Djigzo

Djigzo email encryption gateway is an email server (MTA) that encrypts and decrypts your incoming and outgoing email. As it works like a general SMTP server, Djigzo is compatible with regular email clients and can work with the already existing email servers. Djigzo is typically installed as a "store and forward" server. Email is therefore only temporarily stored until it is forwarded to it's final destination.

Djigzo currently supports two encryption standards; S/MIME and PDF encryption. S/MIME provides authentication, message integrity and non-repudiation (using X.509 certificates) and protection against message interception. S/MIME uses public key encryption (PKI) for encryption and signing. PDF encryption can be used as a lightweight alternative to S/MIME encryption. PDF allows you to decrypt and read encrypted PDF documents. PDF documents can even contain attachments embedded within the encrypted PDF. The password for the PDF can be manually set per recipient or a password can be randomly generated and sent to the recipient via a SMS Text message.

Djigzo has a built-in CA which you can use to issue X.509 certificates for internal and external users. The external user can use the certificate with any S/MIME capable email client like Outlook, Outlook express, Lotus Notes, Thunderbird, Gmail1 etc.

What is new in this release:

• The PDF option "Send CC to replier" has been added.
• The S/MIME option "Skip import of untrusted certificates" has been added.
• The "Signing subject trigger" option has been added.
• Password strength check/estimate is added.
• French language support has been added to the portal.
• Support for right to left (RTL) has been added.
• Support for multiple SMS transports have been added.
• The DLP scanner now also extracts the meta content of MIME parts.
• Virtual Appliance: backup/restore from the console application.
• Remote samba mount; network setup from the Web GUI.
• Many other changes and improvements.

What is new in version 2.4.0:

• New:
• Sign and encrypt tags can be added to the subject for incoming signed and/or encrypted email (GATEWAY-36)
• Signer and sender address mismatch detection has been added (GATEWAY-21)
• S/MIME encrypt mailet can selectively encrypt headers (this is mainly used in combination with DJIGZO for Android)
• S/MIME encryption and signing algorithm can be set per recipient or domain.
• Simple subject filter added which can be used to filter the subject using a regular expression.
• Locale (i.e., language) can be selected on the portal login and signup page.
• CLI tool added which can be used to set/get user properties from the command line.
• Improvements/Changes:
• The 8.4 PostgreSQL JDBC drivers were not compatible with PostgreSQL 9 (The default version with Ubuntu 12.04). The PostgreSQL JDBC drivers have been updated to 9.X (GATEWAY-56)
• Logging has been improved. More information is logged and color coding has been improved (GATEWAY-42, GATEWAY-26)
• Upgraded to BC 1.47.
• LogLevel OFF added which can be used to completely disable logging for a class.
• Clickatell provider now supports additional parameters.
• Spanish translation for the portal added (translation by Diego A. Fliess)
• Loading speed of the preferences page has been improved.
• The user no longer has to login after the portal signup. The user is automatically logged in after the signup process.
• The packages are now signed with a new gpg key.
• Bug fix:
• sudo added to the RPM spec file as a required package (GATEWAY-55)
• PDF reply should use the Reply-To header (GATEWAY-45)
• Under certain circumstances, unicode characters were incorrectly encoded when replying to a PDF (GATEWAY-48)
• Compatibility with IE9 has been improved (GATEWAY-40)
• The RPM installer now waits for Postgres to be running before continuing the installation.

What is new in version 2.1.1:

• S/MIME setting: "Always use freshest signing certificate".
• PDF setting "Only encrypt if mandatory".
• DLP setting "Quarantine on failed encryption".
• Quarantined emails can now be "released as-is".
• Number of rows the grid should show per page can be set.
• Email in the MTA queue can be filtered.
• The MTA logs are now by default shown in "raw" format.
• Support for charsets not supported "out of the box" by Acrobat reader.
• In S/MIME "strict mode", the message is now always handled by the S/MIME handler.

What is new in version 2.0.1:

• This fixes a problem related to the DLP quarantine queue.
• A fix was made for GATEWAY-15 (https://jira.djigzo.com/browse/GATEWAY-15).
• If a message was placed in quarantine because of a DLP violation and the message-id or from header contained a "%" character, deleting the mail from quarantine resulted in an error.
• This version is only relevant if you are using the DLP functionality and quarantine messages that violate a DLP policy.

What is new in version 2.0.0-7:

• New:
• Data leak prevention (DLP) module added.
• S/MIME strict mode.
• Locally generated notifications are now signed. If a locally generated notification is received by the gateway (for example because of email forwarding) the email is send as-is to prevent mail loops.
• DSN is now supported (DSN is transparently handled by the back-end).
• Header protection can be disabled (GATEWAY-13).
• Improvement:
• workaround for non RFC compliant SKI support from Outlook 2010. For info why this workaround is needed see: Link 1 and Link 2.
• Javamail updated to 1.4.4 final.

What is new in version 1.4.1:

• New:
• The Virtual Appliance now allows you to specify which IP addresses can access the Web Admin login page.
• Bug fix:
• Fix for "The PDF reply portal no longer attaches the uploaded attachment" (GATEWAY-12). This was a regression of a previous bug fix GATEWAY-4.
• Fix for "The telephone number in the subject should be detected before removing the encryption trigger" (GATEWAY-11).

What is new in version 1.4.0:

• New:
• Different certificate request handlers can now be added using a pluggable infrastructure.
• Certificate request handler for Comodo has been added. With the Comodo certificate request handler, certificates from Comodo's managed PKI services (EPKI) can be automatically requested from the gateway.
• Certificates can now be requested in bulk. A comma separated text file containing the request details can be imported. The certificates will be requested using the selected certificate request handler.
• Email encryption header trigger has been added. Encryption of email can be triggered using a pre-defined email header (matched against a regular expression).
• A certificate can now be automatically requested for a sender using the default selected certificate request handler (only if the sender does not yet have a valid certificate with private key).
• Improvement:
• When a large number of certificates were imported (60000 certificates) the certificates view (UI) was no longer 'snappy' enough. The certificate view has been optimized (only noticeable with large number of certificates).
• Some UI menu items are moved to left-hand submenu.
• SMS settings menu item has been moved to the SMS page.
• The message template to edit should now be selected from a drop down select.
• The restart and PDF import attachment wait animation has been replaced with an animated gif.
• Upgraded to new version of CXF. The soap port is now by default only accessible from localhost.
• Added note to Virtual Appliance documentation about reserving memory to prevent swapping (thanks goes to Andreas Beier for his help in finding the cause of spurious crashes when running under ESX when the total memory used by all VMs was larger than the total host memory).
• The Virtual Appliance is upgraded to Ubuntu 10.04 LTS.
• Bug fix:
• The PDF reply URL didn't support unicode characters (only US-ASCII). The reply URL parameters are now UTF-8 encoded. (thanks goes to Benedikt Zorn for finding the problem).
• The PDF reply body didn't support unicode characters. The body is now UTF-8 if the body contains non-ascii characters. This has been reported by Benedikt Zorn.
• When creating certificates, the email address wasn't added to the alternative names (only to the subject).
• The check whether a domain is a valid domain was not strict enough. Domains containing an underscore ("_") are no longer accepted as a valid domain.
• Java wrapper version upgraded to latest version. Sometimes the Java wrapper was not able to automatically restart Djigzo when the wrapper detected that Djigzo wasn't running.
• The Virtual Appliance console update menu items were incorrectly named. The menu items were named "Update" and "Upgrade" but they should have been named "Upgrade" and "Dist-upgrade".
• Importing a PFX file containing a large number of certificates resulted in a timeout.

What is new in version 1.3.2:

• New:
• Subdomain matching can now be set on MTA config page.
• PFX passwords can be stored in the user preferences.
• MTA authentication for external and internal relay host can be set (SASL passwords).
• Virtual appliance has Fetchmail support (disabled by default).
• Improvement:
• Support for IE8 (new release of prototype and script.aculo.us).
• Debian 5 (Lenny) is now supported by the .deb packages.
• Multipart/alternative calendar items are now detected.
• Bug fix:
• When SELinux was enabled and postfix was restarted by Djigzo, postfix sometimes stopped working. This is now fixed.
• Upgrading with the RPM package wasn't working. This has been fixed.
• The owner and file mode of the SSL certificate was reset when upgrading the Debian packages. This has been fixed.

What is new in version 1.3.1:

• New:
• RPM packages for Red Hat/CentOS are now available. Install guides updated with instructions for Red Hat/CentOS.
• S/MIME signatures can be selectively removed.
• S/MIME can selectively be skipped for calendar items (text/calendar). Outlook cannot handle signed or encrypted meeting requests.
• CRL downloader and SMS gateway can now access external resources via configurable HTTP Proxy.
• Config files split into multiple files to make upgrades easier when local files have been changed.
• Password setting "Send to originator" added. If it's checked generated passwords for the PDF will be sent to the "sender" of the message.
• Force signing trigger can be used to trigger S/MIME signing of a message using a special email header.
• Certificate Trust List added which can be used to "white list" or "black list" certificates.
• Messages sent from BlackBerry (via BIS) can now be relayed through Djigzo.
• Improvement:
• Tomcat is now used by default instead of Jetty.
• Most templates are now by default UTF-8. Templates now fully support Unicode.
• Backup and restore now works accross different PostgreSQL versions.
• Expired column is now shown in red when a certificate is expired.
• The Virtual Appliance now contains a firewall which blocks access to ports that need not be externally accessible.
• support for MAC OSX Java wrapper added (patch subumitted by Rainer Frey).
• Original Message-ID of messages is retained if possible.
• Subject trigger is now recursively removed.
• Bug fix:
• Signature check sometimes failed for clear signed message which were clear signed.