CipherMail Documentation
Gateway Administration
- Introduction
- Setup
- Cockpit
- Auth
- MTA
- Settings
- Users
- Domains
- Sender and receiver settings
- General
- Created
- Comment
- Locality
- Encrypt Mode
- Send Encryption Notification
- Skip Calendar
- Password Policy
- Enable Subject Filter
- Subject Filter Regular Expression
- Post Processing Header (Internal domain)
- Post Processing Header (External domain)
- Organization Id
- System Email Sender
- System Email From
- Email Footer
- Email Footer Link
- Email Footer Link Title
- S/MIME
- S/MIME Enabled
- Skip Sign Only
- Strict Mode
- Skip Calendar
- Skip Signing Calendar
- Encryption Algorithm
- Encryption Padding Mode
- Signing Algorithm
- Check For Invalid 7bit Chars
- Cancel Decryption On Invalid 7-bit Chars
- Auto Select Encryption Certificates
- Always Use Freshest Signing Certificate
- Max Message Size
- Remove Signature
- Auto Request Certificate
- Import Certificates From Email
- Skip Import Certificates From Email If Not Trusted
- PGP
- PGP Enabled
- PGP/Inline For Incoming Email Enabled
- Scan HTML
- Skip non PGP extensions
- Auto Select Signing Algorithm
- Signing Algorithm
- Encryption Algorithm
- Compression Algorithm
- Max Message Size
- Convert HTML To Text
- Add Integrity Packet
- PGP Encoding
- Key Algorithm
- Auto Publish Keys
- Auto Request Key
- Import Import Keys From Mail
- Auto Remove Keys From Mail
- Remove Signature
- Auto Update Email Addresses
- Skip Sign Only
- PDF
- PDF Encryption Enabled
- Max Message Size
- Only Encrypt If Mandatory
- Send Generated Password Back To Sender
- OTP Enabled
- Portal Auto Signup
- PDF Password
- PDF Password Length
- Reply Enabled
- Reply Cc
- Reply validity interval
- Sign PDF Email
- Deep scan
- Add PDF Cover Page
- PDF Cover Page
- Attach original message
- Auto rename attachments
- Rename Filename List
- Rename Filename Keyword
- PDF template
- Templates
- Portal Signup Mail Template
- Portal Password Reset Mail Template
- Encrypted PDF Mail Template Static Password Mode
- Encrypted PDF Mail Template SMS Password Mode
- Encrypted PDF Mail Template OTP Password Mode
- Failed Encryption Notification Template
- Encryption Notification Template
- Passwords Notification Template
- SMS Password Template
- DLP Warning Template
- DLP Quarantine Template
- DLP Block Template
- DLP Error Template
- DLP Release Template
- DLP Delete Template
- DLP Expire Template
- OTP Secret Password SMS
- OTP Secret
- Portal New Mail
- Triggers
- Trigger
- Sign Header
- Sign Header Enabled
- Sign Subject Regex
- Sign Subject Regex Enabled
- Sign Subject Regex Remove Pattern
- Encrypt Header
- Encrypt Header Enabled
- Encrypt Subject Regex
- Encrypt Subject Regex Enabled
- Encrypt Subject Regex Remove Pattern
- Skip Encryption Header
- Skip Encryption Header Enabled
- Skip Encryption Subject Regex
- Skip Encryption Subject Regex Enabled
- Skip Encryption Subject Regex Remove Pattern
- Subject Password Trigger
- Subject Password Trigger Enabled
- OTP Encrypt Header
- OTP Encrypt Header Enabled
- OTP Encrypt Subject Regex
- OTP Encrypt Subject Regex Enabled
- OTP Encrypt Subject Regex Remove Pattern
- Webmail Messenger Header
- Webmail Messenger Header Enabled
- Webmail Messenger Subject Regex
- Webmail Messenger Subject Regex Enabled
- Webmail Messenger Subject Regex Remove Pattern
- Security info
- CA
- DLP
- DLP Enabled
- DLP managers
- Send Warning To Originator
- Send Warning To DLP Managers
- Send Quarantine To Originator
- Send Quarantine To DLP Managers
- Send Block To Originator
- Send Block To DLP Managers
- Send Error To Originator
- Send Error To DLP Managers
- Quarantine On Error
- Quarantine On Failed Encryption
- Send Release Notification To Originator
- Send Release Notification To DLP Managers
- Send Delete Notification To Originator
- Send Delete Notification To DLP Manager
- Send Expire Notification To Originator
