On 03/04/2014 06:11 PM, de Longpre, Dale wrote:
> Martin, Thank you for your response and your everything else you are
> doing. This is an awesome system and I spread the word whenever I
> can.
>
> We have some of our business partners who want certain topics
> encrypted when you communicate with them but not everything because
> of the issues with having certificates on all of their devices.
> For example when I send a message to 3 addresses, [email protected],
> [email protected] and [email protected] and the subject is "lunch" then
> the message need not be encrypted to anyone. When the subject is
> "secret deal" (subject trigger Secret), Cindy requires that message
> be encrypted but the other 2 don't support it. With the keyword
> being on the Sender the messages to Joe and Bob bounce and unable to
> encrypt but it works great for Cindy. This is why we were looking
> for the subject trigger to require encryption to be on the recipient
> domain instead of the senders domain. We ended up only routing
> outgoing mail via djigzo with domains that we know can support smime
> and all incoming mail through it.
The reason why the subject trigger is only a sender option is that the
sender is the one that determines whether the message must be encrypted
and if so, the system will enforce this. This doesn't mean your use case
isn't correct but for the default setup the current behaviour is in my
view the best trade-off between usability and security.
You can however manually change the way the system handles email. You
need to edit the file config.xml
(/usr/share/djigzo/conf/james/SAR-INF/config.xml).
You need to add a new rule just below the following rule:
<!-- check if the sender is allowed to trigger encryption using the
subject -->
<mailet
match="SenderEvaluateUserProperty=matchOnError=true,#{user.subjectTriggerEnabled}!='true'"
class="GotoProcessor">
<log> "subject trigger" is disabled for the sender </log>
<processor> checkForceEncryptHeader </processor>
</mailet>
Note: due to line lengths the xml snippet is a bit compressed
You need to add this rule below the above rule:
<!-- check if the recipient is allowed to trigger encryption using
the subject -->
<mailet
match="RecipientEvaluateUserProperty=matchOnError=true,#{user.subjectTriggerEnabled}!='true'"
class="GotoProcessor">
<log> "subject trigger" is disabled for the recipient </log>
<processor> checkForceEncryptHeader </processor>
</mailet>
The above rule will check whether the subject trigger is disabled for
the recipient.
After adding the rule you need to restart the back-end
sudo /etc/init.d/djigzo restart
If you did not make any mistake, email sent with a subject trigger will
no longer bounce for recipients for which the subject trigger is disabled.
Kind regards,
Martijn Brinkers
--
DJIGZO email encryption
_______________________________________________
Users mailing list
[email protected]
https://lists.djigzo.com/lists/listinfo/users
