Hello to anyone listening.
I'm excited about Djigzo, and would like to
implement it in our 65-person shop. I DL'd, and
successfully installed the latest VM version on
VMware Server 1.0.9. I also added the latest
version of VMware Tools. I've read all of the
manuals, and have a general idea of what I need
to do to make this all work. But, I can't seem
to get my head completely around it. Someone's
help in setting up and getting it running would be
much appreciated.
Here's my present email set-up: latest sendmail,
as well as MailScanner, MailWatch, clamav, Bit
Defender, and spamassassin (which have been in
place, and running well, for five years) in DMZ.
I'd like to place Djigzo in front of my current
mail server, and use self-created certificates.
Again, help would be appreciated.
Dimitri
···
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Hi Dimitri,
Have you downloaded the administration guide? It explains how to setup
the MTA and gives an overview of all the functionality.
The first step is to make sure that email is sent and received via Djigzo.
A general setup will go as follows:
Djigzo MTA
* Allow email relay from your internal sendmail (add the IP of the
sendmail server to “My Networks”)
* Add the the domains to the “Relay domains” for which you receive email
(firstbhpb.com etc.)
* Set the ”Internal relay host” to the IP address of the sendmail server
(or spam server/virus scanner) to make sure that incoming email gets
sent to your internal email server.
* If you want Djigzo to sent email to external recipients leave
“External relay host” blank. If you use an external relay fill in the IP
(or address) of the relay
* To make Djigzo know which internal recipients are valid recipients
enable advanced settings and enable “Reject unverified recipient”. This
option makes Djigzo (actually the internally used Postfix server) ask
you sendmail server whether the user is a known user. Enable this option
to prevent back-scatter (see Postfix Backscatter Howto)
Change “reject code” from 450 (try again later) to 550 (reject) if you
are certain that “Reject unverified recipient” is functional.
* Apply settings
Djigzo internally uses Postfix for the MTA part so for the fine details
see Postfix Documentation.
Djigzo contains a MTA (responsible for email delivery) and MPA
(responsible for email processing like encryption etc.). The MTA
determines for which domains you receive email. The MPA determines which
email should be encrypted or decrypted. The MPA has to know which
domains are internal and which are external In most setups incoming
email for your internal users should be decrypted and outgoing email for
external users should be encrypted. So in most setups you should add a
domain (see page 22 of the administration guide) for each domain you
have enabled in the MTA relay domains and make sure that the domain is
an internal domain (to make sure that incoming email is decrypted and
outgoing email is encrypted).
You should now create a CA server certificate and add certificates for
your internal and/or external users. This is explained in the S/MIME
setup guide.
Once you have setup Djigzo for sending and receiving email you can start
experimenting with all the features.
Hope this helps.
Feel free to ask if something isn't clear.
Kind regards,
Martijn Brinkers
Dimitri Yioulos wrote:
···
Hello to anyone listening.
I'm excited about Djigzo, and would like to
implement it in our 65-person shop. I DL'd, and
successfully installed the latest VM version on
VMware Server 1.0.9. I also added the latest
version of VMware Tools. I've read all of the
manuals, and have a general idea of what I need
to do to make this all work. But, I can't seem
to get my head completely around it. Someone's
help in setting up and getting it running would be
much appreciated.
Here's my present email set-up: latest sendmail,
as well as MailScanner, MailWatch, clamav, Bit
Defender, and spamassassin (which have been in
place, and running well, for five years) in DMZ.
I'd like to place Djigzo in front of my current
mail server, and use self-created certificates.
Again, help would be appreciated.
Dimitri
--
Djigzo open source email encryption
Thank you, Martijn!
I'll look this over and see how far I can get. I
appreciate that you'll be there to "hand
hold" .
Here in Massachusetts, USA, we'll soon be subject
to strict data encryption regulations. If I can
get Djigzo to handle the email end of things,
that would be terrific. I'd also be willing to
share my knowledge with others here who could use
a good FOSS tool like Djigzo to meet their data
encryption needs.
More to follow, then
Dimitri
···
On Wednesday 17 June 2009 9:31:21 am you wrote:
Hi Dimitri,
Have you downloaded the administration guide?
