How to find out encrypted mails

Hello,

Here are 2 entries of incoming mails in the djigzo.log

1. Mail was not encrypted

···

-----------------------------------------------------------
09 Jul 2010 09:14:39 | INFO incoming | MailID:
709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: sender(a)yyyy.com; Remote
address: xx.xx.xx.xx; Recipients: [recipient(a)yyyy.com]; Subject: Re: Email -
Verschl?sselung [Auftrag: 2010-0459]; Message-ID:
<4C36CC4C.1060703(a)porsche.de>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:14:39 | INFO internal | MailID:
709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:14:39 | INFO decryptKeepSignature | MailID:
709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:14:39 | INFO postDecrypt | MailID:
709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:14:39 | INFO transport | MailID:
709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: sender(a)yyyy.com; Remote
address: xx.xx.xx.xx; Recipients: [recipient(a)yyyy.com]; Subject: Re: Email -
Verschl?sselung [Auftrag: 2010-0459]; Message-ID:
<4C36CC4C.1060703(a)yyyy.com>; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #1]
-----------------------------------------------------------

2. Mail was encrypted
-----------------------------------------------------------
09 Jul 2010 09:07:05 | INFO incoming | MailID:
fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: sender(a)yyyy.com; Remote
address: xx.xx.xx.xx; Recipients: [recipient(a)yyyy.com]; Subject: db-Test
encrypted; Message-ID: <4C36CA86.1020300(a)porsche.de>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:07:05 | INFO internal | MailID:
fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:07:06 | INFO decryptKeepSignature | MailID:
fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:07:06 | INFO postDecrypt | MailID:
fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:07:06 | INFO transport | MailID:
fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: sender(a)yyyy.com; Remote
address: xx.xx.xx.xx; Recipients: [recipient(a)yyyy.com]; Subject: db-Test
encrypted; Message-ID: <4C36CA86.1020300(a)porsche.de>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
-----------------------------------------------------------

What is the difference in the between the entries?
How can I find out whether a incoming mail was encrypted or not?
How can I find out if the encryption / decryption process was successfully?

Greetings

Dieter

Hi Dieter,

Djigzo adds Djigzo specific headers to incoming email when the email is
signed and or encrypted (to prevent spoofing of these headers the Djigzo
specific headers are first removed for incoming email).

see appendix A of the S/MIME setup guide for more information on the
meaning of these headers.

A snippet from appendix A of the S/MIME setup guide:

When an incoming email is handled by Djigzo, special headers about the
security properties of the email are automatically added to the email.
For example, if an encrypted message sent to an internal users is
decrypted by Djigzo relevant information about the encryption algorithm
and recipients is added to the header.

Because the message is decrypted by Djigzo the message is no longer
encrypted. The internal recipient can therefore not see that the message
was encrypted. Djigzo therefore adds some security related headers that
can be used to check if the message was encrypted and or signed.

X-Djigzo-Info-Signer-ID -*
X-Djigzo-Info-Signer-Verified-*
X-Djigzo-Info-Signer-Trusted -*
X-Djigzo-Info-Signer-Trusted-Info-*
X-Djigzo-Info-Encryption-Algorithm -*
X-Djigzo-Info-Encryption-Recipient -*

Example Headers:

X-Djigzo-Info-Encryption-Algorithm-0: AES128, Key size: 128

X-Djigzo-Info-Encryption-Recipient-0-0:
   CN=Thawte Personal Freemail Issuing CA, O=Thawte Consulting (Pty) Ltd.,
   C=ZA/6B55D312FF5F9D5DAD9866FF827FFEB5//1.2.840.113549.1.1.1

X-Djigzo-Info-Encryption-Recipient-1-0:
   EMAILADDRESS=support(a)cacert.org, CN=CA Cert Signing Authority,
   OU=http://www.cacert.org, O=Root CA/6683C//1.2.840.113549.1.1.1

X-Djigzo-Info-Signer-ID-0-1: CN=UTN-USERFirst-Client Authentication and
Email,
    OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City,
    ST=UT, C=US/88F9874A02A53042E0228D78CBD55795/

X-Djigzo-Info-Signer-Verified-0-1: True

X-Djigzo-Info-Signer-Trusted-0-1: True

One certificate was issued by Thawte and the other was issued by CACert.
The message was signed by one signer with a certificate issued by Usertrust.

