External mail system replis with S/MIME encrypted responses to our pgp signed mail.

Hello,

We use PGP based email encryption using the gateway and the customer uses tobit david as their mail server with S/MIME. Our public key is installed on their mail system.

When they reply to one of our emails we get it S/MIME encrypted, with their certificate attached. Email that aren't a reply to one of ours work fine.

The following is in djigzo.log (Personal information redacted):

25 Jul 2016 09:35:00 | INFO incoming; MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients: [local_user(a)company.com]; Originator: remote_user(a)customer.com; Sender: remote_user(a)customer.com; Remote address: 1.2.3.4; Subject: Redacted; Message-ID: <something(a)isp.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
25 Jul 2016 09:35:00 | INFO Subject filter is disabled for the sender; MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients: [local_user(a)company.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
25 Jul 2016 09:35:00 | INFO To internal recipient(s); MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients: [local_user(a)company.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
25 Jul 2016 09:35:00 | WARN S/MIME decryption key not found; MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64; Message: A suitable decryption key could not be found. CMS Recipients: Redacted (mitm.common.security.smime.handler.SMIMEHandler) [Spool Thread #2]
25 Jul 2016 09:35:00 | INFO Message handling is finished. Sending to final recipient(s); MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients: [local_user(a)company.com]; Originator: remote_user(a)customer.com; Sender: remote_user(a)customer.com; Remote address: 1.2.3.4; Subject: Redacted; Message-ID: <something(a)isp.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

Is there anything we can do on our side to fix this?

Regards,

mots

Hello,

We use PGP based email encryption using the gateway and the customer
uses tobit david as their mail server with S/MIME. Our public key is
installed on their mail system.

When they reply to one of our emails we get it S/MIME encrypted, with
their certificate attached. Email that aren't a reply to one of ours
work fine.

Not sure whether I fully understand the problem.

So if you send a message signed with PGP/MIME and the recipient replies,
the reply is S/MIME encrypted with a certificate for which you do not
have the private key? But if they send you a message which is not a
reply, the message is not encrypted?

Kind regards,

Martijn Brinkers

···

On 07/28/2016 05:04 PM, mots wrote:

The following is in djigzo.log (Personal information redacted):

25 Jul 2016 09:35:00 | INFO incoming; MailID:
9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients:
[local_user(a)company.com]; Originator: remote_user(a)customer.com;
Sender: remote_user(a)customer.com; Remote address: 1.2.3.4; Subject:
Redacted; Message-ID: <something(a)isp.com>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] 25 Jul
2016 09:35:00 | INFO Subject filter is disabled for the sender;
MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients:
[local_user(a)company.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 25
Jul 2016 09:35:00 | INFO To internal recipient(s); MailID:
9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients:
[local_user(a)company.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 25
Jul 2016 09:35:00 | WARN S/MIME decryption key not found; MailID:
9ccd7fb6-05db-4fe9-a683-50102d194a64; Message: A suitable decryption
key could not be found. CMS Recipients: Redacted
(mitm.common.security.smime.handler.SMIMEHandler) [Spool Thread #2]
25 Jul 2016 09:35:00 | INFO Message handling is finished. Sending to
final recipient(s); MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64;
Recipients: [local_user(a)company.com]; Originator:
remote_user(a)customer.com; Sender: remote_user(a)customer.com; Remote
address: 1.2.3.4; Subject: Redacted; Message-ID: <something(a)isp.com>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

Is there anything we can do on our side to fix this?

Regards,

mots

_______________________________________________ Users mailing list
Users(a)lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

That's exactly what's happening.

···

-----Ursprüngliche Nachricht-----

Von:Martijn Brinkers <martijn(a)ciphermail.com>
Gesendet: Don 28 Juli 2016 23:31
An: users(a)lists.djigzo.com
Betreff: Re: External mail system replis with S/MIME encrypted responses to our pgp signed mail.

On 07/28/2016 05:04 PM, mots wrote:
> Hello,
>
> We use PGP based email encryption using the gateway and the customer
> uses tobit david as their mail server with S/MIME. Our public key is
> installed on their mail system.
>
> When they reply to one of our emails we get it S/MIME encrypted, with
> their certificate attached. Email that aren't a reply to one of ours
> work fine.

Not sure whether I fully understand the problem.

So if you send a message signed with PGP/MIME and the recipient replies,
the reply is S/MIME encrypted with a certificate for which you do not
have the private key? But if they send you a message which is not a
reply, the message is not encrypted?

