smime webapp kopano

Hi everyone,

I am using smime to sign my email (not encrypt). I uploaded the certificate in the kopano webapp ans install the certificate on my iphone. When i send an email and sign it from kopano webapp the mail comes in as untrusted. If i send an mail from my iphone it comes in as trusted.

How can i resolve this?

marty

Could you post the versions you are using.
How does the mail look webapp -> webapp?

@marty

Hi marty,

I yuse the latest nightly build. Of i mail from webapp to webapp iT is ok. Of i mail from webapp to outlook iT is not ok?

@marty

Smime plugin version is 1.0

When sending from webapp to outlouk

0_1536253479678_cd4ec897-a885-43cc-b6df-89f6d8774606-image.png

From webapp to webapp

0_1536253504540_4f081fbc-ee22-45df-8cf9-a02e63e1c72d-image.png

from iphone to outlook:

0_1536253588771_862c9ee1-ddd0-4b9a-b9a6-2fe652474e13-image.png

So when:

from webapp to other clients then webapp it is nog signed correct
From iphone to clients is ok
From webapp to webapp is ok

Anyone that can help with this?

Studi

I have had similar experiences with exim as local mailer. See my topic here:
https://forum.kopano.io/topic/1097/s-mime-signed-mails-showing-unsigned

Which MTA do you use?

@Studi

Hi i use Postfix

@studi

I do not think that that is the problem. If i send from webapp to iPhone or outlook iT is not trusted. But in webapp iT tels me that iT is ok AMD trusted. If i send a mail from my iPhone to Any cliënt iT tells me that it is trusted.

IT seems to be a bug in webapp. Webapp to webapp is ok but webapp to any other cliënt iT is not ok. If i send from any other cliënt but webapp iT is ok

Studi

When using Postfix as local mailer I have no problems with S/MIME signed messages sending from WebbApp to external. I am using the current final release, not the nightly build.
What I have seen is, that the CA-Root Cert is not included when sending from WebbApp. Outlook includes the full certificate chain in the smime.p7s attachment. Maybe this could make problems with some mail clients.

Anybody here who is using S/MIME and can reproduce this?

thctlo

i quote @ckruijntjens : When i send an email and sign it from kopano webapp the mail comes in as untrusted

can you post the output of apache2ctl -t -D DUMP_VHOSTS
My guess is you are not using a vhost config like : <VirtualHost 192.168.0.1:443 99.50.10.1:443>
And you internal side is not responding with the correct certificates

@thctlo

Hi i use centos. What do i need to do with virtualhost?

@thctlo if i understand correctly. I have uploaded the certificate to webapp. how does this involve with servername inside apache?

@thctlo

it all works except when i mail from the webapp. ?

thctlo

@ckruijntjens,
just a check for the servernames and certs, thats was why im asking.

The imported smime cert is a p12 (pfx) with the full chain?
and/or is the Root cert available on the computer?

you could try to verify you cert with gmail.
here is an example how. https://gist.github.com/essandess/395446556afea7334826e9df74f85edf
just to make sure its not in your certs.

@thctlo

Hi its ondead a p12 Pfx certificate. I installed iT on my iPhone and in outlook. If i send mail from these devices all is ok and trusted. Except when sending from webapp. However in webapp i installed the same certificate

Hi,

did you prepare your WebApp as described here: https://documentation.kopano.io/webapp_smime_manual/install_ca.html ?
My S/MIME in WebApp works for me as expected.
.

@walterhof

Yes i have done this. my certificate comes from comodo.

@walterhof nevermind. i tested some further and it seems that the incoming mailserver does something to the mail from the mailaccount that tels me that the mail is untrusted. if i send to other mailservers all is wel.

marnoeBT

I have the same problem
send via webapp or deskapp works, but the receiver gets the indication that the mail could be manipulated.

via ios it works perfectly and signed correctly.

only clue when sending via web / deskapp is the e-mail header, here are 2 entries for Mime version

##########

X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: “MIME-Version”
Subject: TEST
From: " anonymisiert " anonym@anonym.de
To: “anonym@gmail.com” anonym@gmail.com
Date: Fri, 28 Dec 2018 13:13:27 +0000
Mime-Version: 1.0
X-Priority: 3 (Normal)
Message-Id: kcis.ID@anonym
MIME-Version: 1.0
Content-Type: multipart/signed; protocol=“application/x-pkcs7-signature”; micalg=“sha-256”; boundary="----88A2CFE0C5AF6C2296458FD5099A2592"

------88A2CFE0C5AF6C2296458FD5099A2592
Subject: TEST
From: " anonymisiert " anonym@anonym.de
To: “anonym@gmail.com” anonym@gmail.com
Date: Fri, 28 Dec 2018 13:13:26 +0000
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_S5y9yi0RKu2v32h4RxMkjB3kCwTUbrgVJBf8rcSRt6UGHFCO"
X-Priority: 3 (Normal)
Message-Id: <kcis.ID.anonym.de>

########

specifications:
debian9
php-kopano-smime 1.0.00+14.3
kopano-webapp 3.5.1.2067+1139.1
kopano-server 8.7.80.355.acad8ae1e-0+26.1

any ideas or workarounds?

@marnoeBT

nope i also still have the same isue.