New release of the CipherMail Email Encryption Gateway available (4.1.0-0)

A new version of the CipherMail Email Encryption Gateway is available

Virtual Appliance downloads:

Distribution packages downloads:

Release notes:


* CertStore command line tool can now export certificates and keys
* PGP commons line tool can now export public and secret keys
* The back-end now supports a Mail attribute named
   remote-delivery.smtp.relay-host. It can be used to deliver email to
   a different relay host or local port based on content.
* SetRecipients mailet added. This can be used to change the recipients
   of an email.
* Post smime and pgp processor is now only called when a message was/is
   s/mime or PGP. This can be used to add specific behavior when a
   message is S/MIME or PGP (for example redirect to
   content scanner)
* Systemd fetchmail.service unit file added.
* Matcher added which can match on a user configurable list of
   senders/recipients. This also works for
   Exchange journaling messages by looking inside the journal [PRO/ENT].
* Intellicard Certificate Request handler added [PRO/ENT].
* Export database to XML [PRO/ENT].


* Cipher suites for HTTPClient are no longer set. The Cipher suites
   config resulted in a bug after a Java update.
   The Java bug was only triggered in old versions of CipherMail that
   used a link to sunjce_provider.jar in
* SleepTimeOnError added to SMSGatewayImpl background thread. The thread
   will sleep for 30 sec (default) if there was an exception in the
   background thread not caused by a transport. This is done to prevent
   filling up the logs if there is a problem with the database.
* SMIME command line tool refactored. Now uses long option names.
* System property ciphermail.crypto.cms.mustProduceEncodableUnwrappedKey
   added. This sets the mustProduceEncodableUnwrappedKey BC property.
   This is needed for supporting Utimaco HSMs.
* MySQL/MariaDB SQL config minor change. varchar columns with size 128
   increased to 255.The alias field was too short to fit a sha512
   thumbprint and some prefix used by a cert request handler
   This resulted in an field too small error when trying to set the key
   alias (this was only an issue with the prof/ent. edition)
* Postgres 10 does not allow the JDBC URL to end with /. The last /
   has been removed from the URL.
* Postgres JDB driver updated to support Postgres 10.
* Most required/depends removed from RPM and DEB conf files. It is
   impossible to support different RH/CentOS, Ubuntu. releases with
   one RPM or DEB because packages are renamed/removed.
* The back-end front-end SOAP layer now uses Basic Authentication mode
   instead of WS security to work around a recently introduced Java bug
   in Java
   1.8.0_162. (,
* The CipherMail Virtual Appliance is now using CentOS 7 instead of
   Ubuntu and uses MariaDB instead of Postgres. This means that
   back-ups of previous CipherMail Virtual Appliance cannot be
   directly imported because the database type is changed. Users
   with a support contract can contact Us for help with migrating the
   database to the new version. Note: this only impacts users using the
   Virtual Appliance who wish to upgrade to the new CentOS based
   Virtual Appliance.
* HSM module now supports RSAES-OAEP encryption scheme (requirement
   for the German edi(a)energy standard) [PRO/ENT].
* License check only checked if license was valid at startup [PRO/ENT].
* Selected Certificate Request Handler is now session persistent so
   the selection is remembered while session is active.
* Jetty upgraded to release 9.4. This requires java 8 or up [PRO/ENT].

Upgrade guide can be downloaded from:

Kind regards,

Martijn Brinkers


CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.