Hi Dieter, Djigzo adds Djigzo specific headers to incoming email when the email is signed and or encrypted (to prevent spoofing of these headers the Djigzo specific headers are first removed for incoming email).
see appendix A of the S/MIME setup guide for more information on the meaning of these headers. A snippet from appendix A of the S/MIME setup guide: When an incoming email is handled by Djigzo, special headers about the security properties of the email are automatically added to the email. For example, if an encrypted message sent to an internal users is decrypted by Djigzo relevant information about the encryption algorithm and recipients is added to the header. Because the message is decrypted by Djigzo the message is no longer encrypted. The internal recipient can therefore not see that the message was encrypted. Djigzo therefore adds some security related headers that can be used to check if the message was encrypted and or signed. X-Djigzo-Info-Signer-ID -* X-Djigzo-Info-Signer-Verified-* X-Djigzo-Info-Signer-Trusted -* X-Djigzo-Info-Signer-Trusted-Info-* X-Djigzo-Info-Encryption-Algorithm -* X-Djigzo-Info-Encryption-Recipient -* Example Headers: X-Djigzo-Info-Encryption-Algorithm-0: AES128, Key size: 128 X-Djigzo-Info-Encryption-Recipient-0-0: CN=Thawte Personal Freemail Issuing CA, O=Thawte Consulting (Pty) Ltd., C=ZA/6B55D312FF5F9D5DAD9866FF827FFEB5//1.2.840.113549.1.1.1 X-Djigzo-Info-Encryption-Recipient-1-0: [email protected], CN=CA Cert Signing Authority, OU=http://www.cacert.org, O=Root CA/6683C//1.2.840.113549.1.1.1 X-Djigzo-Info-Signer-ID-0-1: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US/88F9874A02A53042E0228D78CBD55795/ X-Djigzo-Info-Signer-Verified-0-1: True X-Djigzo-Info-Signer-Trusted-0-1: True One certificate was issued by Thawte and the other was issued by CACert. The message was signed by one signer with a certificate issued by Usertrust. X-Djigzo-Info-Signer-Verified This headers shows whether the message content was signed and whether the message has not been changed after signing (tampered). X-Djigzo-Info-Signer-Trusted This headers shows whether the signing certificate was trusted (signed by root etc.) by the gateway. If the signing certificate was not trusted, the reason for not trusting the certificate is given in the X-Djigzo-Info-Signer-Trusted header. X-Djigzo-Info-Encryption-Recipient This header shows which certificate was used to encrypt the message with. This can be helpful when a message cannot be decrypted. Kind regards, Martijn Baur Dieter wrote: > _______________________________________________ > Users mailing list > [email protected] > http://lists.djigzo.com/lists/listinfo/users > > > ------------------------------------------------------------------------ > > Subject: > [Djigzo users] How to find out encrypted mails > From: > Baur Dieter <[email protected]> > Date: > Fri, 9 Jul 2010 11:40:05 +0200 > To: > [email protected] > > To: > [email protected] > > > Hello, > > Here are 2 entries of incoming mails in the djigzo.log > > 1. Mail was not encrypted > ----------------------------------------------------------- > 09 Jul 2010 09:14:39 | INFO incoming | MailID: > 709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: [email protected]; Remote > address: xx.xx.xx.xx; Recipients: [[email protected]]; Subject: Re: Email - > Verschl?sselung [Auftrag: 2010-0459]; Message-ID: > <[email protected]>; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] > 09 Jul 2010 09:14:39 | INFO internal | MailID: > 709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: [email protected]; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] > 09 Jul 2010 09:14:39 | INFO decryptKeepSignature | MailID: > 709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: [email protected]; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] > 09 Jul 2010 09:14:39 | INFO postDecrypt | MailID: > 709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: [email protected]; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] > 09 Jul 2010 09:14:39 | INFO transport | MailID: > 709e4ae1-aced-44e2-be7f-04c5b7d4b2b1; Sender: [email protected]; Remote > address: xx.xx.xx.xx; Recipients: [[email protected]]; Subject: Re: Email - > Verschl?sselung [Auftrag: 2010-0459]; Message-ID: > <[email protected]>; (mitm.application.djigzo.james.mailets.Log) > [Spool Thread #1] > ----------------------------------------------------------- > > 2. Mail was encrypted > ----------------------------------------------------------- > 09 Jul 2010 09:07:05 | INFO incoming | MailID: > fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: [email protected]; Remote > address: xx.xx.xx.xx; Recipients: [[email protected]]; Subject: db-Test > encrypted; Message-ID: <[email protected]>; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] > 09 Jul 2010 09:07:05 | INFO internal | MailID: > fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: [email protected]; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] > 09 Jul 2010 09:07:06 | INFO decryptKeepSignature | MailID: > fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: [email protected]; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] > 09 Jul 2010 09:07:06 | INFO postDecrypt | MailID: > fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: [email protected]; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] > 09 Jul 2010 09:07:06 | INFO transport | MailID: > fda3e633-a07d-45ac-84ee-5eb85b1a3f88; Sender: [email protected]; Remote > address: xx.xx.xx.xx; Recipients: [[email protected]]; Subject: db-Test > encrypted; Message-ID: <[email protected]>; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1] > ----------------------------------------------------------- > > What is the difference in the between the entries? > How can I find out whether a incoming mail was encrypted or not? > How can I find out if the encryption / decryption process was successfully? > > Greetings > > Dieter -- Djigzo open source email encryption _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
