[OFFLINE] Re: Need help setting up...

Hi Bob,

From your previous posting, I assume you already installed Djigzo and

you can login to the UI. Is this correct?

I assume you want to setup the Djigzo gateway as follows:

Sendmail (internal) <-> Djigzo <-> Internet

i.e. outgoing will be encrypted (when possible) and incoming email will
be decrypted.

The first step is to make sure that Djigzo can send and receive email.
Email from Sendmail to external recipients should be relayed through
Djigzo and external incoming email should be delivered to your Sendmail.

1) setup Djigzo MTA

The Djigzo gateway should be allowed to receive email for your domains,
forward incoming email from your domains to your Sendmail server and
deliver email to external users via the Internet.

a) Setup you domains

The Djigzo gateway should be told which domains the server should handle
(i.e. which domains should the server receive email for). The domains
for which email should be received are called "Relay domains".

Relay domains can be added on the MTA setup page (Admin -> MTA config).

If the option "Match Subdomains" is selected, subdomains of the relay
domains will also match. If "Match Subdomains" is not selected,
subdomains should be explicitly added.

b) Forward all incoming email for your domains to your internal email
server (in your case the Sendmail server).

On the MTA config page, the setting "Internal relay host" specifies to
which server all incoming email for the relay domains should be
forwarded. This should be the IP address of your Sendmail server (or if
your Sendmail server has a DNS name you can specify the name instead of
the IP).

c) allow email sent from your internal email server (your Sendmail
server) to relay to external recipients.

To make sure that only internal IP addresses (i.e. your Sendmail server)
can sent email to external recipients, you should add the IP address of
the Sendmail server to "My networks". Alternatively you can specify a
range of IP addresses.

d) Only accept email for users with an account on the internal email server.

Because the Djigzo server by default has no knowledge of which
recipients have valid mail boxes on the Sendmail server, all email for
the relay domains are accepted by default. By selecting the advanced
option "Reject unverified recipient", the gateway 'asks' the internal
server (i.e. the Sendmail) server whether a recipient is acceptable (the
result is cached). with "Reject unverified recipient" the gateway learns
which recipients are valid and which are not.

By default the Djigzo gateway rejects email for unknown users with a
temporary error (450). If you are sure that the procedure works
correctly you can change this to a permanent error (550) by setting
"reject code" to 550.

e) Setup "My Hostname".

The "My Hostname" is used as the default for the HELO name (and for
other settings). If the Djigzo gateway delivers email directly to
external recipients you are advised to set "My Hostname" to the name of
your external IP address (i.e. the reverse lookup of the external IP
address).

f) Make sure the SMTP helo name is correct.

The SMTP HELO (or EHLO) name should be equal to the reverse lookup of
the external IP address. If not, some email server might flag email as
spam. By default the HELO name is equal to "My Hostname". If "My
Hostname" is not equal to the name of your external IP address and email
is delivered directly to external recipients the HELO name should be
explicitly set to the reverse lookup name of your external IP address.

You can test the HELO name of your server by sending an email to
helocheck(a)cbl.abuseat.org (see http://cbl.abuseat.org/helocheck.html for
more info).

The Djigzo gateway should now be able to receive email from external
senders for your internal users. Incoming email for internal users will
be delivered to your Sendmail server.

2) Setup your internal server to relay email through the Djigzo server.

Your internal email server (i.e. Sendmail) should no longer directly
deliver outgoing email to external users but should relay outgoing email
via the Djigzo gateway. Setting up a relay host is email server
dependent. I think Sendmail calls this the "Smart relay host".

With steps 1 and 2 in place, the gateway should now handle all incoming
and outgoing email. Make sure that all incoming email can be delivered
to your users and that all outgoing email can be delivered to external
recipients.

When the gateway is correctly setup we can start to setup the encryption
part.

Setting up encryption will be explained in the next part.

Kind regards,

Martijn Brinkers

Bob Radvanovsky wrote:

ยทยทยท

I am not using a virtual appliance. The email server is using "sendmail", version 8.14.3 (current release). I have 5 email servers, of which the one in question, I would like to setup a secured method of exchanging emails. One email server is the dedicated for one domain (master domain which is used for the entire network), two email servers are dedicated as mailing list servers (primary/secondary), one email server is for email proxies (internal only). The server is question is the "catch all" for the other domains that I support, which includes this domain "infracritical.com".

I own and operate a small non-profit testing laboratory and OSINT research organization, and cannot afford VM software or the hardware to which it is required on (as much as I would like to). I am rellocated to using older, legacy equipment, and your software solution will provide me a suitable method for exchanging emails securely with other OSINT researchers worldwide. BTW, I make NO MONEY whatsoever from my efforts, so (obviously) the cheaper the solution, the better...

Bob Radvanovsky, CIFI, CISM, REM, CIPS
Infracritical, Inc. - "Your Infrastructure, Their Future"
rsradvan(a)unixworks.net | rsradvan(a)infracritical.com | bob(a)infracritical.com
(630) 673-7740 | (412) 774-0373 (facsimile)

----- Original Message -----
From: Martijn Brinkers [mailto:martijn(a)djigzo.com]
To: users(a)lists.djigzo.com
Subject: Re: Need help setting up...

Hi Bob,

I agree that a 'quick start guide' would be helpful. The current
documentation provides you with all the details but it might be a bit
overwhelming. Writing good documentation however takes some time so in
the mean time I can help you setting up the gateway. This helps me to
see what things are unclear and require more detailed explanation.

A few questions:

Are you using the Virtual Appliance?

Do you manage your own email server? and of so what email server are you
currently using?

Kind regards,

Martijn

Bob Radvanovsky wrote:

Although the documentation is awesome, it doesn't show how to go about to

set up, from start to end, a fully functional configuration, completely. I
have the software loaded, configured, and ready and rarrin' 'ta go. But
from there, how do I configure it to go inline for my mail servers? Which
ports do I make available? Are there special accounts that must be created?
What are recommended key lengths to be used for a small company (like
mine)?

These are but some of the questions that I have...anyone have a "cookbook"

for this product?

Bob Radvanovsky, CIFI, CISM, REM, CIPS
Infracritical, Inc. - "Your Infrastructure, Their Future"
rsradvan(a)unixworks.net | rsradvan(a)infracritical.com |

bob(a)infracritical.com

(630) 673-7740 | (412) 774-0373 (facsimile)
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

--
Djigzo open source email encryption
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

--
Djigzo open source email encryption