Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 10359 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Gateway Encryption between ASG and Outlook 2010

Krycek
Hello everyone,

I'm back on the encryption problem.

I spent the last 2 days doing tests and research. This is what we found out:

The (s/mime) encryption in general is pretty nifty and works in most cases. You can import internal user certificates and use those for encryption and you can import the external user's public key or have it automatically removed from a signed email and checked by the ASG.

This works if the partner that sends emails to the asg (or an email server/exchange behind it) uses Outlook 2003, 2007 or Thunderbird.

However it does NOT work if the user is using Outlook 2010 to encrypt the mails. They will be encrypted, but astaro is not decrypting them. Everything else is the same. ALl the same certificates and settings. If I just sign the emails with Outlook 2010 the ASG is able to check and remove that certificate. Just encryption doesn't work.

Does anyone have any idea what this could be about? Maybe even a bug?

Chris


This thread was automatically locked due to age.
Parents
  • 0
    After testing with wingman again (Thank you so much for your time again!) we encountered the same problem. He used outlook 2010 to encrypt and message me and the astaro didn't catch it although all the necessary certificates have been (automatically) imported.
    My reseller has send this to astaro but it seems they're not treating this as a bug yet. Or maybe it's not serious enough for them. Don't know. I just would LOVE to use this functionality but can't :-(
  • 0 in reply to Krycek
    same problem here.

    Outlook 2010 mails are not decrypted.
    [HTML][emailenc] SMIME | processing inbound message ----------------------------------
    [emailenc] SMIME | Infile:       spool/work/1OqKxZ-0006mV-1j.eml
    [emailenc] SMIME | Outfile:      spool/work/12xjPc-0006mV-1j.eml
    [emailenc] SMIME | Verify:       1
    [emailenc] SMIME | Decrypt:      1
    [emailenc] SMIME | Cert Import:  1
    [emailenc] SMIME | Sender FP:    5DC08B2430B473EC0F32C0930CD5185580A18715
    [emailenc] SMIME | Recipient FP: 3362579CF28826DDBBBE2431B72FC8025146D21B
    [emailenc] SMIME | Calling OpenSSL for decryption ------------
    Error reading S/MIME message
    26080:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1282:
    26080:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=PKCS7_ISSUER_AND_SERIAL
    26080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:Field=issuer_and_serial, Type=PKCS7_RECIP_INFO
    26080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:704:Field=recipientinfo, Type=PKCS7_ENVELOPE
    26080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:
    26080:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:572:Field=d.enveloped, Type=PKCS7
    26080:error:21078082[[[[:P]]]]KCS7 routines:B64_READ_PKCS7[:D]ecode error[[[[:P]]]]k7_mime.c:140:
    26080:error:2107A08B[[[[:P]]]]KCS7 routines:SMIME_read_PKCS7[[[[:P]]]]kcs7 parse error[[[[:P]]]]k7_mime.c:373:
    [emailenc] SMIME | Decrypt failed, rc is 3
    [emailenc] SMIME | Calling OpenSSL pkcs7 extraction ----------
    Error reading S/MIME message
    26081:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1282:
    26081:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=PKCS7_ISSUER_AND_SERIAL
    26081:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:Field=issuer_and_serial, Type=PKCS7_RECIP_INFO
    26081:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:704:Field=recipientinfo, Type=PKCS7_ENVELOPE
    26081:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:
    26081:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:572:Field=d.enveloped, Type=PKCS7
    26081:error:21078082[[[[:P]]]]KCS7 routines:B64_READ_PKCS7[:D]ecode error[[[[:P]]]]k7_mime.c:140:
    26081:error:2107A08B[[[[:P]]]]KCS7 routines:SMIME_read_PKCS7[[[[:P]]]]kcs7 parse error[[[[:P]]]]k7_mime.c:373:
    [emailenc] SMIME | No pkcs7 container found
    [emailenc] SMIME | Calling OpenSSL for verification ----------
    [emailenc] SMIME | Have explicit cert
    Error reading S/MIME message
    [/HTML]

    Case is open
  • 0 in reply to MMU
    same problem here.