- Send Expire Notification To DLP Managers
- Portal
- Webmail
- SMS
- Notifications
- Licensing
- DKIM
- S/MIME
- PGP
- PDF Messenger
- Webmail Messenger
- DLP
- Express setup
- Patterns
- Text normalization
- Selecting patterns
- DLP settings
- DLP Enabled
- DLP managers
- Send Warning To Originator
- Send Warning To DLP Managers
- Send Quarantine To Originator
- Send Quarantine To DLP Managers
- Send Block To Originator
- Send Block To DLP Managers
- Send Error To Originator
- Send Error To DLP Managers
- Quarantine On Error
- Quarantine On Failed Encryption
- Send Release Notification To Originator
- Send Release Notification To DLP Managers
- Send Delete Notification To Originator
- Send Delete Notification To DLP Managers
- Send Expire Notification To Originator
- Send Expire Notification To DLP Managers
- Quarantine
- Log
- SMS
- Licenses
- CLI
- Introduction
- Help
- CLI Commands
- ACME
- Auth
- auth get oidc-clients
- auth admin delete
- auth admin roles set
- auth permissions effective
- auth role delete
- auth role inherited set
- auth permissions all
- auth admin 2fa caller set enable
- auth role create
- auth role get all
- auth role permissions add
- auth admin get all
- auth role permissions set
- auth admin add
- auth admin 2fa caller get enable
- auth admin password
- auth role permissions remove
- auth admin get
- auth role get
- auth admin authenticated
- auth admin ip-addresses clear
- auth admin 2fa set enable
- auth admin ip-addresses set
- Built-in
- CA
- CRL
- CTL
- Certificate
- certificate get matching count
- certificate search email count
- certificate search subject count
- certificate export chain
- certificate referenced
- certificate export certificates
- certificate referenced details
- certificate import keys
- certificate get matching
- certificate delete
- certificate get all
- certificate import
- certificate import system-roots
- certificate search issuer
- certificate search subject
- certificate get all count
- certificate search email
- certificate get external
- certificate get
- certificate export keys
- Certificate Selection
- certificate selection user get auto-selected
- certificate selection domain reset named
- certificate selection domain get signing
- certificate selection user reset signing
- certificate selection domain reset signing
- certificate selection user get named inherited
- certificate selection user get named
- certificate selection user reset explicit
- certificate selection domain get explicit
- certificate selection user get explicit
- certificate selection global set named
- certificate selection global get named
- certificate selection user reset named
- certificate selection domain get inherited
- certificate selection global set signing
- certificate selection domain reset explicit
- certificate selection user get encryption
- certificate selection global get signing
- certificate selection domain get named
- certificate selection global reset named
- certificate selection user get inherited
- certificate selection user set explicit
- certificate selection user set signing
- certificate selection user get signing
- certificate selection user set named
- certificate selection domain set named
- certificate selection domain get named inherited
- certificate selection domain set explicit
- certificate selection domain set signing
- certificate selection global reset signing
- Certificate Validation
- DKIM
- DLP
- dlp domain get patterns
- dlp user reset patterns
- dlp user get patterns
- dlp user set patterns
- dlp child remove
- dlp pattern get all count
- dlp match-filter get all
- dlp global reset patterns
- dlp validator get
- dlp skip-list get
- dlp extract text
- dlp domain set patterns
- dlp pattern referenced
- dlp pattern delete
- dlp group add
- dlp match-filter get
- dlp pattern add
- dlp domain reset patterns
- dlp pattern get
- dlp global get patterns
- dlp global set patterns
- dlp pattern get all
