Hi,
We primarily use CipherMail for PGP. When a PGP public key (of an
external email address) is imported, all email is automatically
encrypted to this email address. We want only specific internal email
addresses to send encrypted email to this external address.
Is it possible to achieve this without the usage of subject triggers,
because this manual action could be forgotten, and could lead into
unwanted situations.
Is there a way to configure this with CipherMail?
···
--
Groetjes,
Arie
Advanced rules can always be added to the mail flow defined in the
config.xml file. However this should only be done when you need a rule
which cannot be configured with the GUI. Whether or not your requirement
can be configured with the GUI depends on the exact requirements.
One option is to set the global "encrypt mode" to "No encryption". Then
add the external email address to which you always want to encrypt and
set "encrypt mode" for this recipient to "Mandatory". Now all email sent
to this email address will be encrypted and if it cannot be encrypted,
the sender will be notified. Note however that now *all* email sent to
this address will be encrypted. With the GUI you cannot specify that
only email sent by user A to user B should be encrypted. If you want
such a rule, you need to manually add a rule to the mail flow defined in
config.xml.
So, it's possible but whether it can be configured with the GUI depends
on your exact requirements.
Personally I think if it's possible to encrypt to a recipient, why not
always encrypt?
Kind regards,
Martijn Brinkers
···
On 04/06/2015 10:38 AM, Arie Koppelaar wrote:
We primarily use CipherMail for PGP. When a PGP public key (of an
external email address) is imported, all email is automatically
encrypted to this email address. We want only specific internal email
addresses to send encrypted email to this external address.
Is it possible to achieve this without the usage of subject triggers,
because this manual action could be forgotten, and could lead into
unwanted situations.
Is there a way to configure this with CipherMail?
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Twitter: http://twitter.com/CipherMail
You could also configure this in Postfix, by using a policy server or plain
rules. Configure Postfix to add a header like "X-DoEncrypt: true" when your
specified advanced rule is met, and then you configure Ciphermail to always
encrypt by header trigger.
One example is to do "X-DoEncrypt: false" when a sender match your specified
"encrypt from" list, and then use a EDIT filter to edit "X-DoEncrypt: false"
to "X-DoEncrypt: true" when a recipient match your "encrypt to" list.
This can be accomplished by simple sender and receipient filters inside
Postfix.
If the sender does not match the encryption list, X-DoEncrypt: is never
added, and thus the recipient filter wont encrypt the mail even if the
recipient match the encryption list.
-----Ursprungligt meddelande-----
···
From: Arie Koppelaar
Sent: Monday, April 06, 2015 10:38 AM
To: users(a)lists.djigzo.com
Subject: PGP email from selected users
Hi,
We primarily use CipherMail for PGP. When a PGP public key (of an
external email address) is imported, all email is automatically
encrypted to this email address. We want only specific internal email
addresses to send encrypted email to this external address.
Is it possible to achieve this without the usage of subject triggers,
because this manual action could be forgotten, and could lead into
unwanted situations.
Is there a way to configure this with CipherMail?
--
Groetjes,
Arie
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users
Thanks for your quick reply. I was not sure about the configuration
possibilities of CipherMail, but Martijn made an important point as
well. Why not always encrypt if its possible? I recon it's also a
mindset, and the knowledge that receivers do not use such a great
solution where mail is decrypted automatically, without any user
intervention.
Sebastian, thanks for your suggestions, they could work very well, but
would be a little too complicated for our support group.
···
---
Groetjes,
Arie
Sebastian Nielsen schreef op 06-04-2015 11:09:
You could also configure this in Postfix, by using a policy server or
plain rules. Configure Postfix to add a header like "X-DoEncrypt:
true" when your specified advanced rule is met, and then you configure
Ciphermail to always encrypt by header trigger.
One example is to do "X-DoEncrypt: false" when a sender match your
specified "encrypt from" list, and then use a EDIT filter to edit
"X-DoEncrypt: false" to "X-DoEncrypt: true" when a recipient match
your "encrypt to" list.
This can be accomplished by simple sender and receipient filters inside
Postfix.
If the sender does not match the encryption list, X-DoEncrypt: is
never added, and thus the recipient filter wont encrypt the mail even
if the recipient match the encryption list.
-----Ursprungligt meddelande----- From: Arie Koppelaar
Sent: Monday, April 06, 2015 10:38 AM
To: users(a)lists.djigzo.com
Subject: PGP email from selected users
Hi,
We primarily use CipherMail for PGP. When a PGP public key (of an
external email address) is imported, all email is automatically
encrypted to this email address. We want only specific internal email
addresses to send encrypted email to this external address.
Is it possible to achieve this without the usage of subject triggers,
because this manual action could be forgotten, and could lead into
unwanted situations.
Is there a way to configure this with CipherMail?
You could also configure this in Postfix, by using a policy server or
plain rules. Configure Postfix to add a header like "X-DoEncrypt: true"
when your specified advanced rule is met, and then you configure
Ciphermail to always encrypt by header trigger.
One example is to do "X-DoEncrypt: false" when a sender match your
specified "encrypt from" list, and then use a EDIT filter to edit
"X-DoEncrypt: false" to "X-DoEncrypt: true" when a recipient match your
"encrypt to" list.
This can be accomplished by simple sender and receipient filters inside
Postfix.
