Dear Martijn,
unfortunately I didn't keep the downloaded appliance, so I can't really tell
what version of your appliance is in use actually. I installed it at the end
of 2018.
Thanks for the hint to set the default to 'No encryption'. I did apply that
setting and also explicitly applied it again in the settings for out domain,
but the appliance still encrypts any mail I send to myself (using OWA, so no
client encryption/signng involved).
So what I have is:
- Settings/Encrypt Mode = 'No Encryption'
- Settings/Encryption subject trigger/Trigger = "[encrypt|secure]"
- Settings/Encryption subject trigger/Enabled = checked
- Settings/Encryption subject trigger/Regular expr. = checked
- Settings/Encryption subject trigger/Remove match = checked
Still the appliance tries (and succeeds) to S/MIME sign an empty mail end
encrypts it all along (Signing would be OK but encrypting is not)
08 Jul 2019 08:41:25 | INFO incoming; MailID:
5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [d.bonengel(a)bios-tec.de];
Originator: administrator(a)domain.de; Sender: Administrator(a)domain.de; Remote
address: 10.183.120.33; Subject: ; Message-ID:
<f63ce040f1134deb91aca057abbbf3a4(a)domain.de>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #3]
08 Jul 2019 08:41:25 | INFO Subject filter is disabled for the sender;
MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients:
[d.bonengel(a)bios-tec.de] (mitm.application.djigzo.james.mailets.Default)
[Spool Thread #3]
08 Jul 2019 08:41:25 | INFO To external recipient(s); MailID:
5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [d.bonengel(a)bios-tec.de]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]
08 Jul 2019 08:41:25 | INFO DLP is disabled for the sender; MailID:
5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [d.bonengel(a)bios-tec.de]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]
08 Jul 2019 08:41:25 | INFO "force encrypt header trigger" is disabled for
the sender; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients:
[d.bonengel(a)bios-tec.de] (mitm.application.djigzo.james.mailets.Default)
[Spool Thread #3]
08 Jul 2019 08:41:25 | INFO "encrypt mode" is "no encryption" for the
sender; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients:
[d.bonengel(a)bios-tec.de] (mitm.application.djigzo.james.mailets.Default)
[Spool Thread #3]
08 Jul 2019 08:41:25 | INFO Force signing header not allowed for sender;
MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients:
[d.bonengel(a)bios-tec.de] (mitm.application.djigzo.james.mailets.Default)
[Spool Thread #3]
08 Jul 2019 08:41:25 | INFO "sign subject trigger" is disabled for the
sender; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients:
[d.bonengel(a)bios-tec.de] (mitm.application.djigzo.james.mailets.Default)
[Spool Thread #3]
08 Jul 2019 08:41:26 | INFO Check for sender signing certificate and
request one if required; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563;
Recipients: [d.bonengel(a)bios-tec.de]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]
08 Jul 2019 08:41:26 | INFO Trying to S/MIME sign the message; MailID:
5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [d.bonengel(a)bios-tec.de]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]
08 Jul 2019 08:41:26 | INFO Message was S/MIME signed. Signing algorithm:
SHA256WithRSAEncryption; Sign mode: clear; MailID:
5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [d.bonengel(a)bios-tec.de]
(mitm.application.djigzo.james.mailets.SMIMESign) [Spool Thread #3]
08 Jul 2019 08:41:26 | INFO DKIM signing is disabled for the sender;
MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients:
[d.bonengel(a)bios-tec.de] (mitm.application.djigzo.james.mailets.Default)
[Spool Thread #3]
08 Jul 2019 08:41:26 | INFO Message handling is finished. Sending to final
recipient(s); MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients:
[d.bonengel(a)bios-tec.de]; Originator: administrator(a)domain.de; Sender:
Administrator(a)domain.de; Remote address: 10.183.120.33; Subject: ;
Message-ID: <f63ce040f1134deb91aca057abbbf3a4(a)domain.de>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #3]
···
-----Ursprüngliche Nachricht-----
Von: Users <users-bounces(a)lists.ciphermail.com> Im Auftrag von Martijn
Brinkers via Users
Gesendet: Freitag, 5. Juli 2019 15:13
An: users(a)lists.ciphermail.com
Betreff: Re: Can't undo settings for domain or user
Hi,
See my comments inline:
ciphermail-appliance-centos-community-1.2.0-0.noarch
This is an rpm. I guess you mean version
ciphermail-community-virtual-appliance-4.3.0-1?
Now, the customer asked me to go back an not force encryption, but
make it an option using the Subject Line trigger. I changed the
settings for the domain in question backup to Encryp Mode = Allow
etc.
But as it seems, the appliance doesnt care and continues to encrypt
mails wether a trigger sentence is used or not.
Encrypt mode "Allow" means, "Encrypt if possible". If you want encryption to
be off by default unless encryption is forced (for example by some trigger)
you should set Encrypt Mode to "No Encryption".
The documentation for the gateway has recently been updated.
https://www.ciphermail.com/documentation/adminguide/
It now also contains a full state diagram. Although is large and might look
scary at first, it gives a good overview of all the decision steps taken by
the gateway. Start at the beginning an answer every question along the way.
https://www.ciphermail.com/documentation/diagrams/ciphermail-gateway-state-d
iagram.html
Kind regards,
Martijn Brinkers
On 05-07-19 14:56, dirk bonengel | bios-tec via Users wrote:
Hi there,
Im a new user of Ciphermail (the VA variant, running
ciphermail-appliance-centos-community-1.2.0-0.noarch), installed it
recently with a customers network, works fine so far, awesome piece
of software.
Today however I stumbled on something that might be a bug (or Im
simply doing things wrong)
This is what I did:
* Set up Cipermail, creating a CA etc.pp. and set the Global
Preferences to use a trigger to encrypt mails with S/MIME, i.e.
Encrypt Mode = Allow, S/MIME enabled, Set up a trigger regular
expression, enabled that one and check Remove match * Then I added
an external domain, set the Encryption Mode to mandatory. For
testing purposesm this external domain happened to be that of our
company * This worked fine, each mail I sent me an my colleagues were
signed and encrypted. * Following that, I added another, productive
domain (example.com) as I was told
Now, the customer asked me to go back an not force encryption, but
make it an option using the Subject Line trigger. I changed the
settings for the domain in question backup to Encryp Mode = Allow
etc.
But as it seems, the appliance doesnt care and continues to encrypt
mails, wether a trigger sentence is used or not.
Im clearly lost. What am I doing wrong?
Mit freundlichen Grüßen,
Dirk Bonengel
<mailto:d.bonengel(a)bios-tec.de> d.bonengel(a)bios-tec.de
<tel:+4989416127717> +49 (0)89 4161 277-17
<https://www.bios-tec.de/>
<https://www.bios-tec.de/> bios-tec GmbH |
<mailto:info(a)bios-tec.de> info(a)bios-tec.de | Nymphenburger Str.
13 | 80335 München | <https://www.bios-tec.de/impressum>
Impressum
_______________________________________________ Users mailing list
Users(a)lists.ciphermail.com
https://lists.ciphermail.com/mailman/listinfo/users
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure
webmail pull.
W: https://www.ciphermail.com/
E: info(a)ciphermail.com
T: +31 20 290 0088
_______________________________________________
Users mailing list
Users(a)lists.ciphermail.com
https://lists.ciphermail.com/mailman/listinfo/users