Hello,
I have two test users, both with valid root, intermediate, and personal
certs with the correct usage entitlements. Both certificates have a
white, valid background,
For the two users, I have their S/MIME certificates selected in their
profile for signing and encryption (though I'm only trying to get
signing to work at the moment). I have both forced signing via header
"X-Sign" and subject signing via the example in the documentation (
(?i)\[\s*sign\s*\] ). I am using this script to test both the subject
and header, and Thunderbird to test the subject by sending a mail via
ciphercrypt.
#!/usr/bin/env python
import smtplib
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText
body = "dummy body message"
msg.attach(MIMEText(body, 'plain'))
server = smtplib.SMTP('ciphermail.domain.tld', 25)
server.ehlo('ciphermail.domain.tld')
text = msg.as_string()
server.sendmail(fromaddr, toaddr, text)
server.quit()
I receive the email in the destination inbox, however, it is never
signed. I can verify from the headers that the "X-Sign" header is
present in the email. Currently the MTA/MPA isn't giving a lot of
information to debug. I can see the mail passing through, but there is
no mention of an attempt for any extra processing. I was wondering what
options in logging I can turn on to help debug this issue.
Can you send the relevant lines from the MPA log? The easiest is to
filter on the MailID value (which is shown as a green GUID, looking
similar to MailID: 28dde42b-3de0-4d8e-bc99-e0b32c8a00b3). Every email
gets an unique MailID value. This makes it easier to filter out the
relevant lines for an email.
Kind regards,
Martijn Brinkers
···
On 11-01-18 19:09, Craig Andrews via Users wrote:
Hello,
I have two test users, both with valid root, intermediate, and personal
certs with the correct usage entitlements. Both certificates have a
white, valid background,
For the two users, I have their S/MIME certificates selected in their
profile for signing and encryption (though I'm only trying to get
signing to work at the moment). I have both forced signing via header
"X-Sign" and subject signing via the example in the documentation (
(?i)\[\s*sign\s*\] ). I am using this script to test both the subject
and header, and Thunderbird to test the subject by sending a mail via
ciphercrypt.
#!/usr/bin/env python
import smtplib
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText
body = "dummy body message"
msg.attach(MIMEText(body, 'plain'))
server = smtplib.SMTP('ciphermail.domain.tld', 25)
server.ehlo('ciphermail.domain.tld')
text = msg.as_string()
server.sendmail(fromaddr, toaddr, text)
server.quit()
I receive the email in the destination inbox, however, it is never
signed. I can verify from the headers that the "X-Sign" header is
present in the email. Currently the MTA/MPA isn't giving a lot of
information to debug. I can see the mail passing through, but there is
no mention of an attempt for any extra processing. I was wondering what
options in logging I can turn on to help debug this issue.
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
I just sent this test email via the ciphermail web ui
11 Jan 2018 21:18:08 | INFO incoming; MailID:
acef2600-f6e3-4758-9d6e-b5c4e642c077;
Recipients: [user2(a)domain.tld]; Originator: user1(a)domain.tld; Sender: <>;
Remote address: 127.0.0.1; Subject: test mail [sign]; Message-ID:
<477865062.0.1515705488493.JavaMail.tomcat7(a)ciphermail.internal.tld>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
11 Jan 2018 21:18:09 | INFO Subject filter is disabled for the sender;
MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [user2(a)domain.tld]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
11 Jan 2018 21:18:09 | INFO To internal recipient(s); MailID:
acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [user2(a)domain.tld]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
11 Jan 2018 21:18:09 | INFO Message handling is finished. Sending to final
recipient(s); MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients:
[user2(a)domain.tld]; Originator: user1(a)domain.tld; Sender: <>; Remote
address: 127.0.0.1; Subject: test mail [sign]; Message-ID:
<477865062.0.1515705488493.JavaMail.tomcat7(a)ciphermail.internal.tld>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
-Craig
···
On Thu, Jan 11, 2018 at 6:15 PM, Martijn Brinkers via Users < users(a)lists.djigzo.com> wrote:
On 11-01-18 19:09, Craig Andrews via Users wrote:
> Hello,
> I have two test users, both with valid root, intermediate, and personal
> certs with the correct usage entitlements. Both certificates have a
> white, valid background,
>
> For the two users, I have their S/MIME certificates selected in their
> profile for signing and encryption (though I'm only trying to get
> signing to work at the moment). I have both forced signing via header
> "X-Sign" and subject signing via the example in the documentation (
> (?i)\[\s*sign\s*\] ). I am using this script to test both the subject
> and header, and Thunderbird to test the subject by sending a mail via
> ciphercrypt.
