On 10/26/2012 05:03 PM, [email protected] wrote: > -------- Original-Nachricht -------- >> Datum: Fri, 26 Oct 2012 16:49:13 +0200 >> Von: Martijn Brinkers <[email protected]> >> An: [email protected] >> Betreff: Re: [Djigzo users] Problem with the encryption on domain rule > >> On 10/26/2012 04:33 PM, [email protected] wrote: >>> I´m using the latest djigzo on a CentOS 6.3. I have a domain with a >> certificate to encrypt, but none of the mails which are going through the >> gateway are encrypted. Here is the log output, maybe somebody can tell me why >> it´s not working: >>> >>> 26 Oct 2012 16:09:43 | INFO incoming | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; Remote address: 192.168.1.35; Recipients: >> [[email protected]]; Subject: >> test ; Message-ID: >> <[email protected]>; >> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] >>> 26 Oct 2012 16:09:43 | INFO Subject filter is disabled for the sender; >> MailID: 0121f9cf-f632-4077-a39e-ce065089269c >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] >>> 26 Oct 2012 16:09:43 | INFO postSubjectFilter state | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; (mitm.application.djigzo.james.mailets.Log) [Spool >> Thread >> #2] >>> 26 Oct 2012 16:09:43 | INFO external state | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; (mitm.application.djigzo.james.mailets.Log) [Spool >> Thread #2] >>> 26 Oct 2012 16:09:43 | INFO DLP is disabled for the sender; MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] >>> 26 Oct 2012 16:09:43 | INFO postDLP state | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; (mitm.application.djigzo.james.mailets.Log) [Spool >> Thread #2] >>> 26 Oct 2012 16:09:43 | INFO "subject trigger" is disabled for the >> sender; MailID: 0121f9cf-f632-4077-a39e-ce065089269c >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] >>> 26 Oct 2012 16:09:43 | INFO checkForceEncryptHeader state | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; (mitm.application.djigzo.james.mailets.Log) [Spool >> Thread #2] >>> 26 Oct 2012 16:09:43 | INFO "force encrypt header trigger" is disabled >> for the sender; MailID: 0121f9cf-f632-4077-a39e-ce065089269c >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] >>> 26 Oct 2012 16:09:43 | INFO checkEncryptMode state | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; (mitm.application.djigzo.james.mailets.Log) [Spool >> Thread >> #2] >>> 26 Oct 2012 16:09:43 | INFO "encrypt mode" is force for the >> recipient(s); MailID: 0121f9cf-f632-4077-a39e-ce065089269c >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] >>> 26 Oct 2012 16:09:43 | INFO checkSMIME state | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; (mitm.application.djigzo.james.mailets.Log) [Spool >> Thread #2] >>> 26 Oct 2012 16:09:43 | INFO checkPDFEncrypt state | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; (mitm.application.djigzo.james.mailets.Log) [Spool >> Thread >> #2] >>> 26 Oct 2012 16:09:43 | INFO PDF encryption is disabled for the >> recipient(s); MailID: 0121f9cf-f632-4077-a39e-ce065089269c >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] >>> 26 Oct 2012 16:09:43 | INFO checkMustEncrypt state | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; (mitm.application.djigzo.james.mailets.Log) [Spool >> Thread >> #2] >>> 26 Oct 2012 16:09:43 | INFO Force signing not allowed for sender; >> MailID: 0121f9cf-f632-4077-a39e-ce065089269c >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] >>> 26 Oct 2012 16:09:43 | INFO checkSMIMESign state | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; (mitm.application.djigzo.james.mailets.Log) [Spool >> Thread #2] >>> 26 Oct 2012 16:09:43 | INFO "only sign when encrypt" is enabled for the >> sender. S/MIME signing will be skipped; MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] >>> 26 Oct 2012 16:09:43 | INFO transport state | MailID: >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; >> Sender: >> [email protected]; Remote address: 192.168.1.35; Recipients: >> [[email protected]]; >> Subject: test ; Message-ID: >> <[email protected]>; >> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] >>> 26 Oct 2012 16:09:47 | INFO Cleaning Key Cache. Cache size: 0 >> (mitm.common.cache.KeyCacheImpl) [KeyCacheImpl Thread] >> >> A couple of questions >> >> 1. Can you check whether you have selected the certificate as encryption >> certificate for the external domain? >> >> 2. Is the domain certificate trusted? i.e., not shown with a gray >> background but with a white background? >> >> 3. I see that you have set encrypt mode to "Force". That might be on >> purpose but if your intention is to have mandatory encryption when >> sending to that domain, you should set encrypt mode to "Mandatory" >> >> Kind regards, >> >> Martijn >> > Hi Martijn, > > thanks for your fast reply :o) > > 1.yes ist is as encryption used, not for signing > > 2. as you mentioned it now, the background is grey. how can I make it a white > one ? (I wasn`t aware of it)
If you click the certificate subject and view the certificate it tells you why it's not trusted. If it is because the complete cert chain cannot be found (i.e. an intermediate or root is missing) and you cannot install the intermediate or the root, you can manually make a certificate valid by white listing the certificate. You can do this by placing the certificate on the certificate trust list (CTL) with white listing selected. CLick the certificate, on the certificate view page, click "add to CTL". Then set the status to "White list". regards, Martijn -- DJIGZO email encryption _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
