A Medium between Allow and No Encryption?

Gateway
1

Hello,

I'm looking for an option like "Encrypt if Certificate is available" which I could set as a default.
It should work like this:

Internal User sends to external (no Cert) -> unencrypted
Internal User sends to external (with Cert) -> encrypted (S/MIME)
Internal User sends to external (no Cert) using crypt-Keyword in Subject -> encrypted (PDF)
Internal User sends to external (with Cert) using crypt-Keyword in Subject -> encrypted (SMIME)

I can't see a way to do this atm, or is it possible?

Regards,
Christian

2

Hi Christian,

This is currently not supported 'out of the box' but you can get the
desired behavior by locally modifying an XML configuration file.

The configuration file (/usr/share/djigzo/conf/james/SAR-INF/config.xml)
determines how mail is handled by the system. If I understand your
requirements, you want the system to only use PDF encryption if
encryption is mandatory. This allows you to setup for example a PDF
password, but PDF encryption will only be used if encryption is
mandatory (if the subject keyword is found, the 'must encrypt' is set).

By default, in "allow" mode, encryption will be done if possible. So, if
you setup a PDF password, it is possible to encrypt and therefore all
email will be encrypted. To make the system do what you want, you need
to add a check to skip PDF encryption if encryption is not mandatory.

The easiest way to accomplish this is by added a check for
"runtime.mustEncrypt" just before PDF encryption and bail out if
runtime.mustEncrypt is not set:

<mailet
match="MailAttributeEvaluator=matchOnError=false,#{runtime.mustEncrypt}!='true'"

        class="GotoProcessor">
    <processor> checkMustEncrypt </processor>
</mailet>

This part should be added just after

<processor name="checkPDFEncrypt">
    <mailet match="All" class="Log">
        <comment> checkPDFEncrypt </comment>
    </mailet>
...... <-------- add here

I have tested this and with this check PDF encryption is only enabled
when the subject contains the keyword (or if some other setting set must
encrypt to true).

To make it easier for you to see what I have added, I have attached the
modified config.xml document.

You can replace the existing config.xml (found in
/usr/share/djigzo/conf/james/SAR-INF) with this new one and restart
(don't forget to create a backup of the existing one)

Hope this helps,

Kind regards,

Martijn Brinkers

PS. it might be helpful if you add a feature request for some extra GUI
option to https://jira.djigzo.com/

config.xml (78.3 KB)

ยทยทยท

On 06/14/2011 04:31 PM, Merz, Christian wrote:

I'm looking for an option like "Encrypt if Certificate is available" which I could set as a default.
It should work like this:

Internal User sends to external (no Cert) -> unencrypted
Internal User sends to external (with Cert) -> encrypted (S/MIME)
Internal User sends to external (no Cert) using crypt-Keyword in Subject -> encrypted (PDF)
Internal User sends to external (with Cert) using crypt-Keyword in Subject -> encrypted (SMIME)

I can't see a way to do this atm, or is it possible?

--
Djigzo open source email encryption