>
> #!/usr/bin/env python
> import smtplib
> from email.MIMEMultipart import MIMEMultipart
> from email.MIMEText import MIMEText
>
>
> fromaddr = "user1(a)domain.tld"
> toaddr = "user2(a)domain.tld"
> msg = MIMEMultipart()
> msg['From'] = fromaddr
> msg['To'] = toaddr
> msg['Subject'] = "mail subject [sign]"
> msg['X-Sign'] = ""
>
> body = "dummy body message"
> msg.attach(MIMEText(body, 'plain'))
>
> server = smtplib.SMTP('ciphermail.domain.tld', 25)
> server.ehlo('ciphermail.domain.tld')
> text = msg.as_string()
> server.sendmail(fromaddr, toaddr, text)
> server.quit()
>
>
> I receive the email in the destination inbox, however, it is never
> signed. I can verify from the headers that the "X-Sign" header is
> present in the email. Currently the MTA/MPA isn't giving a lot of
> information to debug. I can see the mail passing through, but there is
> no mention of an attempt for any extra processing. I was wondering what
> options in logging I can turn on to help debug this issue.
Hi Craig,
Can you send the relevant lines from the MPA log? The easiest is to
filter on the MailID value (which is shown as a green GUID, looking
similar to MailID: 28dde42b-3de0-4d8e-bc99-e0b32c8a00b3). Every email
gets an unique MailID value. This makes it easier to filter out the
relevant lines for an email.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
I just sent this test email via the ciphermail web ui
11 Jan 2018 21:18:08 | INFO incoming; MailID:
acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [user2(a)domain.tld];
Originator: user1(a)domain.tld; Sender: <>; Remote address: 127.0.0.1;
Subject: test mail [sign]; Message-ID:
<477865062.0.1515705488493.JavaMail.tomcat7(a)ciphermail.internal.tld>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
11 Jan 2018 21:18:09 | INFO Subject filter is disabled for the sender;
MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients:
[user2(a)domain.tld] (mitm.application.djigzo.james.mailets.Default)
[Spool Thread #0]
11 Jan 2018 21:18:09 | INFO To internal recipient(s); MailID:
acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [user2(a)domain.tld]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
11 Jan 2018 21:18:09 | INFO Message handling is finished. Sending to
final recipient(s); MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077;
Recipients: [user2(a)domain.tld]; Originator: user1(a)domain.tld; Sender:
<>; Remote address: 127.0.0.1; Subject: test mail [sign]; Message-ID:
<477865062.0.1515705488493.JavaMail.tomcat7(a)ciphermail.internal.tld>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
The recipient is considered to be an internal user. Email sent to
internal users follow the decryption pipeline and email sent to external
recipient follow the encryption pipeline. You either configured the
global settings, a domain or a user as being in internal users. This is
normal for the domain you receive email for because those emails in
typical setups need to be decrypted. All other user, the email addresses
for which you want to sign and/or encrypt need to be external. So, you
either sent a message to a valid internal recipient or you accidentally
mis-configured the Locality of the global settings/domain or user.
Kind regards,
Martijn Brinkers
···
On 11-01-18 22:25, Craig Andrews wrote:
On Thu, Jan 11, 2018 at 6:15 PM, Martijn Brinkers via Users > <users(a)lists.djigzo.com <mailto:users(a)lists.djigzo.com>> wrote:
On 11-01-18 19:09, Craig Andrews via Users wrote:
> Hello,
> I have two test users, both with valid root, intermediate, and
personal
> certs with the correct usage entitlements. Both certificates have a
> white, valid background,
>
> For the two users, I have their S/MIME certificates selected in their
> profile for signing and encryption (though I'm only trying to get
> signing to work at the moment). I have both forced signing via header
> "X-Sign" and subject signing via the example in the documentation (
> (?i)\[\s*sign\s*\] ). I am using this script to test both the subject
> and header, and Thunderbird to test the subject by sending a mail via
> ciphercrypt.
