On 03/22/2015 01:00 AM, Laz C. Peterson wrote: > Well, after some beating my head into the wall (that usually works), > I’ve decided to just set up Ciphermail as a separate server again and > set submission and smtps to proxy into Ciphermail’s smtp. A little > hairy, but it works. > > The internal domain aliases was really making things difficult.
In most cases, running the CipherMail gateway as a separate instance is advised since it makes things easier to configure. Nowadays with virtualization like VMware, running an extra VM instance is relatively simple. > For the second issue, I am deciding to configure default settings for > no encryption services, and then enable encryption on a per-domain > basis. Have not tried anything yet, but maybe someone has some > insight on the best way to accomplish this? You somehow need to distinguish between senders requiring encryption and those who do not need encryption. Typically this is done based on the senders domain like you suggested. If you only want encryption based on for example whether the user was authenticated or not (via SASL) you might see whether you can instruct Postfix to only send email to the CipherMail box when the user was authenticated. Not sure whether that is easy to configure though. Kind regards, Martijn Brinkers > ~ Laz Peterson Paravis, LLC > >> On Mar 20, 2015, at 8:41 PM, Laz C. Peterson <[email protected]> >> wrote: >> >> Hello all, >> >> I’ve got an issue here that I would really appreciate some help >> with. We are running Ubuntu 14.04, Postfix, Dovecot and >> Ciphermail, everything updated — all mail and authentication >> services are functioning normal. >> >> First … Dovecot is the LDA and we have virtual users and virtual >> domains. Some of these domains are aliases of non-routable Windows >> AD domains. For example, [email protected] <mailto:[email protected]> -> >> [email protected] <mailto:[email protected]> … Ciphermail creates >> accounts for the internal domain instead of the address that the >> email was initially addressed to, and this confuses the users. How >> do we configure Ciphermail/Postfix to make sure that Ciphermail >> processes the account using the alias domain (what is in the >> original To:) that the user is familiar with? >> >> Second … Since Ciphermail is running on the same mail server that >> is accepting incoming mail from the internet, whether or not it is >> encrypted, it is still processing the queue. We have created a tag >> (“[encrypt]”) that flags an email to be processed by Ciphermail, >> with the intention of that function being available for only >> internal domains — or more precisely, for SASL authenticated users >> — but it services encryption for any random external user or domain >> as long as they put the same tag in the subject line. How can we >> avoid this happening? >> >> Thank you so much for any insight. >> >> ~ Laz Peterson Paravis, LLC >> _______________________________________________ Users mailing list >> [email protected] >> https://lists.djigzo.com/lists/listinfo/users > > _______________________________________________ Users mailing list > [email protected] https://lists.djigzo.com/lists/listinfo/users > -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
