Received: from mx1.la1.clx.corp
by mx1.la1.clx.corp with LMTP
id 0eMYEMQX+mD9BAIAzivOYw
Received: from localhost (localhost [127.0.0.1])
by mx1.la1.clx.corp (Postfix) with ESMTP id E5761412E05
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.la1.clx.corp E5761412E05
Thu, 22 Jul 2021 18:13:36 -0700 (PDT)
by mx1.la1.clx.corp (Postfix) with ESMTPS id 6F1F74C3589
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.la1.clx.corp 6F1F74C3589
Received: from cmx01.la1.clx.corp (localhost [127.0.0.1])
Received: from localhost (localhost.localdomain [127.0.0.1])
Thu, 22 Jul 2021 18:13:26 -0700 (PDT)
Received: from smtpclient.apple (unknown [10.10.10.2])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
Date: Thu, 22 Jul 2021 21:13:25 -0400
Subject: Test
MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="----=_Part_8_1019438032.1627002808114"
X-Mailer: Apple Mail (2.3654.100.0.2.22)
X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,ENCRYPTED_MESSAGE
autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mx1.la1.clx.corp
------=_Part_8_1019438032.1627002808114
Content-Type: application/pgp-encrypted
Content-Transfer-Encoding: 7bit
Content-Description: PGP/MIME version identification
Version: 1
------=_Part_8_1019438032.1627002808114
Content-Type: application/octet-stream; name=encrypted.asc
Content-Transfer-Encoding: 7bit
Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc"
-----BEGIN PGP MESSAGE-----
Version: CipherMail (5.0.4)
hQIMA2Ju2ERNzXXmARAAhBNlL6BB6nc148QUFQy4u6CIiw1M2a+wKfhlrA5Mnpnx
tbkHNIPch90gGHFWgH/1fa+PlHfdj+EsYLow+b5+SSSZhrvyDvWCMvky+tJUN0va
qeWH8HfEgR2Pwj1/ziSxeUXZr8Kc5FScU/JKN/TEQcdP8mSZwkx146bbXU3a8yUi
PRdWc9UCFilN0HoNtZaNcW0Q0TdWySzi9+UFuighD/EqRozKin3Y6iKvb3zZxFIj
+u5s5FZta+Up9V/LN5CIH7IkbuSNhWMiSszf7zmwdowSyQDwx72a9xB2nndiOaWw
W4kcVK9LlcQSusbAVq9xfZ8LjJBNQMHJF84ppRn355tvRVuL6T9YyVnGmVX85G9Y
S3S3S5Z6nnNm4u7r6cD1p9dBWIDk8HiTvVjkdZAr+sGhy0Ukxm0Of+pbal+T4cgk
kxZHoS100XgTHZJWMzNT9F1WNAZnir4AgdD0P+5Q1uTvCKnWkzPdlxPZ26mwfd4D
pRB0W4Jg+uHfhVlgJp6kg0BJdXUQxxtlurk6o/F1GFNVI1WhTQEXzfnfnCNR/NO+
cvhmJhrplZts/3aqC6NSDT/bRsmDvAQbKenUWhUaqYBHkfS9jRl6UuU2jynnqhYS
IkVIMbrZS+9LTBYHirhLiYf6S7Sbxh5nXyNlEpeAhCFj5geIi47Y5/ll0+3qu6PS
yXABWC9M1+tp0TIkTcimbB8QwnJbDEovY9VQUJp7YKHQsNoixAmH1ZrEVuj3piqq
ifqnA84UJvSli7jCZjL4v4EgGnA/wuOHlBN4L1v4OxQrirbEsOYqxR0/6Pmg5pN2
die+pVZHqEU1nSvKLGHV7diTFXGJ7HrXJdRgp9pw+zCoUW2qxiDuZul2bh4FGGUH
Qe+XKtmo5PHYZW+y+l3CDW/DlActI9jXD3qng+ZDOJ7iTljCCmKHn84+3aueKv4p
Jx0I5Hnm7pfAujR9E/ZSFhYNd6aN4ZMd81ZLey+fvgGpHPD7P75oAVv/8b3pDkRf
ro2kaYoCdMZLUCUTtldHQOnjIicSB4O8BQzWNUwCS8ziurnnDKqv7n9iEM9t0Osi
5N5ol0JEPto2KEypAM/e85sKaSYVqP9LdczHj/ZpAsmYTa11i6F+CUZKZ/OFRP6L
/3aAnr5NpnSMBwC1+UYTyi7d5z5ZXuupwrSDTpQkbUgqBuEuQIhLmxf33bDFZ0Cl
HmxCc4jpW+oeRnGe2GFGfA19rNkAVIDhxEDHkXanxmVV8LuK7Dnx/0A//KkjFUQ4
r6r/rawe1adjIp02jpz6ft8RVQGpS1eVZID+D0w3gi+Era+S6slNi5UbzKuTyvSB
tNMhBvV4+Ga6RvvYMxXKs0gTwfUGY2cdRrEUjuh/HpwB5BCqJvXodrsG+V9xm/1t
C+VwtMXj7IRzB5d3WJgbG0DMumakwnjX11T30ZK+/J+MA/gWyrpdjsnQuYs+R5+J
CeqbmkKjfaQKdsJ6gPl30hhlXQPJEme7RMalm0hMGhv15730U4AsB/KuMEbPtCEp
E9Xnc4+aUjlmoDrOD0YgQgH6M8bxMja4xv2PSuU0CMqsXNn3AD8iIPgDHW0Chvyo
N16kunwbsbPn/iI3GWKKYAtnkef+tSz0MOnvaamXvvXAJXBSjTtRnN53W8FxHSeL
vnPn+/9vFOBEQK62VnexNrVd5sPRLwTU0D6yExLUxXRYHAxysq+FGJzxdh+9ZjkT
mEfiv/kzOWkowfS6ZlirpmgPP3b8XlaB68SOd3vnWwKEBzwQXjcHzlBb+0f26zrF
ix+6s2RLDD/t0o3WyGmkh1eQeaixLJ/6b1bBV5O/5MsNsSpbLRA/LhX/8OaFoRGl
2L09Bcbz6XqCWeTPIUrwGzwSdLeSW3T9akNelFFJ0GwMp15NDwlZ+XGvCCeFXejM
pQxs17Or9h4cPKe6BdTOjV8lD8IRc7tXa81xb0SlxPqQL0FiV/yI1BQcBOwe7o+j
aAoxFa3dcb99eGkiXyKobxqU3lkz/PbuBbLURUzjeaVx0EurQO9YWKxJyOt6M8l5
Q3E3lMYooUOVA1flLDw1Qg1hwIc3VCgPJ7Bkygt6r4IdDgQBNh3pEutfyW9wyUoN
sEedstCRUVptUOIhMZxuv6MYciA9W4hcPSrLgIdMF+aYC2IXYMo1lEGQnctk3n91
x6sWWk0YUB6+Yx8IA4s42mUwapY7dDWd4dsHQFBghU/xpGqnCYLx0RwUDjUxne16
1Ys+gNGk/TIApGBpPPO/DLBmDOGY+OWHRniYsvIRhR3PMoqVrSrF9n2tJfpDwSOC
kSL3vsPARIR+M/gCiIe03Z2gs7axBjhX1SLpK5tUpU5CRzeEOWGLOBv1bQioQomC
U3mi5gJIlo27wxUqdMJFA6Q1KhsDKPyIRYIFnrvhj4VZOnL+noy1/1gaaBiDA2Bd
9f23Dw+l0JQCdcDwPa8BPkEkcb+YJZDFqPxECm6smXYCAtBSojZpjkZPY1J6K5uk
O+8jAzQrfxk0CwEKCPQSnsTVb6Lp4ezsC7QClsU3nKmI4HXeddHzGXqhL/AEaDWn
WAUNFBycON8NNFOdro0i/2UT98bKMJKWKsl+aEpU/i07m5ycvIJ0MU33Kb8mN7RU
DHEHTt/be1O/kyWcT1iHBX+5NPVMEE7zq2G4L4dscudDU+WcM4YLIxo5uza2s+sn
rY0+zvFJdDSHocb8kpkfzXqktnNWlkYYDKkXmmBPG4Zn9yAid2vRdop3pJTw/Spw
Ns5ezpWnuhEalVltGuRYal0F0y1VoHkEobabuK6lhb0SPz/r5rn3StPDlhpv6rn/
oSA79BzFIunCsLkH5nkhGlbmUeUm8Ni/x8AXIdw57DMk5Kxp2bKFqWDFTCZY0bg9
8a+64I+oRqZeZH7VOW4lxRHBjwADSxGmhPwldb3I2sMh45teZ4nypPjm2i4yYGYI
4Naoo95m2NApbfX7M45OevJi6izjk6greCBmTSfNwfXCT+nCQ43DIOFD1Saq86s/
j3hopcpcegGvZlm+GtetnOvyZkycRAK1Qd8SnFVJl5OWaxXLz34jzs2JDHHAgEYw
9ACSkJvKOLFtKp1jK4yf/Eldbsy5lFOUxSlUl0fjWcxQb/IhTB27i2VtARkj57aO
qacb+wu0iVn7+rNYKq0o/Jk6Lzv7TDE4k//+lZvgZUKQLN1TnelMeamRPbZy25Ql
GEwpBI7B8K1NvKzNInrYpe+kTh/1jvAMQHcREjDKBkxDEqFgM7VOaRt0x+RP3Tvo
z7h/MXK0MJ+K2nGMSYmSaUjLQIns8a2XlFCaJTRQ08kt+s5aKFNCS27NT46ZYteh
kNPq87iCdaTlaVszgT6SJnud5+KtaUF4dMPAV4glLneaLFccRH6MAloo1VPT7ahw
YbTnrOAObjcNBZ3PSHc7YIQDbcBdRCjE628Ya52k4sDJAu3+m8d6fKEs48bkfcqg
YQ04i0MqkjyZn8YOjWtuSX4dOEschJpoxpPcvUmYAvkPk9k6fwiJV186ha9mnVds
YDJjfQOGP7nBRWSVO275ktBPtWMhvTJzAcPOyWb5WVjfSljeM2HpcjHB6vlmeLYe
ZGHzEPiYUT9iEFA1WT1dchOxHMWd2A+BqtfrMwQGlWkgdOWbTeXxS2toHrpjFeKv
2TKPSSh1gJ3jjlHZtPUFbIVns44FQFq/XsAg/gx/T/p+oNVWdZoeRnQbzTEZUzMo
1A2xXB+TgIPFnxbG7fPqydcuT5so77V1SE46ZY159bkwlgOO0W2yTdmhdQqWrShk
eDYYgiRxVsonwf96/S3zaRTStE/fhAMmhBHBMvj5XXF7o7nlXJ/mKHFB7Gf4INYT
QkNyAX+Y2SmQ3FD99f3crL3XfxlvjMU2CVCeh2T0s4J1P9CLAkuuh3YDlO8g6X6N
rJEjg8NmZ8mw4RZg6LQanOoLTPBAEKN5BWrt+j2yLqFqkh3+m6j5izoGFXCCJfNP
zGNFqTzuduJluF3OIyTAfdY2rl/UDlluTSXym9x7172FI7IJqO38YjNlmeI5HgBV
5Y+C52CN6W+QKSKxKqnmYfwhV3KOTgjPkhSBouv2F5w97IHjPwRF53ztFLxwBrnj
qOR33eE5MuIk4FJti7EsRZMZxYcpn9vy1CNoQUT1YKP6PjQRl6SZpa76DhnWjr20
o4pEYQoUnd1qZ3/6AJdXj2Et
=emEv
-----END PGP MESSAGE-----
------=_Part_8_1019438032.1627002808114--
The message is being encrypted initially on the client side using Apple Mail and the GPG Suite plugin for MacOS.
