S/MIME sign every outgoing email - prerequisites?

General
1

Hi,

I was very lucky to be able to setup ciphermail successfully, and now I want to make it do its job.
Well, still I have some issues with understanding…

  1. Do I need to have an entry for every domain/mail address to sign my outgoing mails? I want to sign mails even for persons I do not yet (1st time mail) had previous mail exchange. Is this possible?

  2. In the MPA logs I find…

26 Nov 2023 14:53:17 | INFO DLP is disabled for the sender; MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO "subject trigger" is disabled for the sender; MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO "force encrypt header trigger" is disabled for the sender; MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO There are no valid S/MIME encryption certificates for the recipient(s); MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de]; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO There are no valid PGP encryption keys for recipient(s); MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de]; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO PDF encryption is disabled for the sender; MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO Force signing header not allowed for sender; MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO "sign subject trigger" is disabled for the sender; MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO Trying to S/MIME sign the message; MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO Trying to PGP/MIME sign the message; MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO DKIM signing is disabled for the sender; MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
26 Nov 2023 14:53:17 | INFO Message handling is finished. Sending to final recipient(s); MailID: 43a82bc2-5125-42db-af51-47273c92f7d3; Recipients: [stenzel@bb-host.de]; Originator: m.stenzel@xx-space.de; Sender: m.stenzel@xx-space.de; Remote address: 65.109.156.85; Subject: Kaffeeeee; Message-ID: <f20fd739-4613-492c-bcd1-027791ab64d5@mail.xx-space.de>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

So there is no signing taking place. The certificates are fine and validated,

any ideas?

Martin.

2

By default sign only is not enabled because the certificates might be self-signed, for example because they were created with the built-in CA, and therefore not trusted by recipients.

To enable sign-only, deselect (i.e., uncheck) the option “only sign when encrypt”

https://www.ciphermail.com/documentation/gateway-administration-guide/settings.html#only-sign-when-encrypt-sender-p-recipient-p