[7.403]Question: EMAIL Encryption

wingman · #1 (**permalink**) 06-14-2009, 02:56 PM

Hi All

I've read the relevant kb for the email encryption and I've just finished the configuration...well i think!

1)It it true that for email encryption(encrypt outgoing mail) to work you have to have your own mail server (smtp proxy)?
2)Do you have to have either S/MIME or Open pgp defined for a user or can you use still use both(if both are used,which one is used)?
3)Under the C/MIME Authorities, I have no authority imported so far so I guess I am working with open PGP,right?
4)I am using PGP directory to locate public PGP for users but I can;t find them. Even If I have the fingerprint, I still can't

Could someone help me validate the settings? (ie. Exchange keys and send him a dumb email to check whether it's signed/ encrypted etc)

My understanding is that I don't have to configure the email clients.I am hoping that the above make sense!

Thanks

wingman · #2 (**permalink**) 06-14-2009, 09:08 PM

Just a quick update on the thread I've opened

It seems that on version 7.403 Astaro is unable to automatically import the C/MIME certificate (I had to manually import it)

tkaufi · #3 (**permalink**) 06-15-2009, 10:31 AM

Hi,

I´m using encryption since 7.2x and it works fine.
Trying to answer your questions:

Quote:

Originally Posted by wingman

Hi All

1)It it true that for email encryption(encrypt outgoing mail) to work you have to have your own mail server (smtp proxy)?

Im using a own mailserver and the astaro as an smtp prox, but i think it must be working too, if you´re using the astaro as pop/imap server.

Quote:

2)Do you have to have either S/MIME or Open pgp defined for a user or can you use still use both(if both are used,which one is used)?

I´m using Open PGP for the users, that means creating an user within astaro and change the pgp keys with the external sender/receiver, which has to be defined.

Quote:

3)Under the C/MIME Authorities, I have no authority imported so far so I guess I am working with open PGP,right?

no clue about this, but i think so.

Quote:

4)I am using PGP directory to locate public PGP for users but I can;t find them. Even If I have the fingerprint, I still can't

Could someone help me validate the settings? (ie. Exchange keys and send him a dumb email to check whether it's signed/ encrypted etc)

yes, whenever you want, we can test it

Quote:

My understanding is that I don't have to configure the email clients.I am hoping that the above make sense!

thats quite right, no change to the clients.

BAlfson · #4 (**permalink**) 06-15-2009, 02:40 PM

I had some anomalies with importing certs and keys in 7.403. The problems were resolved with a reboot. This was the first reboot since Up2Dating from 7.402 to 7.403.

Astaro, I think there's a problem with some failure to load everything after a restore or an Up2Date. The temporary fix seems to be to reboot afterwards. The fact that rebooting solves this problems is not a reason to ignore its existence.

Cheers - Bob

pgruber · #5 (**permalink**) 06-15-2009, 02:57 PM

Quote:

2)Do you have to have either S/MIME or Open pgp defined for a user or can you use still use both(if both are used,which one is used)?

You can use both. To send encrypted mails, you need to import the recipient's public key. The ASG will always use the protocol, for which it finds a public key, so it will depend on the recipient.
If you have S/MIME and PGP keys for a recipient, S/MIME will be preferred over PGP.

wingman · #6 (**permalink**) 06-15-2009, 08:33 PM

thx for the answers everyone. I don't have an internal mail server and thus I am not using SMTP at all. I am using pop proxy though.

BAlfson · #7 (**permalink**) 06-15-2009, 11:06 PM

I think, since you have your own domain, and thus control over sending from it, you can output SMTP email from your Astaro. That should allow you to sign & encrypt emails from that domain.

wingman · #8 (**permalink**) 06-15-2009, 11:22 PM

well that's what i thought but I can't see any indication whatsoever that I am using either signed or encrypted email

BAlfson · #9 (**permalink**) 06-15-2009, 11:42 PM

Can you show a pic of the 'Authenticated relay' and 'Host-based relay' sections of the 'Relaying' tab of SMTP? At the bottom of the 'Advanced' tab, show your 'Smarthost settings'.

Cheers - Bob

wingman · #10 (**permalink**) 06-15-2009, 11:47 PM

I don't have SMTP proxy enabled at all!!!

I assume that all emails I want to be signed should be relayed b the smtp proxy right?

Unfortunately, My when I send an email my IP is DUL (trend micro engine). I think it's BT 's issue