It explains how to setup the MTA and gives an
overview of all the functionality.
The first step is to make sure that email is
sent and received via Djigzo.
A general setup will go as follows:
Djigzo MTA
* Allow email relay from your internal sendmail
(add the IP of the sendmail server to “My
Networks”)
* Add the the domains to the “Relay domains”
for which you receive email (firstbhpb.com
etc.)
* Set the ”Internal relay host” to the IP
address of the sendmail server (or spam
server/virus scanner) to make sure that
incoming email gets sent to your internal email
server.
* If you want Djigzo to sent email to external
recipients leave “External relay host” blank.
If you use an external relay fill in the IP (or
address) of the relay
* To make Djigzo know which internal recipients
are valid recipients enable advanced settings
and enable “Reject unverified recipient”. This
option makes Djigzo (actually the internally
used Postfix server) ask you sendmail server
whether the user is a known user. Enable this
option to prevent back-scatter (see
Postfix Backscatter Howto)
Change “reject code” from 450 (try again
later) to 550 (reject) if you are certain that
“Reject unverified recipient” is functional.
* Apply settings
Djigzo internally uses Postfix for the MTA part
so for the fine details see
Postfix Documentation.
Djigzo contains a MTA (responsible for email
delivery) and MPA (responsible for email
processing like encryption etc.). The MTA
determines for which domains you receive email.
The MPA determines which email should be
encrypted or decrypted. The MPA has to know
which domains are internal and which are
external In most setups incoming email for your
internal users should be decrypted and outgoing
email for external users should be encrypted.
So in most setups you should add a domain (see
page 22 of the administration guide) for each
domain you have enabled in the MTA relay
domains and make sure that the domain is an
internal domain (to make sure that incoming
email is decrypted and outgoing email is
encrypted).
You should now create a CA server certificate
and add certificates for your internal and/or
external users. This is explained in the S/MIME
setup guide.
Once you have setup Djigzo for sending and
receiving email you can start experimenting
with all the features.
Hope this helps.
Feel free to ask if something isn't clear.
Kind regards,
Martijn Brinkers
Dimitri Yioulos wrote:
> Hello to anyone listening.
>
> I'm excited about Djigzo, and would like to
> implement it in our 65-person shop. I DL'd,
> and successfully installed the latest VM
> version on VMware Server 1.0.9. I also added
> the latest version of VMware Tools. I've
> read all of the manuals, and have a general
> idea of what I need to do to make this all
> work. But, I can't seem to get my head
> completely around it. Someone's help in
> setting up and getting it running would be
> much appreciated.
>
> Here's my present email set-up: latest
> sendmail, as well as MailScanner, MailWatch,
> clamav, Bit Defender, and spamassassin (which
> have been in place, and running well, for
> five years) in DMZ.
>
> I'd like to place Djigzo in front of my
> current mail server, and use self-created
> certificates.
>
> Again, help would be appreciated.
>
> Dimitri
--
Djigzo open source email encryption
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Greetz, Martijn.
I followed the basic set-up which you outlined for
the Djigzo MTA. Next, I created a CA, then
created a certificate for myself, based on what I
read in the SMIME setup guide. I sent that cert
to myself, and since I received it, I've got to
believe that my primary MTA is configured
properly to work with the Djigzo MTA, at least so
far.
Now, I'm ready to test encrypting mail, but I'm
not sure how to proceed. BTW, I'm the only one
in my shop to use Kmail; everyone else uses MS
Outlook. I think I successfully pulled my crt
into Kmail
Now, do I point my MUA to Djigzo?
What's the next step to encrypting/signing mail?
Apologies for what seem to be very basic
questions, but email encryption is not an easy
subject, or it would much more widely used.
Thanks.
Dimitri
···
On Wednesday 17 June 2009 9:31:21 am you wrote:
Hi Dimitri,
Have you downloaded the administration guide?
It explains how to setup the MTA and gives an
overview of all the functionality.
The first step is to make sure that email is
sent and received via Djigzo.
