Zitat von Martijn Brinkers <[email protected]>:
Hi,I noticed that Djigzo is rewriting the header.Djigzo by default also protects the subject (i.e., the subject is encrypted and signed). The main reason for this is that sometimes the subject contains sensitive information. For example some automated medical systems add sensitive information to the email subject. Because the subject is protected as well, the message subject can be removed (or changed into something non sensitive). After decryption, the original (protected) subject will be placed back. You can disable this on the sending side by changing the <protected> header settings in config.xml (/etc/djigzo/james/config.xml which is a symlink to /usr/share/djigzo/conf/james/SAR-INF/config.xml) Change <protectedHeader> subject </protectedHeader> into <protectedHeader> </protectedHeader> Note: a space is required because empty values are not allowed. This setting will only change the sending side. The receiver side will restore protected headers if they are available. It is currently not possible to disable this for the receiver side. Could you add a JIRA request for this? (see https://jira.djigzo.com).
Is this standard S/MIME eg. to expected that every S/MIME kompatibel client out there is able to "restore" the subject from encrypted mail? So it would work to place in a dummy subject for every encrypted mail to protect sensible information leaking out by the unecrypted subject? Does this also work in case of signing without encryption?
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
