New release of the CipherMail gateway (3.2.7-5)

A new version of the CipherMail email encryption gateway has been
released (3.2.7-5)

Release notes:


* IsSMIMEDeepScan matcher added. The IsSMIMEDeepScan matcher can be
  used to detect whether the email is S/MIME and/or whether the email
  contains an attached message (message/rfc822) which is S/MIME.
* Add special header to the message if the message could not be
  decrypted (S/MIME or PGP) because there was no suitable decryption
  key for the message.
* CertStore command line tool added which can be used to manage the
  certificate store from the command line. CertManager command line
  tool is removed because it's functionality is replaced by the
  CertStore tool.
* SMTPSink command line tool added which can be used to test incoming
* CheckKeyStore command line too added which can be used to check
  whether keys are accessible (only used when using an HSM for secure
  key storage).
* conf/spring/ directory added from which properties
  files are read. This allows you to use ${...} placeholders in spring
  xml config files which will be replaced by the values defined in the
  properties files. This allows for easier configuration without having
  to change any xml file.
* REST service API added [enterprise only]
* Respool option added. This can for example be used to retry to
  decrypt a message which could not be decrypted because the private
  key was not available when the message was received [enterprise only]
* Meta certificate request resolver added which can be used to try
  multiple certificate request resolvers in succession until one
  returns a valid Distinguished Name (DN) for the certificate request
  [enterprise only]
* Static certificate request resolver added. This allows you to specify
  a static mapping from domain or email address to Distinguished Name
  (DN) parameters [enterprise only]
* Milter added which can check the MTA queue size and temp error (450)
  if MTA queue size exceeds the max size. This can for example be used
  in a clustered setup to refuse incoming connections if a server is
  too busy [enterprise only]
* Thales (nCipher) HSM can now be used in clustered mode where the HSM
  keys are replicated between nodes of the cluster [enterprise only]
* "On demand key store" added. This key store can be extended with
  client code to retrieve decryption keys on demand from external
  resources (for example an external key store) [enterprise only]


* Every CRL is now imported in a separate transaction instead of one
  transaction containing all new CRLs. This improves memory usage and
  makes it less likely that the transaction is rolled back in a
  clustered setup because the CRL was already imported on another node.
* A "do nothing" post-smime-incoming processor added. This can be used
  to dynamically add new mail rules without having to change the xml
  config file.
* CLI command line tool functionality added to manage users.
* Some libraries (jar files) updated.
* PDF encryption now supports deep scanning which scans the complete
  MIME message (this fixes bug GATEWAY-89)
* system.trustAnchorBuilder.updateCheckInterval changed from 30 min to
  5 min. This was needed to make sure that in a clustered setup the
  cached list of root certificates is automatically refreshed every 5
  min (was 30 min).
* Because some NIO classes are now used, Java 7 or up is now required.
* Postgres NOCREATEUSER NOCREATEDB is no longer used in the
  installation scripts. In Postgres 9.6 NOCREATEUSER is no longer
  supported (this fixes bug GATEWAY-108)
* The "installation guide" is renamed to "installation-reference-guide"
  and the "quick install guide" is renamed to "installation guide".
* Support for SLES 12 added.

Upgrade guide can be downloaded from:

Kind regards,

Martijn Brinkers


CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.