Sorry for the previous message. Accidentally pressed send. On 12/07/2011 02:00 PM, Ragnar Plint wrote: > I continue describing Erki's issue. > > We have 2 problems: a) incoming messages are not being decrypted, if > we forward them and choose to send ourselves in our Inbox with .p7m > attached, then Djigzos manages to decrypt.
Did you enable "S/MIME strict mode"? Can you send a log of incoming email which should be decrypted but is not. > b) outgoing messages are signed and then crypted, but we have a > requirement to first encrypt and then sign the message. That's possible but requires some changes to an xml file that defines how email is handled (config.xml). You can even sign, then encrypt and then sign again. This however is not default so it requires some changes to config.xml. If I have time I will test this and send you some instructions on how to modify config.xml to do that. > > We have defined our domain as internal and other domains as > external. We have imported and whitelisted external certificates and > our private key (there's a key icon next to our certificate). > > External domains have their certs for encrypting and ours for > signing, we have tried both Allow/Force encrypt options and other > S/MIME section Strict mode off/on, only sign when encrypt on/off. Our > internal domain has our cert for encryption (which we believe should > be picked up for decrypting) and for signing we have also our > certificate. > > > I also add a log of sending the mail out(none of the certificates do > have a CA): Can you provide a log of incoming email which should be decrypted but is not? Kind regards, Martijn Brinkers _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
