DJIGZO gateway version 2.4.0-3 is released

Hi,

Version 2.4.0-3 of the DJIGZO gateway is released.

This is the same version as the last release candidate so if you already
installed 2.4.0-3 you do not need to reinstall this version.

Release notes:

New

* Sign and encrypt tags can be added to the subject for incoming signed
  and/or encrypted email (GATEWAY-36)
* Signer and sender address mismatch detection has been added
  (GATEWAY-21)
* S/MIME encrypt mailet can selectively encrypt headers (this is mainly
  used in combination with DJIGZO for Android)
* S/MIME encryption and signing algorithm can be set per recipient or
  domain.
* Simple subject filter added which can be used to filter the subject
  using a regular expression.
* Locale (i.e., language) can be selected on the portal login and signup
  page.
* CLI tool added which can be used to set/get user properties from the
  command line.

Improvements/Changes

* The 8.4 PostgreSQL JDBC drivers were not compatible with PostgreSQL 9
  (The default version with Ubuntu 12.04).
  The PostgreSQL JDBC drivers have been updated to 9.X (GATEWAY-56)
* Logging has been improved. More information is logged and color coding
  has been improved (GATEWAY-42, GATEWAY-26)
* Upgraded to BC 1.47
* LogLevel OFF added which can be used to completely disable logging for
  a class.
* Clickatell provider now supports additional parameters.
* Spanish translation for the portal added
  (translation by Diego A. Fliess)
* Loading speed of the preferences page has been improved.
* The user no longer has to login after the portal signup. The user is
  automatically logged in after the signup process.
* The packages are now signed with a new gpg key.

Bug fix

* sudo added to the RPM spec file as a required package (GATEWAY-55)
* PDF reply should use the Reply-To header (GATEWAY-45)
* Under certain circumstances, unicode characters were incorrectly
  encoded when replying to a PDF (GATEWAY-48)
* Compatibility with IE9 has been improved (GATEWAY-40)
* The RPM installer now waits for Postgres to be running before
  continuing the installation.

The new version can be downloaded from:

http://www.djigzo.com/downloads.html

Upgrade guide http://www.djigzo.com/documents/upgrade-guide.pdf

Note: the packages are signed with a new GPG key (which can be
downloaded from the download page)

Kind regards,

Martijn Brinkers

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Hi,

Version 2.4.0-3 of the DJIGZO gateway is released.

This is the same version as the last release candidate so if you already
installed 2.4.0-3 you do not need to reinstall this version.

Release notes:

New

* Sign and encrypt tags can be added to the subject for incoming signed
  and/or encrypted email (GATEWAY-36)
* Signer and sender address mismatch detection has been added
  (GATEWAY-21)
* S/MIME encrypt mailet can selectively encrypt headers (this is mainly
  used in combination with DJIGZO for Android)

Disabled by default, i guess??

* S/MIME encryption and signing algorithm can be set per recipient or
  domain.

The default was SHA1/3DES until now, no?

I ask because we have a problem at one customer site that their
content filter crashes badly since we have this release at work. We
sign all outgoing mail and there were no problems with this site until
now. Disable S/MIME for this site save their content filter, but it
would be interessting what really have changed for signed mails.

Thanks & Regards

Andreas

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Hi,

Version 2.4.0-3 of the DJIGZO gateway is released.

This is the same version as the last release candidate so if you already
installed 2.4.0-3 you do not need to reinstall this version.

Release notes:

New

* Sign and encrypt tags can be added to the subject for incoming signed
  and/or encrypted email (GATEWAY-36)
* Signer and sender address mismatch detection has been added
  (GATEWAY-21)
* S/MIME encrypt mailet can selectively encrypt headers (this is mainly
  used in combination with DJIGZO for Android)

Disabled by default, i guess??

Yes by default disabled.

* S/MIME encryption and signing algorithm can be set per recipient or
  domain.

The default was SHA1/3DES until now, no?

The default is still SHA1/3DES

I ask because we have a problem at one customer site that their content
filter crashes badly since we have this release at work. We sign all
outgoing mail and there were no problems with this site until now.
Disable S/MIME for this site save their content filter, but it would be
interessting what really have changed for signed mails.

Afaik the only change that might have had an influence on the digital
signatures was an update of the Bouncycastle library (the Java library
used for digital signatures etc.).

Does your client use an S/MIME gateway? Did they report a specific error
or did it just crash?

Kind regards,

Martijn Brinkers

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Hi,

Version 2.4.0-3 of the DJIGZO gateway is released.

This is the same version as the last release candidate so if you already
installed 2.4.0-3 you do not need to reinstall this version.

Release notes:

New

* Sign and encrypt tags can be added to the subject for incoming signed
  and/or encrypted email (GATEWAY-36)
* Signer and sender address mismatch detection has been added
  (GATEWAY-21)
* S/MIME encrypt mailet can selectively encrypt headers (this is mainly
  used in combination with DJIGZO for Android)

Disabled by default, i guess??

Yes by default disabled.

* S/MIME encryption and signing algorithm can be set per recipient or
  domain.

The default was SHA1/3DES until now, no?

The default is still SHA1/3DES

I ask because we have a problem at one customer site that their content
filter crashes badly since we have this release at work. We sign all
outgoing mail and there were no problems with this site until now.
Disable S/MIME for this site save their content filter, but it would be
interessting what really have changed for signed mails.

Afaik the only change that might have had an influence on the digital
signatures was an update of the Bouncycastle library (the Java library
used for digital signatures etc.).

Does your client use an S/MIME gateway? Did they report a specific error
or did it just crash?

It is a spam (content)-filter with no S/MIME capabilities as far as i
know. It just crashs and eat up the mail. We got a "550 could not
process your mail" and the recipient a mail with no subject and 0 byte
size. So while it is clearly their fault it would be helpful to have
more details for a bug report to the maker of the spam filter.

Thanks

Andreas

The upgrade to BouncyCastle 1.47 was a lot of work so there were a lot
of changes. Most changes however were more API related and not so much
implementation. One change that might be relevant is that the signing
algorithm identifier added to the headers has been changed.

Previously it was sha1 but this has been changed to sha-1 (see S/MIME
3.2 http://www.rfc-editor.org/rfc/rfc5751.txt)

so it was:

Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="....."

and now it is:

Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha-1; boundary="..."

(i.e., sha1 was replaced with sha-1 according to rfc5751).

It might be that your client's scanner chokes on the sha-1 value?

Kind regards,

Martijn Brinkers