Hello I was reviewing bugs for Jessie and saw your issue and had a few ideas to check.
You say it sometimes works. Does whether or not it works vary depending on which identity you're sending from and who you're sending to? Is there any chance it started failing when CACert was removed from Debian's ca-certificate database? I tried to set up an S/MIME certificate and had to load the entire chain for the certificate to be valid. Your screenshot seems to imply your gmail identity is loaded correctly, but do you have other identities that may not be fully configured? (If part of the chain is missing the missing certificate should be greyed out in the chain detail view). I discovered while trying to send myself an S/MIME encrypted email, that in in addition to configuring the certificate under KMail's Identities. I also needed to set the certificate to use in Edit Contact Crypto Settings. Also under Message Preferences I suspect the "Always Encrypt If Available" option might cause the behavior you described. My other thought for what might be wrong is what happens if certificate checking was enabled but you didn't have network access. What are your settings under "Configure KMail -> Security -> S/MIME Validation" The last thought is KMail's S/MIME support requires gpgsm to be installed, Is it? Also I'm going to try to sign this message with S/Mime. Could you email me directly to see if its working? I'm using a startcom class 1 certificate for this test. Diane
smime.p7s
Description: S/MIME cryptographic signature
