Initial situation:
Due to individual requirements, the Users on the SEPPmail Secure E-Mail Gateway should not be created on the basis of the entry in the FROM header of an outgoing email but on the basis of the entry in the SENDER header or the envelope sender. Certificate receipt is also to be adjusted.
Question:
Is the creation of Users as well as obtaining certificates on the basis of the envelope or sender entry possible and if so, how?
Answer:
The order of which sender of an email is used to create the Users can be controlled using the variable createAccountAddressOrder for the account creation and createKeysAddressOrder for obtaining the certificates (see table):
Value |
Order |
Standard |
||
|---|---|---|---|---|
f,s,e |
FROM header |
SENDER header |
Envelope sender |
x |
s,e,f |
SENDER header |
Envelope sender |
FROM header |
|
e,f,s |
Envelope sender |
FROM header |
SENDER header |
|
e,s,f |
Envelope sender |
SENDER header |
FROM header |
|
s,f,e |
SENDER header |
FROM header |
Envelope sender |
|
f,e,s |
FROM header |
Envelope sender |
SENDER header |
|
|
The standard is based on the fact that, when checking an email signature, an email client uses the sender from the FROM header for comparison with the CN (Common Name) entered in the certificate. Some email clients alternatively use the entry from the SENDER header if this is available and the comparison of the CN with the entry of the FROM header has failed. The envelope sender is never used for comparison (if applicable, see also Key Used With The Microsoft Delegation Rule). |
Example code
•Verification of the setting Mail Processing Ruleset generator User creation Create accounts for new users if user tries to sign/encrypt
•Navigate to Mail Processing Ruleset generator Custom commands Custom commands for User Creation:
•Activating the option and insertion of the following code into the input field below:
Line |
Code |
|---|---|
01 |
# Begin: Custom commands for User Creation |
02 |
log(1,'Begin: Custom commands for User Creation'); |
|
|
03 |
if (!authenticated()) { |
04 |
setvar('createAccountAddressOrder','f,s,e'); |
05 |
setvar('createKeysAddressOrder','f,s,e'); |
06 |
if (!empty('$header_from')) { |
07 |
log(1,'creating user, based on from header $header_from'); |
08 |
} else if (!empty('$sender')) {{ |
09 |
log(1,'creating user, based on sender header $sender'); |
10 |
} else if (!empty('$from')) {{ |
11 |
log(1,'creating user, based on envelope sender $from'); |
12 |
} |
13 |
createaccount(); |
14 |
createkeys('@CREATEGPGKEYS@'); |
15 |
} |
|
|
16 |
log(1,'End: Custom commands for User Creation'); |
17 |
# End: Custom commands for User Creation |
Description
The section Custom commands for user creation: is only implemented with the activated option Create accounts for new users if user tries to sign/encrypt if the sender has requested a cryptographic action. If these prerequisites are met, this example first checks whether the User does not already exist (line 03). In this case, the order in which existing sender addresses in the email (envelope, FROM or SENDER header) are to be used to create the new Users (line 04) or to obtain the certificate (line 05) is first determined. In the lines 06 to 12 , the log records which of the addresses was used for the creating the user(s). Now the User (line 13) is created and the key material obtained according to the setting under Mail Processing Ruleset generator Key generation for the newly created User (line 14).
Used
commands
Replacements
