Issue with S/MIME decryption most likley caused by Exchange attaching corporate signatures

Hi all,

I have an issue with the decryption of S/MIME mails, and hope someone
can be of help.
To be honest I did not got very deep down the rabbit hole with this one,
as I expect it to be a common problem someone else might already have
solved.

Issue description:
S/MIME mail is decrypted but given back to the mail queue as an empty
mail with an attachment called "smime.p7m". This attachment includes the
message in plain and certificate information. But this does not happen
with all S/MIME encrypted mails.

Ciphermail Version:
Version: 3.3.1-0. Built: 2017-10-07-08:36.

Current thoughts:
I guess this might be related to mails which are signed\encrypted by a
local client and the corporate exchange server adds corporate text
signatures to that mail. ( like the "think before print " or legal
disclaimers)
Looking into the mails after ciphermail has decrypted them shows the
following difference:
Mails that get decrypted to empty message and "smime.p7m" attachment
shows:
Content-Type: application/x-pkcs7-mime;

Mails decrypted correctly:
Content-Type: application/pkcs7-mime;

Thanks in advance for any hint/help.
olaf

Hi all,

I have an issue with the decryption of S/MIME mails, and hope someone
can be of help.
To be honest I did not got very deep down the rabbit hole with this one,
as I expect it to be a common problem someone else might already have
solved.

Issue description:
S/MIME mail is decrypted but given back to the mail queue as an empty
mail with an attachment called "smime.p7m". This attachment includes the
message in plain and certificate information. But this does not happen
with all S/MIME encrypted mails.

Ciphermail Version:
Version: 3.3.1-0. Built: 2017-10-07-08:36.

Current thoughts:
I guess this might be related to mails which are signed\encrypted by a
local client and the corporate exchange server adds corporate text
signatures to that mail. ( like the "think before print " or legal
disclaimers)

CipherMail contains code to gracefully handle S/MIME unaware disclaimer
software, i.e., CipherMail can detect whether a disclaimer was added to
an S/MIME message, thereby creating a non S/MIME message, and repair the
message. It does this by changing the smime message into an attached
message (application/rfc822).

Looking into the mails after ciphermail has decrypted them shows the
following difference:
Mails that get decrypted to empty message and "smime.p7m" attachment
shows:
Content-Type: application/x-pkcs7-mime;

Mails decrypted correctly:
Content-Type: application/pkcs7-mime;

The Content-Type application/x-pkcs7-mime is the old content type for
S/MIME messages. Some email clients like for example Outlook still use
the old style headers. application/pkcs7-mime is the new style headers
for S/MIME. Thunderbird and CipherMail are using the new style headers.
The difference in content type should not be the reason why certain
emails fail.

Can you share the MIME headers of the message that failed?

Kind regards,

Martijn Brinkers

ยทยทยท

On 16-04-18 17:27, Olaf Schwarz via Users wrote:

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

Twitter: http://twitter.com/CipherMail