    Outlook 2010 mails are not decrypted.
    [HTML][emailenc] SMIME | processing inbound message ----------------------------------
    [emailenc] SMIME | Infile:       spool/work/1OqKxZ-0006mV-1j.eml
    [emailenc] SMIME | Outfile:      spool/work/12xjPc-0006mV-1j.eml
    [emailenc] SMIME | Verify:       1
    [emailenc] SMIME | Decrypt:      1
    [emailenc] SMIME | Cert Import:  1
    [emailenc] SMIME | Sender FP:    5DC08B2430B473EC0F32C0930CD5185580A18715
    [emailenc] SMIME | Recipient FP: 3362579CF28826DDBBBE2431B72FC8025146D21B
    [emailenc] SMIME | Calling OpenSSL for decryption ------------
    Error reading S/MIME message
    26080:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1282:
    26080:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=PKCS7_ISSUER_AND_SERIAL
    26080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:Field=issuer_and_serial, Type=PKCS7_RECIP_INFO
    26080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:704:Field=recipientinfo, Type=PKCS7_ENVELOPE
    26080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:
    26080:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:572:Field=d.enveloped, Type=PKCS7
    26080:error:21078082[[[[:P]]]]KCS7 routines:B64_READ_PKCS7[:D]ecode error[[[[:P]]]]k7_mime.c:140:
    26080:error:2107A08B[[[[:P]]]]KCS7 routines:SMIME_read_PKCS7[[[[:P]]]]kcs7 parse error[[[[:P]]]]k7_mime.c:373:
    [emailenc] SMIME | Decrypt failed, rc is 3
    [emailenc] SMIME | Calling OpenSSL pkcs7 extraction ----------
    Error reading S/MIME message
    26081:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1282:
    26081:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=PKCS7_ISSUER_AND_SERIAL
    26081:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:Field=issuer_and_serial, Type=PKCS7_RECIP_INFO
    26081:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:704:Field=recipientinfo, Type=PKCS7_ENVELOPE
    26081:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:
    26081:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:572:Field=d.enveloped, Type=PKCS7
    26081:error:21078082[[[[:P]]]]KCS7 routines:B64_READ_PKCS7[:D]ecode error[[[[:P]]]]k7_mime.c:140:
    26081:error:2107A08B[[[[:P]]]]KCS7 routines:SMIME_read_PKCS7[[[[:P]]]]kcs7 parse error[[[[:P]]]]k7_mime.c:373:
    [emailenc] SMIME | No pkcs7 container found
    [emailenc] SMIME | Calling OpenSSL for verification ----------
    [emailenc] SMIME | Have explicit cert
    Error reading S/MIME message
    [/HTML]

    Case is open


    How did you increase the logging level so to get reports for the certificates? This should be a great workaround as at the moment the logging doesn't invlove S/MIME info
Reply
  • 0 in reply to MMU
    same problem here.

    Outlook 2010 mails are not decrypted.
    [HTML][emailenc] SMIME | processing inbound message ----------------------------------
    [emailenc] SMIME | Infile:       spool/work/1OqKxZ-0006mV-1j.eml
    [emailenc] SMIME | Outfile:      spool/work/12xjPc-0006mV-1j.eml
    [emailenc] SMIME | Verify:       1
    [emailenc] SMIME | Decrypt:      1
    [emailenc] SMIME | Cert Import:  1
    [emailenc] SMIME | Sender FP:    5DC08B2430B473EC0F32C0930CD5185580A18715
    [emailenc] SMIME | Recipient FP: 3362579CF28826DDBBBE2431B72FC8025146D21B
    [emailenc] SMIME | Calling OpenSSL for decryption ------------
    Error reading S/MIME message
    26080:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1282:
    26080:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=PKCS7_ISSUER_AND_SERIAL
    26080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:Field=issuer_and_serial, Type=PKCS7_RECIP_INFO
    26080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:704:Field=recipientinfo, Type=PKCS7_ENVELOPE
    26080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:
    26080:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:572:Field=d.enveloped, Type=PKCS7
    26080:error:21078082[[[[:P]]]]KCS7 routines:B64_READ_PKCS7[:D]ecode error[[[[:P]]]]k7_mime.c:140:
    26080:error:2107A08B[[[[:P]]]]KCS7 routines:SMIME_read_PKCS7[[[[:P]]]]kcs7 parse error[[[[:P]]]]k7_mime.c:373:
    [emailenc] SMIME | Decrypt failed, rc is 3
    [emailenc] SMIME | Calling OpenSSL pkcs7 extraction ----------
    Error reading S/MIME message
    26081:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1282:
    26081:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=PKCS7_ISSUER_AND_SERIAL
    26081:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:Field=issuer_and_serial, Type=PKCS7_RECIP_INFO
    26081:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:704:Field=recipientinfo, Type=PKCS7_ENVELOPE
    26081:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:743:
    26081:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:572:Field=d.enveloped, Type=PKCS7
    26081:error:21078082[[[[:P]]]]KCS7 routines:B64_READ_PKCS7[:D]ecode error[[[[:P]]]]k7_mime.c:140:
    26081:error:2107A08B[[[[:P]]]]KCS7 routines:SMIME_read_PKCS7[[[[:P]]]]kcs7 parse error[[[[:P]]]]k7_mime.c:373:
    [emailenc] SMIME | No pkcs7 container found
    [emailenc] SMIME | Calling OpenSSL for verification ----------
    [emailenc] SMIME | Have explicit cert
    Error reading S/MIME message
    [/HTML]

    Case is open


    How did you increase the logging level so to get reports for the certificates? This should be a great workaround as at the moment the logging doesn't invlove S/MIME info
Children
  • 0 in reply to wingman
    Hi,
    I get a confirmation from astaro.

    The Problem is only with Outlook 2010.

    The workaround  MS KB2142236 works for me.

    To debug the SMTP_log for cert messages :

    vi /var/mdw/scripts/smtp

    -look for :

    # Run SMTPd
    chroot $CHROOT /bin/smtpd.bin $WORKER

    -change to:

    # Run SMTPd
    chroot $CHROOT /bin/smtpd.bin $WORKER --debug

    - save to changes and restart to daemon.
    /var/mdw/scripts/smtp restart

    your log is at :
    /var/chroot-smtp/tmp/smtpd_debug.log 

    don't forget to clear the debug level!!!!

    Michael
Cookie Information Banner