mhcsoftware.de

HR Coburg: B2242
Geschäftsführer: Matthias Henze



___
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users