Re: [Djigzo users] Problem with the encryption on domain rule

fatcharly Mon, 29 Oct 2012 03:57:20 -0700

-------- Original-Nachricht --------
> Datum: Fri, 26 Oct 2012 18:02:54 +0200
> Von: Martijn Brinkers <[email protected]>
> An: [email protected]
> Betreff: Re: [Djigzo users] Problem with the encryption on domain rule


> On 10/26/2012 05:03 PM, [email protected] wrote:
> > -------- Original-Nachricht --------
> >> Datum: Fri, 26 Oct 2012 16:49:13 +0200
> >> Von: Martijn Brinkers <[email protected]>
> >> An: [email protected]
> >> Betreff: Re: [Djigzo users] Problem with the encryption on domain rule
> >
> >> On 10/26/2012 04:33 PM, [email protected] wrote:
> >>> I´m using the latest djigzo on a CentOS 6.3. I have a domain with a
> >> certificate to encrypt, but none of the mails which are going through
> the
> >> gateway are encrypted. Here is the log output, maybe somebody can tell
> me why
> >> it´s not working:
> >>>
> >>> 26 Oct 2012 16:09:43 | INFO incoming | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; Remote address: 192.168.1.35; Recipients:
> [[email protected]]; Subject:
> >> test ; Message-ID:
> >> <[email protected]>;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO Subject filter is disabled for the sender;
> >> MailID: 0121f9cf-f632-4077-a39e-ce065089269c
> >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO postSubjectFilter state | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; (mitm.application.djigzo.james.mailets.Log)
> [Spool Thread
> >> #2]
> >>> 26 Oct 2012 16:09:43 | INFO external state | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; (mitm.application.djigzo.james.mailets.Log)
> [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO DLP is disabled for the sender; MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c
> >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO postDLP state | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; (mitm.application.djigzo.james.mailets.Log)
> [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO "subject trigger" is disabled for the
> >> sender; MailID: 0121f9cf-f632-4077-a39e-ce065089269c
> >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO checkForceEncryptHeader state | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; (mitm.application.djigzo.james.mailets.Log)
> [Spool
> >> Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO "force encrypt header trigger" is disabled
> >> for the sender; MailID: 0121f9cf-f632-4077-a39e-ce065089269c
> >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO checkEncryptMode state | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; (mitm.application.djigzo.james.mailets.Log)
> [Spool Thread
> >> #2]
> >>> 26 Oct 2012 16:09:43 | INFO "encrypt mode" is force for the
> >> recipient(s); MailID: 0121f9cf-f632-4077-a39e-ce065089269c
> >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO checkSMIME state | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; (mitm.application.djigzo.james.mailets.Log)
> [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO checkPDFEncrypt state | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; (mitm.application.djigzo.james.mailets.Log)
> [Spool Thread
> >> #2]
> >>> 26 Oct 2012 16:09:43 | INFO PDF encryption is disabled for the
> >> recipient(s); MailID: 0121f9cf-f632-4077-a39e-ce065089269c
> >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO checkMustEncrypt state | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; (mitm.application.djigzo.james.mailets.Log)
> [Spool Thread
> >> #2]
> >>> 26 Oct 2012 16:09:43 | INFO Force signing not allowed for sender;
> >> MailID: 0121f9cf-f632-4077-a39e-ce065089269c
> >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO checkSMIMESign state | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; (mitm.application.djigzo.james.mailets.Log)
> [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO "only sign when encrypt" is enabled for
> the
> >> sender. S/MIME signing will be skipped; MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c
> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
> >>> 26 Oct 2012 16:09:43 | INFO transport state | MailID:
> >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected];
> Sender:
> >> [email protected]; Remote address: 192.168.1.35; Recipients:
> [[email protected]];
> >> Subject: test ; Message-ID:
> >> <[email protected]>;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
> >>> 26 Oct 2012 16:09:47 | INFO Cleaning Key Cache. Cache size: 0
> >> (mitm.common.cache.KeyCacheImpl) [KeyCacheImpl Thread]
> >>
> >> A couple of questions
> >>
> >> 1. Can you check whether you have selected the certificate as
> encryption
> >> certificate for the external domain?
> >>
> >> 2. Is the domain certificate trusted? i.e., not shown with a gray
> >> background but with a white background?
> >>
> >> 3. I see that you have set encrypt mode to "Force". That might be on
> >> purpose but if your intention is to have mandatory encryption when
> >> sending to that domain, you should set encrypt mode to "Mandatory"
> >>
> >> Kind regards,
> >>
> >> Martijn
> >>
> > Hi Martijn,
> >
> > thanks for your fast reply :o)
> >
> > 1.yes ist is as encryption used, not for signing
> >
> > 2. as you mentioned it now, the background is grey. how can I make it a
> white one ? (I wasn`t aware of it)
> 
> If you click the certificate subject and view the certificate it tells 
> you why it's not trusted.
> 
> If it is because the complete cert chain cannot be found (i.e. an 
> intermediate or root is missing) and you cannot install the intermediate 
> or the root, you can manually make a certificate valid by white listing 
> the certificate. You can do this by placing the certificate on the 
> certificate trust list (CTL) with white listing selected. CLick the 
> certificate, on the certificate view page, click "add to CTL". Then set 
> the status to "White list".
> 
> regards,
> 
> Martijn
>

Hi Martijn,

yes, there was a problem in the certification path, but know with the 
whitelisting everything runs fine.

Thanks for your support and your great gateway !

fatcharly


 
> -- 
> DJIGZO email encryption
> _______________________________________________
> Users mailing list
> [email protected]
> http://lists.djigzo.com/lists/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.djigzo.com/lists/listinfo/users

Re: [Djigzo users] Problem with the encryption on domain rule

Reply via email to