A general setup will go as follows:
Djigzo MTA
* Allow email relay from your internal sendmail
(add the IP of the sendmail server to “My
Networks”)
* Add the the domains to the “Relay domains”
for which you receive email (firstbhpb.com
etc.)
* Set the ”Internal relay host” to the IP
address of the sendmail server (or spam
server/virus scanner) to make sure that
incoming email gets sent to your internal email
server.
* If you want Djigzo to sent email to external
recipients leave “External relay host” blank.
If you use an external relay fill in the IP (or
address) of the relay
* To make Djigzo know which internal recipients
are valid recipients enable advanced settings
and enable “Reject unverified recipient”. This
option makes Djigzo (actually the internally
used Postfix server) ask you sendmail server
whether the user is a known user. Enable this
option to prevent back-scatter (see
Postfix Backscatter Howto)
Change “reject code” from 450 (try again
later) to 550 (reject) if you are certain that
“Reject unverified recipient” is functional.
* Apply settings
Djigzo internally uses Postfix for the MTA part
so for the fine details see
Postfix Documentation.
Djigzo contains a MTA (responsible for email
delivery) and MPA (responsible for email
processing like encryption etc.). The MTA
determines for which domains you receive email.
The MPA determines which email should be
encrypted or decrypted. The MPA has to know
which domains are internal and which are
external In most setups incoming email for your
internal users should be decrypted and outgoing
email for external users should be encrypted.
So in most setups you should add a domain (see
page 22 of the administration guide) for each
domain you have enabled in the MTA relay
domains and make sure that the domain is an
internal domain (to make sure that incoming
email is decrypted and outgoing email is
encrypted).
You should now create a CA server certificate
and add certificates for your internal and/or
external users. This is explained in the S/MIME
setup guide.
Once you have setup Djigzo for sending and
receiving email you can start experimenting
with all the features.
Hope this helps.
Feel free to ask if something isn't clear.
Kind regards,
Martijn Brinkers
Dimitri Yioulos wrote:
> Hello to anyone listening.
>
> I'm excited about Djigzo, and would like to
> implement it in our 65-person shop. I DL'd,
> and successfully installed the latest VM
> version on VMware Server 1.0.9. I also added
> the latest version of VMware Tools. I've
> read all of the manuals, and have a general
> idea of what I need to do to make this all
> work. But, I can't seem to get my head
> completely around it. Someone's help in
> setting up and getting it running would be
> much appreciated.
>
> Here's my present email set-up: latest
> sendmail, as well as MailScanner, MailWatch,
> clamav, Bit Defender, and spamassassin (which
> have been in place, and running well, for
> five years) in DMZ.
>
> I'd like to place Djigzo in front of my
> current mail server, and use self-created
> certificates.
>
> Again, help would be appreciated.
>
> Dimitri
--
Djigzo open source email encryption
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Hi Dimitri,
Did you import the pfx file (which is password protected) into KMail?
Because you said "..pulled my crt.." which makes me to believe you only
installed the public certificate. For the most popular email clients I
have added a guide on how to import the pfx
(http://www.djigzo.com/help/import_pfx.html) but I did not yet added a
guide on KMail (I'll see if I can add it).
You can add a SMTP account to your MUA that sends mail through Djigzo.
If you want Djigzo to encrypt the message you have to make sure you sent
it to an external recipient. A recipient is external by default. A
recipient can only be internal when you selected internal for the
user/domain settings for the recipient (or did set the global settings
to internal). Djigzo needs the public certificate for the recipient to
encrypt a message. So, you have to make sure that a public certificate
is available for the recipient. If the email address of the recipient
matches the email address of the certificate, and! the certificate is
trusted (the certificate is not gray or red) Djigzo will automatically
use the certificate for the recipient (the certificate line will be
'green' for the encryption certificates page for the recipient). If the
email address does not match or the certificate is not trusted you can
manually select the certificate on the encryption certificates page for
the recipient.
Once this has been setup (and you leave the setting encrypt mode
"allow", or set it to "mandatory") outgoing email will be encrypted for
the recipient.
Another option would be to disable encryption by default and use a
"Subject trigger" to trigger encryption.
