Hello all,
I’ve got an issue here that I would really appreciate some help with. We are running Ubuntu 14.04, Postfix, Dovecot and Ciphermail, everything updated — all mail and authentication services are functioning normal.
First … Dovecot is the LDA and we have virtual users and virtual domains. Some of these domains are aliases of non-routable Windows AD domains. For example, user(a)email.net <mailto:user(a)email.net> -> user(a)email.corp <mailto:user(a)email.corp> … Ciphermail creates accounts for the internal domain instead of the address that the email was initially addressed to, and this confuses the users. How do we configure Ciphermail/Postfix to make sure that Ciphermail processes the account using the alias domain (what is in the original To:) that the user is familiar with?
Second … Since Ciphermail is running on the same mail server that is accepting incoming mail from the internet, whether or not it is encrypted, it is still processing the queue. We have created a tag (“[encrypt]”) that flags an email to be processed by Ciphermail, with the intention of that function being available for only internal domains — or more precisely, for SASL authenticated users — but it services encryption for any random external user or domain as long as they put the same tag in the subject line. How can we avoid this happening?
Thank you so much for any insight.
~ Laz Peterson
Paravis, LLC
Well, after some beating my head into the wall (that usually works), I’ve decided to just set up Ciphermail as a separate server again and set submission and smtps to proxy into Ciphermail’s smtp. A little hairy, but it works.
The internal domain aliases was really making things difficult.
For the second issue, I am deciding to configure default settings for no encryption services, and then enable encryption on a per-domain basis. Have not tried anything yet, but maybe someone has some insight on the best way to accomplish this?
~ Laz Peterson
Paravis, LLC
···
On Mar 20, 2015, at 8:41 PM, Laz C. Peterson <laz(a)paravis.net> wrote:
Hello all,
I’ve got an issue here that I would really appreciate some help with. We are running Ubuntu 14.04, Postfix, Dovecot and Ciphermail, everything updated — all mail and authentication services are functioning normal.
First … Dovecot is the LDA and we have virtual users and virtual domains. Some of these domains are aliases of non-routable Windows AD domains. For example, user(a)email.net <mailto:user(a)email.net> -> user(a)email.corp <mailto:user(a)email.corp> … Ciphermail creates accounts for the internal domain instead of the address that the email was initially addressed to, and this confuses the users. How do we configure Ciphermail/Postfix to make sure that Ciphermail processes the account using the alias domain (what is in the original To:) that the user is familiar with?
Second … Since Ciphermail is running on the same mail server that is accepting incoming mail from the internet, whether or not it is encrypted, it is still processing the queue. We have created a tag (“[encrypt]”) that flags an email to be processed by Ciphermail, with the intention of that function being available for only internal domains — or more precisely, for SASL authenticated users — but it services encryption for any random external user or domain as long as they put the same tag in the subject line. How can we avoid this happening?
Thank you so much for any insight.
~ Laz Peterson
Paravis, LLC
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users
Well, after some beating my head into the wall (that usually works),
I’ve decided to just set up Ciphermail as a separate server again and
set submission and smtps to proxy into Ciphermail’s smtp. A little
hairy, but it works.
The internal domain aliases was really making things difficult.
In most cases, running the CipherMail gateway as a separate instance is
advised since it makes things easier to configure. Nowadays with
virtualization like VMware, running an extra VM instance is relatively
simple.
For the second issue, I am deciding to configure default settings for
no encryption services, and then enable encryption on a per-domain
basis. Have not tried anything yet, but maybe someone has some
insight on the best way to accomplish this?
You somehow need to distinguish between senders requiring encryption and
those who do not need encryption. Typically this is done based on the
senders domain like you suggested. If you only want encryption based on
for example whether the user was authenticated or not (via SASL) you
might see whether you can instruct Postfix to only send email to the
CipherMail box when the user was authenticated. Not sure whether that is
easy to configure though.
Kind regards,
Martijn Brinkers
···
On 03/22/2015 01:00 AM, Laz C. Peterson wrote:
~ Laz Peterson Paravis, LLC
On Mar 20, 2015, at 8:41 PM, Laz C. Peterson <laz(a)paravis.net> >> wrote:
Hello all,
I’ve got an issue here that I would really appreciate some help
with. We are running Ubuntu 14.04, Postfix, Dovecot and
Ciphermail, everything updated — all mail and authentication
services are functioning normal.
First … Dovecot is the LDA and we have virtual users and virtual
domains. Some of these domains are aliases of non-routable Windows
AD domains. For example, user(a)email.net <mailto:user(a)email.net> ->
user(a)email.corp <mailto:user(a)email.corp> … Ciphermail creates
accounts for the internal domain instead of the address that the
email was initially addressed to, and this confuses the users. How
do we configure Ciphermail/Postfix to make sure that Ciphermail
processes the account using the alias domain (what is in the
original To:) that the user is familiar with?
Second … Since Ciphermail is running on the same mail server that
is accepting incoming mail from the internet, whether or not it is
encrypted, it is still processing the queue. We have created a tag
(“[encrypt]”) that flags an email to be processed by Ciphermail,
with the intention of that function being available for only
internal domains — or more precisely, for SASL authenticated users
— but it services encryption for any random external user or domain
as long as they put the same tag in the subject line. How can we
avoid this happening?
Thank you so much for any insight.
~ Laz Peterson Paravis, LLC
_______________________________________________ Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users
_______________________________________________ Users mailing list
Users(a)lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Twitter: http://twitter.com/CipherMail
Zitat von "Laz C. Peterson" <laz(a)paravis.net>:
Well, after some beating my head into the wall (that usually works),
I’ve decided to just set up Ciphermail as a separate server again
and set submission and smtps to proxy into Ciphermail’s smtp. A
little hairy, but it works.
The internal domain aliases was really making things difficult.
You could use -o receive_override_options=no_address_mappings in
master.cf for the input smtpd. This will defer address rewriting until
the reinject smtpd stage which of course should NOT use
no_address_mappings.
Regards
Andreas