>
> #!/usr/bin/env python
> import smtplib
> from email.MIMEMultipart import MIMEMultipart
> from email.MIMEText import MIMEText
>
>
> fromaddr = "user1(a)domain.tld"
> toaddr = "user2(a)domain.tld"
> msg = MIMEMultipart()
> msg['From'] = fromaddr
> msg['To'] = toaddr
> msg['Subject'] = "mail subject [sign]"
> msg['X-Sign'] = ""
>
> body = "dummy body message"
> msg.attach(MIMEText(body, 'plain'))
>
> server = smtplib.SMTP('ciphermail.domain.tld', 25)
> server.ehlo('ciphermail.domain.tld')
> text = msg.as_string()
> server.sendmail(fromaddr, toaddr, text)
> server.quit()
>
>
> I receive the email in the destination inbox, however, it is never
> signed. I can verify from the headers that the "X-Sign" header is
> present in the email. Currently the MTA/MPA isn't giving a lot of
> information to debug. I can see the mail passing through, but there is
> no mention of an attempt for any extra processing. I was wondering
what
> options in logging I can turn on to help debug this issue.
Hi Craig,
Can you send the relevant lines from the MPA log? The easiest is to
filter on the MailID value (which is shown as a green GUID, looking
similar to MailID: 28dde42b-3de0-4d8e-bc99-e0b32c8a00b3). Every email
gets an unique MailID value. This makes it easier to filter out the
relevant lines for an email.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
That did it. I had originally set up the domain as internal. Eventually I
moved the Global settings to match in an attempt at troubleshooting. I
moved them both to external and the mail is now signed.
Outlook is showing "This message has been tampered with" which is an issue
I had when attempting to write a solution in Python, though I don't know
that this is a ciphermail issue.
Thanks for the assistance Martijn
···
On Thu, Jan 11, 2018 at 9:38 PM, Martijn Brinkers <martijn(a)ciphermail.com> wrote:
On 11-01-18 22:25, Craig Andrews wrote:
>
> Hi Martijn,
>
> I just sent this test email via the ciphermail web ui
>
> 11 Jan 2018 21:18:08 | INFO incoming; MailID:
> acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [user2(a)domain.tld];
> Originator: user1(a)domain.tld; Sender: <>; Remote address: 127.0.0.1;
> Subject: test mail [sign]; Message-ID:
> <477865062.0.1515705488493.JavaMail.tomcat7(a)ciphermail.internal.tld>;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
> 11 Jan 2018 21:18:09 | INFO Subject filter is disabled for the sender;
> MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients:
> [user2(a)domain.tld] (mitm.application.djigzo.james.mailets.Default)
> [Spool Thread #0]
> 11 Jan 2018 21:18:09 | INFO To internal recipient(s); MailID:
> acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [user2(a)domain.tld]
> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
> 11 Jan 2018 21:18:09 | INFO Message handling is finished. Sending to
> final recipient(s); MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077;
> Recipients: [user2(a)domain.tld]; Originator: user1(a)domain.tld; Sender:
> <>; Remote address: 127.0.0.1; Subject: test mail [sign]; Message-ID:
> <477865062.0.1515705488493.JavaMail.tomcat7(a)ciphermail.internal.tld>;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
The recipient is considered to be an internal user. Email sent to
internal users follow the decryption pipeline and email sent to external
recipient follow the encryption pipeline. You either configured the
global settings, a domain or a user as being in internal users. This is
normal for the domain you receive email for because those emails in
typical setups need to be decrypted. All other user, the email addresses
for which you want to sign and/or encrypt need to be external. So, you
either sent a message to a valid internal recipient or you accidentally
mis-configured the Locality of the global settings/domain or user.
Kind regards,
Martijn Brinkers
> On Thu, Jan 11, 2018 at 6:15 PM, Martijn Brinkers via Users > > <users(a)lists.djigzo.com <mailto:users(a)lists.djigzo.com>> wrote:
>
> On 11-01-18 19:09, Craig Andrews via Users wrote:
> > Hello,
> > I have two test users, both with valid root, intermediate, and
> personal
> > certs with the correct usage entitlements. Both certificates have a
> > white, valid background,
> >
> > For the two users, I have their S/MIME certificates selected in
their
> > profile for signing and encryption (though I'm only trying to get
> > signing to work at the moment). I have both forced signing via
header
> > "X-Sign" and subject signing via the example in the documentation (
> > (?i)\[\s*sign\s*\] ). I am using this script to test both the
subject
> > and header, and Thunderbird to test the subject by sending a mail
via
> > ciphercrypt.