Once you have setup the system and are familiar with all the settings
you can setup your internal email server to relay through Djigzo.
Hope this will keep you going
Kind regards,
Martijn
PS I have been playing with KMail but have not yet been able to import a
pfx. Perhaps it's because I use Ubuntu which is GNome based. I will look
into it.
Dimitri Yioulos wrote:
···
Greetz, Martijn.
I followed the basic set-up which you outlined for
the Djigzo MTA. Next, I created a CA, then
created a certificate for myself, based on what I
read in the SMIME setup guide. I sent that cert
to myself, and since I received it, I've got to
believe that my primary MTA is configured
properly to work with the Djigzo MTA, at least so
far.
Now, I'm ready to test encrypting mail, but I'm
not sure how to proceed. BTW, I'm the only one
in my shop to use Kmail; everyone else uses MS
Outlook. I think I successfully pulled my crt
into Kmail
Now, do I point my MUA to Djigzo?
What's the next step to encrypting/signing mail?
Apologies for what seem to be very basic
questions, but email encryption is not an easy
subject, or it would much more widely used.
Thanks.
Dimitri
On Wednesday 17 June 2009 9:31:21 am you wrote:
Hi Dimitri,
Have you downloaded the administration guide?
It explains how to setup the MTA and gives an
overview of all the functionality.
The first step is to make sure that email is
sent and received via Djigzo.
A general setup will go as follows:
Djigzo MTA
* Allow email relay from your internal sendmail
(add the IP of the sendmail server to “My
Networks”)
* Add the the domains to the “Relay domains”
for which you receive email (firstbhpb.com
etc.)
* Set the ”Internal relay host” to the IP
address of the sendmail server (or spam
server/virus scanner) to make sure that
incoming email gets sent to your internal email
server.
* If you want Djigzo to sent email to external
recipients leave “External relay host” blank.
If you use an external relay fill in the IP (or
address) of the relay
* To make Djigzo know which internal recipients
are valid recipients enable advanced settings
and enable “Reject unverified recipient”. This
option makes Djigzo (actually the internally
used Postfix server) ask you sendmail server
whether the user is a known user. Enable this
option to prevent back-scatter (see
Postfix Backscatter Howto)
Change “reject code” from 450 (try again
later) to 550 (reject) if you are certain that
“Reject unverified recipient” is functional.
* Apply settings
Djigzo internally uses Postfix for the MTA part
so for the fine details see
Postfix Documentation.
Djigzo contains a MTA (responsible for email
delivery) and MPA (responsible for email
processing like encryption etc.). The MTA
determines for which domains you receive email.
The MPA determines which email should be
encrypted or decrypted. The MPA has to know
which domains are internal and which are
external In most setups incoming email for your
internal users should be decrypted and outgoing
email for external users should be encrypted.
So in most setups you should add a domain (see
page 22 of the administration guide) for each
domain you have enabled in the MTA relay
domains and make sure that the domain is an
internal domain (to make sure that incoming
email is decrypted and outgoing email is
encrypted).
You should now create a CA server certificate
and add certificates for your internal and/or
external users. This is explained in the S/MIME
setup guide.
Once you have setup Djigzo for sending and
receiving email you can start experimenting
with all the features.
Hope this helps.
Feel free to ask if something isn't clear.
Kind regards,
Martijn Brinkers
Dimitri Yioulos wrote:
Hello to anyone listening.
I'm excited about Djigzo, and would like to
implement it in our 65-person shop. I DL'd,
and successfully installed the latest VM
version on VMware Server 1.0.9. I also added
the latest version of VMware Tools. I've
read all of the manuals, and have a general
idea of what I need to do to make this all
work. But, I can't seem to get my head
completely around it. Someone's help in
setting up and getting it running would be
much appreciated.
Here's my present email set-up: latest
sendmail, as well as MailScanner, MailWatch,
clamav, Bit Defender, and spamassassin (which
have been in place, and running well, for
five years) in DMZ.
I'd like to place Djigzo in front of my
current mail server, and use self-created
certificates.
Again, help would be appreciated.
Dimitri
--
Djigzo open source email encryption
--
Djigzo open source email encryption