If the sender does not match the encryption list, X-DoEncrypt: is never
added, and thus the recipient filter wont encrypt the mail even if the
recipient match the encryption list.
Yes that's another option. The main benefit is that you can configure
this in Posfix and therefore no changes to the mail flow defined in
config.xml is required. The downside is that the filtering rules in
Postfix are somewhat limited.
Kind regards,
Martijn Brinkers
···
On 04/06/2015 11:09 AM, Sebastian Nielsen wrote:
-----Ursprungligt meddelande----- From: Arie Koppelaar
Sent: Monday, April 06, 2015 10:38 AM
To: users(a)lists.djigzo.com
Subject: PGP email from selected users
Hi,
We primarily use CipherMail for PGP. When a PGP public key (of an
external email address) is imported, all email is automatically
encrypted to this email address. We want only specific internal email
addresses to send encrypted email to this external address.
Is it possible to achieve this without the usage of subject triggers,
because this manual action could be forgotten, and could lead into
unwanted situations.
Is there a way to configure this with CipherMail?
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Twitter: http://twitter.com/CipherMail
Thanks for your quick reply. I was not sure about the configuration
possibilities of CipherMail, but Martijn made an important point as
well. Why not always encrypt if its possible? I recon it's also a
mindset, and the knowledge that receivers do not use such a great
solution where mail is decrypted automatically, without any user
intervention.
The good thing of always encrypting is that you cannot forget to
encrypt. Another reason to always encrypt is that if you only encrypt
certain sensitive email, any outside attacker knows which mails to
target since if the email is encrypted, it means that the email is
sensitive. By encrypting all email, you are no longer leaking this
information.
Then again, like you said, not all recipients might like to receive
every email encrypted if they do not use some kind of automated process.
Sebastian, thanks for your suggestions, they could work very well, but
would be a little too complicated for our support group.
Another option would be to use your existing email filter/server to add
a header when a rule matches and then force encryption if this header is
found. Whether or not this works depends on whether you are using a mail
server or mail filter with such capabilities. I think Exchange 2013 for
example supports transports rules which allow you to add headers when
some condition matches
(Transport rule conditions and exceptions (predicates) in Exchange 2013 | Microsoft Learn).
Ironport probably also allows you to add headers when some condition
matches.
Kind regards,
Martijn Brinkers
···
On 04/06/2015 11:34 AM, Arie Koppelaar wrote:
Sebastian Nielsen schreef op 06-04-2015 11:09:
You could also configure this in Postfix, by using a policy server or
plain rules. Configure Postfix to add a header like "X-DoEncrypt:
true" when your specified advanced rule is met, and then you configure
Ciphermail to always encrypt by header trigger.
One example is to do "X-DoEncrypt: false" when a sender match your
specified "encrypt from" list, and then use a EDIT filter to edit
"X-DoEncrypt: false" to "X-DoEncrypt: true" when a recipient match
your "encrypt to" list.
This can be accomplished by simple sender and receipient filters
inside Postfix.
If the sender does not match the encryption list, X-DoEncrypt: is
never added, and thus the recipient filter wont encrypt the mail even
if the recipient match the encryption list.
-----Ursprungligt meddelande----- From: Arie Koppelaar
Sent: Monday, April 06, 2015 10:38 AM
To: users(a)lists.djigzo.com
Subject: PGP email from selected users
Hi,
We primarily use CipherMail for PGP. When a PGP public key (of an
external email address) is imported, all email is automatically
encrypted to this email address. We want only specific internal email
addresses to send encrypted email to this external address.
Is it possible to achieve this without the usage of subject triggers,
because this manual action could be forgotten, and could lead into
unwanted situations.
Is there a way to configure this with CipherMail?
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Twitter: http://twitter.com/CipherMail
It seems that Exchange 2007 also allows you to add a transport rule
which can add a header when the email is sent by a specific sender and
the recipient is a specific recipient (or member of a recipient list).
Kind regards,
Martijn Brinkers
···
On 04/06/2015 01:23 PM, Martijn Brinkers wrote:
On 04/06/2015 11:34 AM, Arie Koppelaar wrote:
Thanks for your quick reply. I was not sure about the configuration
possibilities of CipherMail, but Martijn made an important point as
well. Why not always encrypt if its possible? I recon it's also a
mindset, and the knowledge that receivers do not use such a great
solution where mail is decrypted automatically, without any user
intervention.
The good thing of always encrypting is that you cannot forget to
encrypt. Another reason to always encrypt is that if you only encrypt
certain sensitive email, any outside attacker knows which mails to
target since if the email is encrypted, it means that the email is
sensitive. By encrypting all email, you are no longer leaking this
information.
Then again, like you said, not all recipients might like to receive
every email encrypted if they do not use some kind of automated process.
Sebastian, thanks for your suggestions, they could work very well, but
would be a little too complicated for our support group.
Another option would be to use your existing email filter/server to add
a header when a rule matches and then force encryption if this header is
found. Whether or not this works depends on whether you are using a mail
server or mail filter with such capabilities. I think Exchange 2013 for
example supports transports rules which allow you to add headers when
some condition matches
(Transport rule conditions and exceptions (predicates) in Exchange 2013 | Microsoft Learn).
Ironport probably also allows you to add headers when some condition
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Twitter: http://twitter.com/CipherMail