X-Djigzo-Info-Signer-Verified

This headers shows whether the message content was signed and whether
the message has not been changed after signing (tampered).

X-Djigzo-Info-Signer-Trusted

This headers shows whether the signing certificate was trusted (signed
by root etc.) by the gateway. If the signing certificate was not
trusted, the reason for not trusting the certificate is given in the
X-Djigzo-Info-Signer-Trusted header.

X-Djigzo-Info-Encryption-Recipient

This header shows which certificate was used to encrypt the message
with. This can be helpful when a message cannot be decrypted.

Kind regards,

Martijn

Baur Dieter wrote:

···

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

------------------------------------------------------------------------

Subject:
How to find out encrypted mails
From:
Baur Dieter <dieter.baur(a)helag-electronic.de>
Date:
Fri, 9 Jul 2010 11:40:05 +0200
To:
users(a)lists.djigzo.com

To:
users(a)lists.djigzo.com

Hello,

Here are 2 entries of incoming mails in the djigzo.log

1. Mail was not encrypted
-----------------------------------------------------------
09 Jul 2010 09:14:39 | INFO incoming | MailID:
709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: sender(a)yyyy.com; Remote
address: xx.xx.xx.xx; Recipients: [recipient(a)yyyy.com]; Subject: Re: Email -
Verschl?sselung [Auftrag: 2010-0459]; Message-ID:
<4C36CC4C.1060703(a)porsche.de>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:14:39 | INFO internal | MailID:
709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:14:39 | INFO decryptKeepSignature | MailID:
709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:14:39 | INFO postDecrypt | MailID:
709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:14:39 | INFO transport | MailID:
709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: sender(a)yyyy.com; Remote
address: xx.xx.xx.xx; Recipients: [recipient(a)yyyy.com]; Subject: Re: Email -
Verschl?sselung [Auftrag: 2010-0459]; Message-ID:
<4C36CC4C.1060703(a)yyyy.com>; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #1]
-----------------------------------------------------------

2. Mail was encrypted
-----------------------------------------------------------
09 Jul 2010 09:07:05 | INFO incoming | MailID:
fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: sender(a)yyyy.com; Remote
address: xx.xx.xx.xx; Recipients: [recipient(a)yyyy.com]; Subject: db-Test
encrypted; Message-ID: <4C36CA86.1020300(a)porsche.de>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:07:05 | INFO internal | MailID:
fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:07:06 | INFO decryptKeepSignature | MailID:
fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:07:06 | INFO postDecrypt | MailID:
fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: sender(a)yyyy.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
09 Jul 2010 09:07:06 | INFO transport | MailID:
fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: sender(a)yyyy.com; Remote
address: xx.xx.xx.xx; Recipients: [recipient(a)yyyy.com]; Subject: db-Test
encrypted; Message-ID: <4C36CA86.1020300(a)porsche.de>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
-----------------------------------------------------------

What is the difference in the between the entries?
How can I find out whether a incoming mail was encrypted or not?
How can I find out if the encryption / decryption process was successfully?

Greetings

Dieter

--
Djigzo open source email encryption

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Hi Dieter,

Djigzo adds Djigzo specific headers to incoming email when the email is
signed and or encrypted (to prevent spoofing of these headers the Djigzo
specific headers are first removed for incoming email).

see appendix A of the S/MIME setup guide for more information on the
meaning of these headers.

I wonder if there some "keyword" to grep the logs for to get a number
of encrypted/signed mails arriving..
For outgoing encrypted i grep for "smimeE" but "smimeD" found no match :frowning:

Regards

Andreas

I wonder if there some "keyword" to grep the logs for to get a number of
encrypted/signed mails arriving..
For outgoing encrypted i grep for "smimeE" but "smimeD" found no match :frowning:

Unfortunately with the current release you either need to set the log
level for certain logger to debug or add some lines to config.xml.

If you need more control then setting the log level to debug I can help
you modify the config.xml file to include some matchers/loggers.

Upcoming versions will include statistics about the
encryption/decryption process.

Kind regards,

Martijn Brinkers

···

--
Djigzo open source email encryption