-------- Original-Nachricht -------- > Datum: Fri, 26 Oct 2012 18:02:54 +0200 > Von: Martijn Brinkers <[email protected]> > An: [email protected] > Betreff: Re: [Djigzo users] Problem with the encryption on domain rule
> On 10/26/2012 05:03 PM, [email protected] wrote: > > -------- Original-Nachricht -------- > >> Datum: Fri, 26 Oct 2012 16:49:13 +0200 > >> Von: Martijn Brinkers <[email protected]> > >> An: [email protected] > >> Betreff: Re: [Djigzo users] Problem with the encryption on domain rule > > > >> On 10/26/2012 04:33 PM, [email protected] wrote: > >>> I´m using the latest djigzo on a CentOS 6.3. I have a domain with a > >> certificate to encrypt, but none of the mails which are going through > the > >> gateway are encrypted. Here is the log output, maybe somebody can tell > me why > >> it´s not working: > >>> > >>> 26 Oct 2012 16:09:43 | INFO incoming | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; Remote address: 192.168.1.35; Recipients: > [[email protected]]; Subject: > >> test ; Message-ID: > >> <[email protected]>; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO Subject filter is disabled for the sender; > >> MailID: 0121f9cf-f632-4077-a39e-ce065089269c > >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO postSubjectFilter state | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; (mitm.application.djigzo.james.mailets.Log) > [Spool Thread > >> #2] > >>> 26 Oct 2012 16:09:43 | INFO external state | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; (mitm.application.djigzo.james.mailets.Log) > [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO DLP is disabled for the sender; MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c > >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO postDLP state | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; (mitm.application.djigzo.james.mailets.Log) > [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO "subject trigger" is disabled for the > >> sender; MailID: 0121f9cf-f632-4077-a39e-ce065089269c > >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO checkForceEncryptHeader state | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; (mitm.application.djigzo.james.mailets.Log) > [Spool > >> Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO "force encrypt header trigger" is disabled > >> for the sender; MailID: 0121f9cf-f632-4077-a39e-ce065089269c > >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO checkEncryptMode state | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; (mitm.application.djigzo.james.mailets.Log) > [Spool Thread > >> #2] > >>> 26 Oct 2012 16:09:43 | INFO "encrypt mode" is force for the > >> recipient(s); MailID: 0121f9cf-f632-4077-a39e-ce065089269c > >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO checkSMIME state | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; (mitm.application.djigzo.james.mailets.Log) > [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO checkPDFEncrypt state | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; (mitm.application.djigzo.james.mailets.Log) > [Spool Thread > >> #2] > >>> 26 Oct 2012 16:09:43 | INFO PDF encryption is disabled for the > >> recipient(s); MailID: 0121f9cf-f632-4077-a39e-ce065089269c > >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO checkMustEncrypt state | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; (mitm.application.djigzo.james.mailets.Log) > [Spool Thread > >> #2] > >>> 26 Oct 2012 16:09:43 | INFO Force signing not allowed for sender; > >> MailID: 0121f9cf-f632-4077-a39e-ce065089269c > >> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO checkSMIMESign state | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; (mitm.application.djigzo.james.mailets.Log) > [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO "only sign when encrypt" is enabled for > the > >> sender. S/MIME signing will be skipped; MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c > (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] > >>> 26 Oct 2012 16:09:43 | INFO transport state | MailID: > >> 0121f9cf-f632-4077-a39e-ce065089269c; Originator: [email protected]; > Sender: > >> [email protected]; Remote address: 192.168.1.35; Recipients: > [[email protected]]; > >> Subject: test ; Message-ID: > >> <[email protected]>; > (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] > >>> 26 Oct 2012 16:09:47 | INFO Cleaning Key Cache. Cache size: 0 > >> (mitm.common.cache.KeyCacheImpl) [KeyCacheImpl Thread] > >> > >> A couple of questions > >> > >> 1. Can you check whether you have selected the certificate as > encryption > >> certificate for the external domain? > >> > >> 2. Is the domain certificate trusted? i.e., not shown with a gray > >> background but with a white background? > >> > >> 3. I see that you have set encrypt mode to "Force". That might be on > >> purpose but if your intention is to have mandatory encryption when > >> sending to that domain, you should set encrypt mode to "Mandatory" > >> > >> Kind regards, > >> > >> Martijn > >> > > Hi Martijn, > > > > thanks for your fast reply :o) > > > > 1.yes ist is as encryption used, not for signing > > > > 2. as you mentioned it now, the background is grey. how can I make it a > white one ? (I wasn`t aware of it) > > If you click the certificate subject and view the certificate it tells > you why it's not trusted. > > If it is because the complete cert chain cannot be found (i.e. an > intermediate or root is missing) and you cannot install the intermediate > or the root, you can manually make a certificate valid by white listing > the certificate. You can do this by placing the certificate on the > certificate trust list (CTL) with white listing selected. CLick the > certificate, on the certificate view page, click "add to CTL". Then set > the status to "White list". > > regards, > > Martijn > Hi Martijn, yes, there was a problem in the certification path, but know with the whitelisting everything runs fine. Thanks for your support and your great gateway ! fatcharly > -- > DJIGZO email encryption > _______________________________________________ > Users mailing list > [email protected] > http://lists.djigzo.com/lists/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