Kind regards,

Martijn Brinkers

>
> The following is in djigzo.log (Personal information redacted):
>
> 25 Jul 2016 09:35:00 | INFO incoming; MailID:
> 9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients:
> [local_user(a)company.com]; Originator: remote_user(a)customer.com;
> Sender: remote_user(a)customer.com; Remote address: 1.2.3.4; Subject:
> Redacted; Message-ID: <something(a)isp.com>;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] 25 Jul
> 2016 09:35:00 | INFO Subject filter is disabled for the sender;
> MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients:
> [local_user(a)company.com]
> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 25
> Jul 2016 09:35:00 | INFO To internal recipient(s); MailID:
> 9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients:
> [local_user(a)company.com]
> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 25
> Jul 2016 09:35:00 | WARN S/MIME decryption key not found; MailID:
> 9ccd7fb6-05db-4fe9-a683-50102d194a64; Message: A suitable decryption
> key could not be found. CMS Recipients: Redacted
> (mitm.common.security.smime.handler.SMIMEHandler) [Spool Thread #2]
> 25 Jul 2016 09:35:00 | INFO Message handling is finished. Sending to
> final recipient(s); MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64;
> Recipients: [local_user(a)company.com]; Originator:
> remote_user(a)customer.com; Sender: remote_user(a)customer.com; Remote
> address: 1.2.3.4; Subject: Redacted; Message-ID: <something(a)isp.com>;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
>
> Is there anything we can do on our side to fix this?
>
> Regards,
>
> mots
>
>
>
> _______________________________________________ Users mailing list
> Users(a)lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users
>

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

That's exactly what's happening.

Since I do not know any details about the product they are using, I am
just guessing. Perhaps their gateway fails to make a distinction between
a PGP/MIME and S/MIME signed message.

A PGP/MIME signed message has the content type

Content-Type: multipart/signed; protocol="application/pgp-signature"

and an S/MIME message has the content type

Content-Type: multipart/signed; protocol="application/pkcs7-signature";

Perhaps their solution does not take the protocol into account and only
looks at the main part of the content type and therefore mixes up
PGP/MIME and S/MIME.

Another option might be that the mail client of the person replying
encrypts the message and not their gateway.

You might try to see whether the same problem occurs of you change the
"PGP encoding to external" for their domain from PGP/MIME to PGP/INLINE.

Can you forward a faulty encrypted message (with full MIME content) to
my personal email address (i.e., off-list) so I can see how the message
looks like?

Kind regards,

Martijn Brinkers

···

On 07/29/2016 02:44 PM, mots wrote:

-----Ursprüngliche Nachricht-----

Von:Martijn Brinkers <martijn(a)ciphermail.com>
Gesendet: Don 28 Juli 2016 23:31
An: users(a)lists.djigzo.com
Betreff: Re: External mail system replis with S/MIME encrypted responses to our pgp signed mail.

On 07/28/2016 05:04 PM, mots wrote:

Hello,

We use PGP based email encryption using the gateway and the customer
uses tobit david as their mail server with S/MIME. Our public key is
installed on their mail system.

When they reply to one of our emails we get it S/MIME encrypted, with
their certificate attached. Email that aren't a reply to one of ours
work fine.

Not sure whether I fully understand the problem.

So if you send a message signed with PGP/MIME and the recipient replies,
the reply is S/MIME encrypted with a certificate for which you do not
have the private key? But if they send you a message which is not a
reply, the message is not encrypted?

Kind regards,

Martijn Brinkers

The following is in djigzo.log (Personal information redacted):

25 Jul 2016 09:35:00 | INFO incoming; MailID:
9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients:
[local_user(a)company.com]; Originator: remote_user(a)customer.com;
Sender: remote_user(a)customer.com; Remote address: 1.2.3.4; Subject:
Redacted; Message-ID: <something(a)isp.com>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] 25 Jul
2016 09:35:00 | INFO Subject filter is disabled for the sender;
MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients:
[local_user(a)company.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 25
Jul 2016 09:35:00 | INFO To internal recipient(s); MailID:
9ccd7fb6-05db-4fe9-a683-50102d194a64; Recipients:
[local_user(a)company.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 25
Jul 2016 09:35:00 | WARN S/MIME decryption key not found; MailID:
9ccd7fb6-05db-4fe9-a683-50102d194a64; Message: A suitable decryption
key could not be found. CMS Recipients: Redacted
(mitm.common.security.smime.handler.SMIMEHandler) [Spool Thread #2]
25 Jul 2016 09:35:00 | INFO Message handling is finished. Sending to
final recipient(s); MailID: 9ccd7fb6-05db-4fe9-a683-50102d194a64;
Recipients: [local_user(a)company.com]; Originator:
remote_user(a)customer.com; Sender: remote_user(a)customer.com; Remote
address: 1.2.3.4; Subject: Redacted; Message-ID: <something(a)isp.com>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

Is there anything we can do on our side to fix this?

Regards,

mots

_______________________________________________ Users mailing list
Users(a)lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail