Dear Martijn, unfortunately I didn't keep the downloaded appliance, so I can't really tell what version of your appliance is in use actually. I installed it at the end of 2018.
Thanks for the hint to set the default to 'No encryption'. I did apply that setting and also explicitly applied it again in the settings for out domain, but the appliance still encrypts any mail I send to myself (using OWA, so no client encryption/signng involved). So what I have is: - Settings/Encrypt Mode = 'No Encryption' - Settings/Encryption subject trigger/Trigger = "[encrypt|secure]" - Settings/Encryption subject trigger/Enabled = checked - Settings/Encryption subject trigger/Regular expr. = checked - Settings/Encryption subject trigger/Remove match = checked Still the appliance tries (and succeeds) to S/MIME sign an empty mail end encrypts it all along (Signing would be OK but encrypting is not) 08 Jul 2019 08:41:25 | INFO incoming; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]]; Originator: [email protected]; Sender: [email protected]; Remote address: 10.183.120.33; Subject: ; Message-ID: <[email protected]>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #3] 08 Jul 2019 08:41:25 | INFO Subject filter is disabled for the sender; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3] 08 Jul 2019 08:41:25 | INFO To external recipient(s); MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3] 08 Jul 2019 08:41:25 | INFO DLP is disabled for the sender; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3] 08 Jul 2019 08:41:25 | INFO "force encrypt header trigger" is disabled for the sender; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3] 08 Jul 2019 08:41:25 | INFO "encrypt mode" is "no encryption" for the sender; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3] 08 Jul 2019 08:41:25 | INFO Force signing header not allowed for sender; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3] 08 Jul 2019 08:41:25 | INFO "sign subject trigger" is disabled for the sender; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3] 08 Jul 2019 08:41:26 | INFO Check for sender signing certificate and request one if required; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3] 08 Jul 2019 08:41:26 | INFO Trying to S/MIME sign the message; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3] 08 Jul 2019 08:41:26 | INFO Message was S/MIME signed. Signing algorithm: SHA256WithRSAEncryption; Sign mode: clear; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.SMIMESign) [Spool Thread #3] 08 Jul 2019 08:41:26 | INFO DKIM signing is disabled for the sender; MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3] 08 Jul 2019 08:41:26 | INFO Message handling is finished. Sending to final recipient(s); MailID: 5a3d9ac8-fbf3-4bd1-abf5-05aff54ba563; Recipients: [[email protected]]; Originator: [email protected]; Sender: [email protected]; Remote address: 10.183.120.33; Subject: ; Message-ID: <[email protected]>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #3] -----Ursprüngliche Nachricht----- Von: Users <[email protected]> Im Auftrag von Martijn Brinkers via Users Gesendet: Freitag, 5. Juli 2019 15:13 An: [email protected] Betreff: Re: [CipherMail User] Can't undo settings for domain or user Hi, See my comments inline: >> ciphermail-appliance-centos-community-1.2.0-0.noarch This is an rpm. I guess you mean version ciphermail-community-virtual-appliance-4.3.0-1? > Now, the customer asked me to go back an not force encryption, but > make it an option using the Subject Line trigger. I changed the > settings for the domain in question backup to Encryp Mode = Allow > etc. > > But as it seems, the appliance doesnt care and continues to encrypt > mails wether a trigger sentence is used or not. Encrypt mode "Allow" means, "Encrypt if possible". If you want encryption to be off by default unless encryption is forced (for example by some trigger) you should set Encrypt Mode to "No Encryption". The documentation for the gateway has recently been updated. https://www.ciphermail.com/documentation/adminguide/ It now also contains a full state diagram. Although is large and might look scary at first, it gives a good overview of all the decision steps taken by the gateway. Start at the beginning an answer every question along the way. https://www.ciphermail.com/documentation/diagrams/ciphermail-gateway-state-d iagram.html Kind regards, Martijn Brinkers On 05-07-19 14:56, dirk bonengel | bios-tec via Users wrote: > Hi there, > > > > Im a new user of Ciphermail (the VA variant, running > ciphermail-appliance-centos-community-1.2.0-0.noarch), installed it > recently with a customers network, works fine so far, awesome piece > of software. > > Today however I stumbled on something that might be a bug (or Im > simply doing things wrong) > > > > This is what I did: > > * Set up Cipermail, creating a CA etc.pp. and set the Global > Preferences to use a trigger to encrypt mails with S/MIME, i.e. > Encrypt Mode = Allow, S/MIME enabled, Set up a trigger regular > expression, enabled that one and check Remove match * Then I added > an external domain, set the Encryption Mode to mandatory. For > testing purposesm this external domain happened to be that of our > company * This worked fine, each mail I sent me an my colleagues were > signed and encrypted. * Following that, I added another, productive > domain (example.com) as I was told > > Now, the customer asked me to go back an not force encryption, but > make it an option using the Subject Line trigger. I changed the > settings for the domain in question backup to Encryp Mode = Allow > etc. > > But as it seems, the appliance doesnt care and continues to encrypt > mails, wether a trigger sentence is used or not. > > > > Im clearly lost. What am I doing wrong? > > > > > > > > Mit freundlichen Grüßen, > > > > > > > > > > > Dirk Bonengel > > > > > > > <mailto:[email protected]> [email protected] > > > > > > > <tel:+4989416127717> +49 (0)89 4161 277-17 > > > > <https://www.bios-tec.de/> > > <https://www.bios-tec.de/> bios-tec GmbH | > <mailto:[email protected]> [email protected] | Nymphenburger Str. > 13 | 80335 München | <https://www.bios-tec.de/impressum> > Impressum > > > > > > _______________________________________________ Users mailing list > [email protected] > https://lists.ciphermail.com/mailman/listinfo/users > -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. W: https://www.ciphermail.com/ E: [email protected] T: +31 20 290 0088 _______________________________________________ Users mailing list [email protected] https://lists.ciphermail.com/mailman/listinfo/users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Users mailing list [email protected] https://lists.ciphermail.com/mailman/listinfo/users
