Architecture

Webmail messenger is typically installed as an add-on to the CipherMail gateway.

CipherMail Webmail Messenger

When an email is sent via Webmail Messenger, the following steps are taken:

  1. User sends email via Exchange (or any other mail server)

  2. Exchange forwards the message to the CipherMail gateway.

  3. A rule on the gateway flags that the email must be sent via Webmail Messenger.

  4. The message gets S/MIME signed with the Webmail sender key and encrypted with the Webmail recipient certificate and forwarded via email to Webmail Messenger. Webmail Messenger decrypts the mail, checks the signature and places the email in the local mailbox of the recipient(s).

  5. A notification message, telling that a new email is available, is sent to the recipient.

  6. The user logs-in with a browser via HTTPS and reads the message.

Configuration

The gateway communicates with Webmail Messenger using an S/MIME tunnel. This requires a special webmail sender certificate on the gateway and a Webmail recipient certificate on Webmail Messenger.

Important

Use the “Webmail Messenger setup wizard” for configuring the gateway for Webmail Messenger support.

Enabled

If set, Webmail Messenger is enabled.

Read receipt

If enabled, a “read notification” message will be sent to the sender when the recipient opens the message in Webmail messenger.

Only if mandatory

If enabled, Webmail Messenger will only be used if encryption is mandatory.

Note

“Only if mandatory” is helpful if “Encrypt Mode” is set to “Allow” and Webmail Messenger is enabled. In this case if the recipient does not have an S/MIME certificate or a PGP key or have PDF enabled, all email will be sent via Webmail Messenger. By enabling “Only if mandatory”, email will only be sent via Webmail Messenger if email encryption is mandatory.

OTP enabled

If enabled, and an email is PDF encrypted with OTP mode, the OTP PDF encryption is done by Webmail Messenger. The main benefit of having Webmail Messenger handling OTP PDF encryption, is that the gateway no longer need to be accessible for external users because for OTP PDF mode, the portal functionality of Webmail Messenger is used. A second benefit is that Webmail Messenger supports 2-factor authentication for portal access.

Webmail recipient

Webmail recipient is the email address Webmail Messenger accepts for the incoming S/MIME tunnel email from the gateway.

Webmail sender

The sender used for the special S/MIME tunnel email sent from the gateway to Webmail messenger. It is advised to use an email address which is exclusively used for Webmail Messenger.

Important

The S/MIME tunnel between the gateway and Webmail Messenger requires two certificates with private keys. One for the gateway and one for Webmail Messenger. Do not delete these tunnel certificates unless you need to create new tunnel certificates.