Here is my postfix configuration on the ciphermail host:
djigzo_mydestination =
djigzo_mynetworks = 192.168.10.0/24, 192.168.50.0/24, 192.168.100.0/24, 192.168.200.0/24, 192.168.30.0/24, 10.10.10.0/27
djigzo_relayhost = mx1.la1.clx.corp
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_before_filter_message_size_limit = 0
djigzo_calculated_after_filter_message_size_limit = 0
djigzo_after_filter_message_size_limit = ${djigzo_calculated_after_filter_message_size_limit}
djigzo_mailbox_size_limit = 512000000
djigzo_relay_transport_host = mx1.la1.clx.corp
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains = relay_domains
djigzo_rbl_clients =
djigzo_calculated_queue_minfree = 0
myhostname = ${djigzo_myhostname}
mydestination = ${djigzo_mydestination}
mynetworks = 127.0.0.0/8, [::1]/128, ${djigzo_mynetworks}
relay_domains = ${djigzo_relay_domains}
parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains}
smtp_helo_name = ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}}
relay_transport = relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}}
relayhost = ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code}
smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn
smtpd_etrn_restrictions = reject
local_transport = error:local mail delivery is disabled
local_recipient_maps =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
message_size_limit = ${djigzo_after_filter_message_size_limit}
mailbox_size_limit = ${djigzo_mailbox_size_limit}
queue_minfree = ${djigzo_calculated_queue_minfree}
smtpd_authorized_xforward_hosts = 127.0.0.1/32
content_filter = djigzo:[127.0.0.1]:10025
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
tls_preempt_cipherlist = yes
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = $smtpd_tls_protocols
smtpd_tls_exclude_ciphers = AESCCM8, aNULL, ARIA, DES, DSS, eNULL, EXPORT, IDEA, MD5, PSK, RC4, SEED
smtp_tls_CAfile = /etc/pki/ca-trust/extracted/pem/ColdLogixCA-chain.pem
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_protocols = $smtpd_tls_protocols
smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd
smtp_sasl_type = cyrus
smtp_sasl_security_options =
mail_name = CipherMail
smtpd_banner = $myhostname ESMTP $mail_name
append_dot_mydomain = no
biff = no
recipient_delimiter = +
notify_classes =
enable_long_queue_ids = yes
smtp_address_preference = ipv4
and master.cf:
smtp inet n - n - - smtpd
-o message_size_limit=${djigzo_before_filter_message_size_limit}
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
djigzo unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=
cleanup_reinject unix n - n - 0 cleanup
-o hopcount_limit=100
127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_tls_security_level=
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8
-o cleanup_service_name=cleanup_reinject
smtps inet n - y - - smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_tls_security_level=
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8
-o cleanup_service_name=cleanup_reinject
submission inet n - y - - smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_tls_security_level=
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8
-o cleanup_service_name=cleanup_reinject
127.0.0.1:10027 inet n - n - 10 smtpd
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_tls_security_level=
-o mynetworks=127.0.0.0/8
-o syslog_name=postfix/10027
-o message_size_limit=${djigzo_before_filter_message_size_limit}
All settings from the Ciphermail interface is set up with “inherit” for all the options.
Using version 5.0.4:
rpm -qa | grep djig
djigzo-web-5.0.4-1.noarch
djigzo-5.0.4-1.noarch
Mail is set to relay to another postfix host for its final destination.
-jeremy
On Jul 20, 2021, at 7:56 AM, Martijn Brinkers via Users <users@lists.ciphermail.com> wrote:
On Thu, 2021-07-15 at 01:13 -0400, Jeremy Hansen via Users wrote:
I noticed if I sent a message that is encrypted at the client,
ciphermail will encrypt that message again and the original message
is sent as an attachment.
What type of encryption is applied at the client side and what
encryption is applied server side?
PGP on both sides.
I also noticed if I send a message from a host using something like
mailx, the body of the message is never included in the email.
What do you mean with "the body of the message is never included in the
email"?
echo test | mail -s Test
jeremy@losangelesrecording.comThe message comes through encrypted but I don’t see “test” in the body of the email.
Thank you!
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME,
Ope
nPGP, PDF Messenger and Webmail Messenger