Forgot to add the following note: The IsSMIME matcher checks the message for a specific S/MIME content type. It is possible to 'fake' an encrypted email by taking a plain text email and set the content type to:
application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data If your requirements are such that you need to be 100% sure that an email is encrypted (and also be sure that it is encrypted with a strong enough cipher), a specialized matcher should be created that checks the smime.p7m attachment (CMS blob) and checks whether it is encrypted with a strong enough cipher. Kind regards, Martijn Brinkers On 01/-10/-28163 08:59 PM, Martijn Brinkers wrote: > Hi Ralf, > >> post suggests, I want to reject all mail that's not encrypted. I >> know there has been a discussion on this maillinglist regarding the >> usefulness of this measure, but we have a special environment in >> which rejecting unencrypted messages is a "must have". I know I >> should add a matcher to the james/config.xml, but I cannot define the >> right matcher. Could someone help me defining the right matcher for >> rejecting all non encrypted mail? Thank you in advance! > > The following matcher matches whether the content-type of the message > says the message is encrypted, and if so, the next processor will handle > the message (change *CHANGE_THIS* to match the processor you want to use > when the message is encrypted) > > <mailet match="IsSMIME=matchOnError=false,encrypted" class="GotoProcessor"> > <processor> *CHANGE_THIS* </processor> > </mailet> > > Note: the above matcher is already used in the current config.xml file > to check whether the message is already encrypted. > > Unfortunately it's not possible to inverse the matcher so if you want to > do handle the email differently when not encrypted add it after the > matcher for encryption. For example like this: > > <mailet match="IsSMIME=matchOnError=false,encrypted" class="GotoProcessor"> > <processor> *CHANGE_THIS* </processor> > </mailet> > > <mailet match="All" class="GotoProcessor"> > <processor> *PROCESSOR_NOT_ENCRYPTED* </processor> > </mailet> > > > A question, are you only interested in whether outgoing email is > encrypted or also incoming email? If you only need to be sure that > outgoing email is encrypted you can set the encrypt mode to "Mandatory". > > If you want to check whether incoming email is encrypted what do you > want to do with the message if the message is not encrypted? > > As Andreas noted, the email has already been accepted and bouncing it > back to the sender can cause your SMTP server to be blacklisted (search > for the term Backscatter) if you are not 100% certain that the message > was not spam. > > Kind regards, > > Martijn Brinkers > > > On 01/-10/-28163 08:59 PM, Ralf Bardoel wrote: >> Dear users of Djigzo, >> >> First of all I want to say I love your product! Like the subject of my >> post suggests, I want to reject all mail that's not encrypted. I know >> there has been a discussion on this maillinglist regarding the >> usefulness of this measure, but we have a special environment in which >> rejecting unencrypted messages is a "must have". I know I should add a >> matcher to the james/config.xml, but I cannot define the right matcher. >> Could someone help me defining the right matcher for rejecting all non >> encrypted mail? Thank you in advance! >> >> Kind regards, >> >> Ralf Bardoel >> > > -- Djigzo open source email encryption
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