> >
> > #!/usr/bin/env python
> > import smtplib
> > from email.MIMEMultipart import MIMEMultipart
> > from email.MIMEText import MIMEText
> >
> >
> > fromaddr = "user1(a)domain.tld"
> > toaddr = "user2(a)domain.tld"
> > msg = MIMEMultipart()
> > msg['From'] = fromaddr
> > msg['To'] = toaddr
> > msg['Subject'] = "mail subject [sign]"
> > msg['X-Sign'] = ""
> >
> > body = "dummy body message"
> > msg.attach(MIMEText(body, 'plain'))
> >
> > server = smtplib.SMTP('ciphermail.domain.tld', 25)
> > server.ehlo('ciphermail.domain.tld')
> > text = msg.as_string()
> > server.sendmail(fromaddr, toaddr, text)
> > server.quit()
> >
> >
> > I receive the email in the destination inbox, however, it is never
> > signed. I can verify from the headers that the "X-Sign" header is
> > present in the email. Currently the MTA/MPA isn't giving a lot of
> > information to debug. I can see the mail passing through, but
there is
> > no mention of an attempt for any extra processing. I was wondering
> what
> > options in logging I can turn on to help debug this issue.
>
> Hi Craig,
>
> Can you send the relevant lines from the MPA log? The easiest is to
> filter on the MailID value (which is shown as a green GUID, looking
> similar to MailID: 28dde42b-3de0-4d8e-bc99-e0b32c8a00b3). Every
email
> gets an unique MailID value. This makes it easier to filter out the
> relevant lines for an email.
>
> Kind regards,
>
> Martijn Brinkers
>
>
> --
> CipherMail email encryption
>
> Email encryption with support for S/MIME, OpenPGP, PDF encryption and
> secure webmail pull.
>
> https://www.ciphermail.com
>
> Twitter: http://twitter.com/CipherMail
>
> _______________________________________________
> Users mailing list
> Users(a)lists.djigzo.com <mailto:Users(a)lists.djigzo.com>
> https://lists.djigzo.com/lists/listinfo/users
> <https://lists.djigzo.com/lists/listinfo/users>
>
>
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
That did it. I had originally set up the domain as internal. Eventually
I moved the Global settings to match in an attempt at troubleshooting. I
moved them both to external and the mail is now signed.
Outlook is showing "This message has been tampered with" which is an
issue I had when attempting to write a solution in Python, though I
don't know that this is a ciphermail issue.
A messages signed by CipherMail should not result in a tampered email.
Could it be that there is some SMTP service after signing that modifies
the message? (like for example adding a banner)
Can you send me a signed email (off list) so I can check whether the
signature is valid?
Kind regards,
Martijn Brinkers
···
On 11-01-18 23:10, Craig Andrews wrote:
On Thu, Jan 11, 2018 at 9:38 PM, Martijn Brinkers > <martijn(a)ciphermail.com <mailto:martijn(a)ciphermail.com>> wrote:
On 11-01-18 22:25, Craig Andrews wrote:
>
> Hi Martijn,
>
> I just sent this test email via the ciphermail web ui
>
> 11 Jan 2018 21:18:08 | INFO incoming; MailID:
> acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [user2(a)domain.tld];
> Originator: user1(a)domain.tld; Sender: <>; Remote address: 127.0.0.1;
> Subject: test mail [sign]; Message-ID:
> <477865062.0.1515705488493.JavaMail.tomcat7(a)ciphermail.internal.tld>;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
> 11 Jan 2018 21:18:09 | INFO Subject filter is disabled for the sender;
> MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients:
> [user2(a)domain.tld] (mitm.application.djigzo.james.mailets.Default)
> [Spool Thread #0]
> 11 Jan 2018 21:18:09 | INFO To internal recipient(s); MailID:
> acef2600-f6e3-4758-9d6e-b5c4e642c077; Recipients: [user2(a)domain.tld]
> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #0]
> 11 Jan 2018 21:18:09 | INFO Message handling is finished. Sending to
> final recipient(s); MailID: acef2600-f6e3-4758-9d6e-b5c4e642c077;
> Recipients: [user2(a)domain.tld]; Originator: user1(a)domain.tld; Sender:
> <>; Remote address: 127.0.0.1; Subject: test mail [sign]; Message-ID:
> <477865062.0.1515705488493.JavaMail.tomcat7(a)ciphermail.internal.tld>;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
The recipient is considered to be an internal user. Email sent to
internal users follow the decryption pipeline and email sent to external
recipient follow the encryption pipeline. You either configured the
global settings, a domain or a user as being in internal users. This is
normal for the domain you receive email for because those emails in
typical setups need to be decrypted. All other user, the email addresses
for which you want to sign and/or encrypt need to be external. So, you
either sent a message to a valid internal recipient or you accidentally
mis-configured the Locality of the global settings/domain or user.
