Good Morning Thomas,
I want to try this feature.
Thank You,
Davide Yachaya
> Il giorno 15/set/2015, alle ore 16:12, Thomas Eckardt
> <thomas.ecka...@thockar.com> ha scritto:
>
> Hi all,
>
> I've developed an extension for the ASSP_AFC.pm plugin - ASSP_AFCSMIME.
> This extension makes it possible to SMIME sign all or specified corporate
> or privat emails with a single certificate, instead having a privat
> certficate for each user.
>
> The first version of this feature was developed in 07/2014 and has now
> reached version 4.07 of ASSP_AFC.pm.
>
> This feature is the first NOT public licensed feature in assp - it
> requires one license per assp installation.
> To prevent any question: Until now, I've made no decision about the
> license model (per install, per domain, per user, per mail .... ?) - also
> a possibly pricing model is not fixed jet.
>
> I only want to know, if someone wants to try this feature - if so, email
> me to my privat email address. Please include 'SMIME' in the subject
>
> An brief description of the feature is at the bottom of this mail. Also a
> short description about, how corporate SMIME signing works.
>
> Thomas
>
>
> 'ASSP_AFCSMIME','SMIME sign outgoing mails*'
>
> If configured, outgoing mails will be digitaly signed according to the
> SMIME specifications.
> It is possible to configure privat and/or corporate signatures. In any
> case, the "file:" option must be used - specify one configuration per
> line.
> The domain or user is separated by "=>" from the signing
> configuration/policy. It is possible to use group definitions of domains
> and users using the [ Groups ] option. Define one line per domain or user
> or group.
> Configuration entries are separated by comma.
> Configuration entry pairs (tag and value) are separated by "=".
> File definitions for the certificate and privat key have to include the
> full path to the file! Certificate and privat key have to be provided in
> PEM format
> If you exchange any certificate or key file, click "Edit file" and save
> the file again to force a reload of the internal certificate store.
> The domain / user part accepts full email addresses , domains and groups
> - wildcards are supported and must be used for domain definitions.
> The domain / user part is compaired to the envelope sender - the first
> matching entry (in reverse generic order) will be used. Entries starting
> with a minus sign, explicit exclude the domain/user/group from SMIME
> processing.
>
> certfile - is required and specifys the full path to the certificate to
> use. The subject of the certificate has to include a valid email address.
> In normal case, this email address is specified by the cert-subject-tag
> "emailAddress". The "FROM:" address in the mail header will be replaced by
> this email address and a "Reply-To:" line with the original sender is
> added (or replaced) to the mail header.
> If the subject of the certificate specifys the email address in another
> tag, define this tag (NOT the email address) after "emailaddress=".
>
> keyfile - is required and specifys the full path to the file that
> contains the privat key
>
> keypass - the tag is required, the value is optional - defines the
> password required (or not) for the privat key
>
> emailaddress - is optional - please read "certfile"
> rcpt - is optional - include/[-]exclude mails to specified users and/or
> domains (recipients) - to exclude addresses, write a minus in front -
> separate multiple entries by space<br >
>
> examples:
>
> - (1) user@your.domain => certfile=/certs/user_cert.pem,
> keyfile=/certs/user_key.pem, keypass=, rcpt=-otheruser@other.domain
> - (2) *your.domain => certfile=/certs/corporate_cert.pem,
> keyfile=/certs/corporate_key.pem, keypass=mypassword
> - (3) *@your.domain => certfile=/certs/corporate_cert.pem,
> keyfile=/certs/corporate_key.pem, keypass= , emailaddress=Email
> - (4) -user4@your.domain
> - (5) -*@*.your.domain
> - (6) -[no_smime]
>
> The first example specifys a privat signing policy which exclude the
> recipient otheruser@other.domain, the second and third example specifys a
> corporate signing policy (with and without subdomains). The fourth example
> excludes the user "user4@your.domain" from SMIME processing. The fives
> example excludes all subdomains of "your.domain" from SMIME processing.
> The last example excludes all domains, subdomains and users defined in the
> group "[no_smime]" from SMIME processing.
>
> corporate SMIME signing:
>
> Assume we define the following configuration line:
>
> *@your.domain.com => certfile=/certs/corporate_cert.pem,
> keyfile=/certs/corporate_key.pem, keypass=
>
> Now let's say, the subject of the specified certificate
> (corporate_cert.pem) contains
> .../emailAddress=central.off...@your.domain.com/...
> Your local user "mark.schm...@your.domain.com" sends a mail to an
> external recipient. The related mail header is:
>
> From: "Mark Schmitz" <mark.schm...@your.domain.com>
> Disposition-Notification-To: <mark.schm...@your.domain.com>
>
> After SMIME signing the mail, the related mail headers are the following:
>
> From: "Mark Schmitz" <central.off...@your.domain.com>
> Disposition-Notification-To: <mark.schm...@your.domain.com>
> Reply-To: <mark.schm...@your.domain.com>
> References: assp-corp-smime-mark.schm...@your.domain.com
>
> The mail client of the recipient will validate the signature against the
> "From" address - which corresponds to the email address specified in the
> subject of the certificate -> VALID
> Pressing the "REPLY/ANSWER" button, the mail client of the recipient will
> provide "mark.schm...@your.domain.com" as recipient address (To:) for the
> answer, using the entry in the "Reply-To:" header.
> Notice, that some bad and/or older mail clients are ignoring the
> "Reply-To:" header tag - in such case an answered mail will go to
> "central.off...@your.domain.com".
> ASSP will help you a bit to prevent this. In addition to the required
> mail header changes, assp will add or enhance the "References:" mail
> header tag with a value of "assp-corp-smime-EMAILADDRESS" , where
> EMAILADDRESS is the original sender address.
> If assp receives an answered mail, it will look for such an entry in the
> mail header and will add the found email address to the "To" header, if it
> is not already found there.
>
>
--
Dott.Davide Yachaya
HyperGrid s.r.l.
V.le Golgi 63 - 27100 Pavia - ITALY http://www.hypergrid.it
Tel: +39-0382-528875 skype: hypercentralino
Fax: +39-0382-049303 E-mail: dav...@hypergrid.it
------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
