On 11-01-18 23:10, Craig Andrews wrote: > That did it. I had originally set up the domain as internal. Eventually > I moved the Global settings to match in an attempt at troubleshooting. I > moved them both to external and the mail is now signed. > > Outlook is showing "This message has been tampered with" which is an > issue I had when attempting to write a solution in Python, though I > don't know that this is a ciphermail issue.
A messages signed by CipherMail should not result in a tampered email. Could it be that there is some SMTP service after signing that modifies the message? (like for example adding a banner) Can you send me a signed email (off list) so I can check whether the signature is valid? Kind regards, Martijn Brinkers > On Thu, Jan 11, 2018 at 9:38 PM, Martijn Brinkers > <mart...@ciphermail.com <mailto:mart...@ciphermail.com>> wrote: > > On 11-01-18 22:25, Craig Andrews wrote: > > > > Hi Martijn, > > > > I just sent this test email via the ciphermail web ui > > > > 11 Jan 2018 21:18:08 | INFO incoming; MailID: > > acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [us...@domain.tld]; > > Originator: us...@domain.tld; Sender: <>; Remote address: 127.0.0.1; > > Subject: test mail [sign]; Message-ID: > > <477865062.0.1515705488493.javamail.tomc...@ciphermail.internal.tld>; > > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] > > 11 Jan 2018 21:18:09 | INFO Subject filter is disabled for the sender; > > MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: > > [us...@domain.tld] (mitm.application.djigzo.james.mailets.Default) > > [Spool Thread #0] > > 11 Jan 2018 21:18:09 | INFO To internal recipient(s); MailID: > > acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [us...@domain.tld] > > (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0] > > 11 Jan 2018 21:18:09 | INFO Message handling is finished. Sending to > > final recipient(s); MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077; > > Recipients: [us...@domain.tld]; Originator: us...@domain.tld; Sender: > > <>; Remote address: 127.0.0.1; Subject: test mail [sign]; Message-ID: > > <477865062.0.1515705488493.javamail.tomc...@ciphermail.internal.tld>; > > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0] > > The recipient is considered to be an internal user. Email sent to > internal users follow the decryption pipeline and email sent to external > recipient follow the encryption pipeline. You either configured the > global settings, a domain or a user as being in internal users. This is > normal for the domain you receive email for because those emails in > typical setups need to be decrypted. All other user, the email addresses > for which you want to sign and/or encrypt need to be external. So, you > either sent a message to a valid internal recipient or you accidentally > mis-configured the Locality of the global settings/domain or user. > > Kind regards, > > Martijn Brinkers > > > > On Thu, Jan 11, 2018 at 6:15 PM, Martijn Brinkers via Users > > <users@lists.djigzo.com <mailto:users@lists.djigzo.com> > <mailto:users@lists.djigzo.com <mailto:users@lists.djigzo.com>>> wrote: > > > > On 11-01-18 19:09, Craig Andrews via Users wrote: > > > Hello, > > > I have two test users, both with valid root, intermediate, and > > personal > > > certs with the correct usage entitlements. Both certificates > have a > > > white, valid background, > > > > > > For the two users, I have their S/MIME certificates selected > in their > > > profile for signing and encryption (though I'm only trying > to get > > > signing to work at the moment). I have both forced signing > via header > > > "X-Sign" and subject signing via the example in the > documentation ( > > > (?i)\[\s*sign\s*\] ). I am using this script to test both > the subject > > > and header, and Thunderbird to test the subject by sending a > mail via > > > ciphercrypt. > > > > > > #!/usr/bin/env python > > > import smtplib > > > from email.MIMEMultipart import MIMEMultipart > > > from email.MIMEText import MIMEText > > > > > > > > > fromaddr = "us...@domain.tld" > > > toaddr = "us...@domain.tld" > > > msg = MIMEMultipart() > > > msg['From'] = fromaddr > > > msg['To'] = toaddr > > > msg['Subject'] = "mail subject [sign]" > > > msg['X-Sign'] = "" > > > > > > body = "dummy body message" > > > msg.attach(MIMEText(body, 'plain')) > > > > > > server = smtplib.SMTP('ciphermail.domain.tld', 25) > > > server.ehlo('ciphermail.domain.tld') > > > text = msg.as_string() > > > server.sendmail(fromaddr, toaddr, text) > > > server.quit() > > > > > > > > > I receive the email in the destination inbox, however, it is > never > > > signed. I can verify from the headers that the "X-Sign" > header is > > > present in the email. Currently the MTA/MPA isn't giving a > lot of > > > information to debug. I can see the mail passing through, > but there is > > > no mention of an attempt for any extra processing. I was > wondering > > what > > > options in logging I can turn on to help debug this issue. > > > > Hi Craig, > > > > Can you send the relevant lines from the MPA log? The easiest > is to > > filter on the MailID value (which is shown as a green GUID, > looking > > similar to MailID: 28dde42b-3de0-4d8e-bc99-e0b32c8a00b3). > Every email > > gets an unique MailID value. This makes it easier to filter > out the > > relevant lines for an email. > > > > Kind regards, > > > > Martijn Brinkers > > > > > > -- > > CipherMail email encryption > > > > Email encryption with support for S/MIME, OpenPGP, PDF > encryption and > > secure webmail pull. > > > > https://www.ciphermail.com > > > > Twitter: http://twitter.com/CipherMail > > > > _______________________________________________ > > Users mailing list > > Users@lists.djigzo.com <mailto:Users@lists.djigzo.com> > <mailto:Users@lists.djigzo.com <mailto:Users@lists.djigzo.com>> > > https://lists.djigzo.com/lists/listinfo/users > <https://lists.djigzo.com/lists/listinfo/users> > > <https://lists.djigzo.com/lists/listinfo/users > <https://lists.djigzo.com/lists/listinfo/users>> > > > > > > > -- > CipherMail email encryption > > Email encryption with support for S/MIME, OpenPGP, PDF encryption and > secure webmail pull. > > https://www.ciphermail.com > > Twitter: http://twitter.com/CipherMail > > -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users