Webmail

I am new to this list and a newbie to e-mail encryption. I use Office Logic Interchange (if anyone know that system) for my e-mail server and a webmail application for a client.
I have many questions that I hope someone will have the patients to answer.
My system is setup as follows; I have an internal mail server that sits on lets say 192.168.30.4, it connects to internal clients, the webmail front end and connects to the Internet on gate 192.168.30.222. First questions are how do I insert the djigzo server into this configuration? I only assume that I change the mail server gateway to the ip of the djgizo box on say 192.168.30.5 and the gateway on the djigzo box the 192.168.30.222, it that correct?
I have a setting on the mail server for a relay host for sending mail. Do I set this relay to be the djgizo box on ip 192.168.30.5?
I seem to get the idea that inside the MTA config I have to forward the incoming mail from the djigzo box to the mail server.
Those are my current questions about the network config and setup.

Encryption functionality: What I am looking to do is setup encryption so the only time a message is encrypted is if a key work is added to the subject line, is that possible. Is it possible for external users to receive and be able to decrypt the message without the need to install a certificate and just use a password? I am not interested in using encrpted PDF files.

Thank You

Scott Stepanski
Director
NCC Information Systems
989-356-0673 ext.3903
sstepanski(a)ncc-mi.net

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

Zitat von Scott Stepanski NCC <sstepanski(a)ncc-mi.net>:

I am new to this list and a newbie to e-mail encryption. I use
Office Logic Interchange (if anyone know that system) for my e-mail
server and a webmail application for a client.
I have many questions that I hope someone will have the patients to answer.
My system is setup as follows; I have an internal mail server that
sits on lets say 192.168.30.4, it connects to internal clients, the
webmail front end and connects to the Internet on gate
192.168.30.222. First questions are how do I insert the djigzo
server into this configuration? I only assume that I change the mail
server gateway to the ip of the djgizo box on say 192.168.30.5 and
the gateway on the djigzo box the 192.168.30.222, it that correct?
I have a setting on the mail server for a relay host for sending
mail. Do I set this relay to be the djgizo box on ip 192.168.30.5?
I seem to get the idea that inside the MTA config I have to forward
the incoming mail from the djigzo box to the mail server.

You have to insert Djigzo as an extra Hop in your SMTP chain so it
will "see" all incoming mail at first and all outgoing mail as last
internal Hop. This
will look something like this

e-Mail clients <--> Office Logic Interchange <--> Djigzo <-->
(Firewall/Provider-Gateway) <--> Internet

Encryption functionality: What I am looking to do is setup
encryption so the only time a message is encrypted is if a key work
is added to the subject line, is that possible. Is it possible for
external users to receive and be able to decrypt the message without
the need to install a certificate and just use a password? I am not
interested in using encrpted PDF files.

Encryption as used by the established PGP/S/MIME standards is not
possible without the *recipient* allowing/configuring it and use of
certificates. If you want ad-hoc "encryption" with password protected
whatever, you have to use the PDF encryption provided by Djigzo,
asymetric encryption does not work this way. Beside this it is easily
possible to configure with Djigzo all kind of policy based on
sender/recipient/domain or trigger in subject for doing encryption or
even force it.
For more on this you can have a look at the Administration Guide at
http://www.djigzo.com/documents/administration-guide.pdf

Regards

Andreas

There's various ways of doing that. I have Djigzo configured as a filter
in Postfix, so that Djigzo gets all incoming email after it goes through
spam and virus filtering, and it gets all outgoing mail. If your mail
server doesn't support such a setup, you can just route all mail in via
Djigzo, then your mail server, and out via your mail server, then
Djigzo, just as Andreas pointed out. Djigzo is a mail server in itself,
so you can use it any way you can use an MTA in general.

dagdag
Christine

···

On 04/03/2012 03:00 PM, lst_hoe02(a)kwsoft.de wrote:

You have to insert Djigzo as an extra Hop in your SMTP chain so it
will "see" all incoming mail at first and all outgoing mail as last
internal Hop. This
will look something like this

e-Mail clients <--> Office Logic Interchange <--> Djigzo <-->
(Firewall/Provider-Gateway) <--> Internet

Most questions have already been answered by Andreas and Christine but
perhaps I might add some extra info.

I am new to this list and a newbie to e-mail encryption. I use Office
Logic Interchange (if anyone know that system) for my e-mail server
and a webmail application for a client. I have many questions that I
hope someone will have the patients to answer. My system is setup as
follows; I have an internal mail server that sits on lets say
192.168.30.4, it connects to internal clients, the webmail front end
and connects to the Internet on gate 192.168.30.222. First questions
are how do I insert the djigzo server into this configuration? I only
assume that I change the mail server gateway to the ip of the djgizo
box on say 192.168.30.5 and the gateway on the djigzo box the
192.168.30.222, it that correct?

Yes that's correct. You have to tell you email server (@192.168.30.4) to
relay all email to the djigzo box and tell djigzo to relay all email for
the relay domains (see MTA settings "Internal relay host") to your email
server (@192.168.30.4). All email to external recipients should either
be directly sent (leave "External relay host" blank) or relay through
some external SMTP server (for example Gmail or some other external SMTP
relay host).

I have a setting on the mail server
for a relay host for sending mail. Do I set this relay to be the
djgizo box on ip 192.168.30.5? I seem to get the idea that inside the
MTA config I have to forward the incoming mail from the djigzo box to
the mail server. Those are my current questions about the network
config and setup.

Encryption functionality: What I am looking to do is setup encryption
so the only time a message is encrypted is if a key work is added to
the subject line, is that possible. Is it possible for external users
to receive and be able to decrypt the message without the need to
install a certificate and just use a password? I am not interested in
using encrpted PDF files.

djigzo currently only support two encryption standards: S/MIME and PDF
encryption. S/MIME uses certificates for encryption/decryption and is
supported by most email client. PDF encryption utilizes the encryption
capabilities of the PDF standard (AES128 encryption). The main benefit
of PDF encryption is that the recipient only needs a PDF reader.

There are solutions that allows the recipient to upload the received
message back to the server for decryption. This more or less works as
follows: a message is received which contains a HTML attachment
containing the encrypted message. When the user opens the HTML
attachment, the HTML gets sent to the server it came from. The user then
has to login and the message is decrypted. The problem with these kinds
of systems is that it's prone for phishing. If the attacker intercepts
the message and changes the URL it gets sent to, the attacker can get
hoeld of the password. With S/MIME and PDF encryption, all decryption
will be done locally on the system. The message content does not leave
the system.

Kind regards,

Martijn Brinkers

···

On 04/03/2012 01:35 PM, Scott Stepanski NCC wrote: