• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • HOME
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SUPPORT
    • Knowledge Base
    • Forum
    • Training courses
    • Support Request
    • Software-Download
    • Resources
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Team
    • Testimonials
    • Career
    • Contact
  • EVENTS
    • Events
    • Webcast Training
  • BLOG
  • FREE TRIAL VERSION
    • Price request
    • Free trial version
  • English
    • Deutsch
  • Search
  • Menu Menu
Info Icon

Locally signed emails are permanently rejected due to invalid S/MIME signatures

Known errors
< zurück
Zuletzt aktualisiert am:29.08.2022

Problem

Inbound, 8-bit encoded emails that are signed locally by S/MIME are converted into 7-bit encoded emails by NoSpamProxy and then rejected by the receiving email server because of an invalid certificate.

Analysis

RFC 5751 requires that all signed MIME parts of an email must have 7-bit encoding:

If a multipart/entity signed is ever to be transmitted over the standard Internet SMTP infrastructure or other transport that is constrained to 7-bit text, it MUST have transferred encoding applied so that it is represented as 7-bit text. MIME entities that are 7-bit data already need no transfer encoding. Entities such as 8-bit text and binary data can be encoded with quoted-printable or base-64 transfer encoding.

To ensure full compliance with RFC 5751, NoSpamProxy converts the 8-bit encoding of the email into a 7-bit encoding.

However, because the signing was applied locally and not by NoSpamProxy, the conversion changes the hash value of the email and thus invalidates the signature. Accordingly, NoSpamProxy will permanently reject the email from version 13.2.20258.1435.

This scenario only occurs if the “Remove attached signature from S/MIME-signed emails (recommended)” option has been disabled in the NoSpamProxy rulebook and the email client sends 8-bit encoded emails.

Workarounds

Workaround 1: Enable opaque signing

Microsoft Outlook

Configure your email client to use the opaque signing method when applying the signature. This method summarizes the signature and message into a single binary file so that the signature remains intact when the email gatewaysmodify the email message.

Do the following:

  1. Open Microsoft Outlook.
  2. Go to File > Options > Trust Center Settings > Email Security.
  3. Remove the check mark for Send clear text signed message when sending signed messages
    Enabling opaque signing in Microsoft Outlook
  4. Click OK.

By disabling this option, you have enabled opaque signing.

Microsoft 365/Outlook on the Web, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online

You can also configure opaque signing using PowerShell:

Set-SmimeConfig -OWAClearSign $false

For more information click here.

Receiving email clients that do not support S/MIME cannot process emails signed using opaque signing.

Workaround 2: Remove local signatures

Configure NoSpamProxy to remove locally applied signatures.

Corresponding emails can be delivered in this way, but lose their S/MIME signature.

  1. Go to Configuration > Rules.
  2. Open the appropriate rule for inbound emails.
  3. Go to the Actions tab, open the S/MIME and PGP validation as well as encryption action, and go to the Validation options tab.
  4. Place the check mark for Remove attached signature from S/MIME-signed emails (recommended).
  5. Click Save and Close.
29.09.2020/by Stefan Feist

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

Knowledge Base

Knowledge Base

Note: The information in this knowledge base is only relevant for NoSpamProxy up to version 13.2. All information for NoSpamProxy 14 and higher can be found in the online documentation.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Info IconCritical Outlook vulnerability: No threat to NoSpamProxy customers24.03.2023 - 15:09
  • Default filter settings in NoSpamProxy 1422.03.2023 - 10:00
  • NoSpamProxy UpdateGlobal Rollout NoSpamProxy Version 14.0.515.03.2023 - 15:20
IMPRINT • EULA • Privacy Policy • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
Release Notes – NoSpamProxy 13.2 (Fast Channel)info iconInfo IconCyren Engines – Troubleshooting
Scroll to top