Kind regards,
Martijn Brinkers
> On Thu, Jan 11, 2018 at 6:15 PM, Martijn Brinkers via Users > > <users(a)lists.djigzo.com <mailto:users(a)lists.djigzo.com> > <mailto:users(a)lists.djigzo.com>> wrote:
>
> On 11-01-18 19:09, Craig Andrews via Users wrote:
> > Hello,
> > I have two test users, both with valid root, intermediate, and
> personal
> > certs with the correct usage entitlements. Both certificates
have a
> > white, valid background,
> >
> > For the two users, I have their S/MIME certificates selected
in their
> > profile for signing and encryption (though I'm only trying
to get
> > signing to work at the moment). I have both forced signing
via header
> > "X-Sign" and subject signing via the example in the
documentation (
> > (?i)\[\s*sign\s*\] ). I am using this script to test both
the subject
> > and header, and Thunderbird to test the subject by sending a
mail via
> > ciphercrypt.
> >
> > #!/usr/bin/env python
> > import smtplib
> > from email.MIMEMultipart import MIMEMultipart
> > from email.MIMEText import MIMEText
> >
> >
> > fromaddr = "user1(a)domain.tld"
> > toaddr = "user2(a)domain.tld"
> > msg = MIMEMultipart()
> > msg['From'] = fromaddr
> > msg['To'] = toaddr
> > msg['Subject'] = "mail subject [sign]"
> > msg['X-Sign'] = ""
> >
> > body = "dummy body message"
> > msg.attach(MIMEText(body, 'plain'))
> >
> > server = smtplib.SMTP('ciphermail.domain.tld', 25)
> > server.ehlo('ciphermail.domain.tld')
> > text = msg.as_string()
> > server.sendmail(fromaddr, toaddr, text)
> > server.quit()
> >
> >
> > I receive the email in the destination inbox, however, it is
never
> > signed. I can verify from the headers that the "X-Sign"
header is
> > present in the email. Currently the MTA/MPA isn't giving a
lot of
> > information to debug. I can see the mail passing through,
but there is
> > no mention of an attempt for any extra processing. I was
wondering
> what
> > options in logging I can turn on to help debug this issue.
>
> Hi Craig,
>
> Can you send the relevant lines from the MPA log? The easiest
is to
> filter on the MailID value (which is shown as a green GUID,
looking
> similar to MailID: 28dde42b-3de0-4d8e-bc99-e0b32c8a00b3).
Every email
> gets an unique MailID value. This makes it easier to filter
out the
> relevant lines for an email.
>
> Kind regards,
>
> Martijn Brinkers
>
>
> --
> CipherMail email encryption
>
> Email encryption with support for S/MIME, OpenPGP, PDF
encryption and
> secure webmail pull.
>
> https://www.ciphermail.com
>
> Twitter: http://twitter.com/CipherMail
>
> _______________________________________________
> Users mailing list
> Users(a)lists.djigzo.com <mailto:Users(a)lists.djigzo.com>
<mailto:Users(a)lists.djigzo.com>
> https://lists.djigzo.com/lists/listinfo/users
<https://lists.djigzo.com/lists/listinfo/users>
> <https://lists.djigzo.com/lists/listinfo/users
<https://lists.djigzo.com/lists/listinfo/users>>
>
>
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.