- dlp validator get all
- dlp pattern update
- dlp skip-list set
- dlp child add
- dlp pattern rename
- dlp pattern referenced details
- Domain
- GlobalSign
- globalsign atlas get issuance-quota
- globalsign atlas revoke certificate
- globalsign atlas download trust-chain
- globalsign atlas get issued-count
- globalsign atlas add domain-claim
- globalsign atlas create mtls-certificate-request
- globalsign atlas get revoked-count
- globalsign atlas get validation-policy
- globalsign atlas get domain-claims
- globalsign atlas verify domain by-email
- globalsign atlas verify domain by-dns
- globalsign atlas get pending mtls-certificate-request
- globalsign atlas delete domain-claim
- globalsign atlas download certificate
- globalsign atlas get domain-approval-email-addresses
- globalsign atlas import mtls-certificate
- Host Resources
- KeyStore
- License
- Log
- MPA
- MTA
- mta config main myhostname get
- mta queue delete
- mta config main internal-relay-hosts get
- mta relay-header-secret domain delete
- mta queue reschedule
- mta config main mynetworks get
- mta config main myhostname set
- mta config main unverified-recipient-reject-code get
- mta map create
- mta control stop
- mta config main relay-domains set
- mta relay-header-secret global delete
- mta queue list
- mta relay-header-secret domain add
- mta queue get
- mta control status
- mta config main unverified-recipient-reject-code set
- mta queue flush
- mta config main message-size-limit get
- mta config main internal-relay-hosts set
- mta control check running
- mta config main message-size-limit set
- mta config main get
- mta map set content
- mta config main external-relay-hosts get
- mta queue requeue
- mta config main external-relay-hosts set
- mta config main relay-domains get
- mta control restart
- mta config main smtp-helo-name get
- mta map delete
- mta relay-header-secret user delete
- mta control start
- mta queue bounce
- mta queue size
- mta send mail
- mta relay-header-secret global add
- mta config main reject-unverified-recipient get
- mta queue release
- mta config main set
- mta queue hold
- mta config main smtp-helo-name set
- mta config main mynetworks set
- mta relay-header-secret user add
- mta map get content
- mta send mime
- mta config main reject-unverified-recipient set
- mta map list
- MySQL
- PGP
- pgp keyring get sub-keys
- pgp user set signing key
- pgp keyring export secret-keys
- pgp trust get all
- pgp trust delete
- pgp keyring export public-keys
- pgp keyring search keys count
- pgp keyring generate secret-key
- pgp is userid valid
- pgp domain get all signing keys
- pgp keyring get all count
- pgp user get all encryption keys
- pgp keyring search keys
- pgp keyserver download
- pgp keyring import
- pgp domain get signing key
- pgp user get signing key
- pgp keyserver refresh
- pgp keyring get public-key with fingerprint
- pgp keyserver submit
- pgp trust set
- pgp keyserver get config
- pgp user get all signing keys
- pgp domain get all encryption keys
- pgp set email-and-domains
- pgp domain set signing key
- pgp keyserver set config
- pgp keyring delete key
- pgp trust get all count
- pgp is userid revoked
- pgp revoke key
- pgp trust get
- pgp keyring get all
- pgp keyring get public-key with id
- pgp keyserver search
- Portal
- Property
- property domain set file
- property global set
- property descriptor
- property user get
- property global get multiple
- property available
- property user get value
- property global set file
- property domain set
- property user reset
- property user set
- property global reset
- property available categories
- property user get multiple
- property domain get value
- property global get
- property domain reset
- property domain get multiple
- property user set file
- property domain get
- property global get value
- Quarantine
- SMS
- SwissSign
- System
- TLS
- Tool
- User
- Webmail
- CLI Examples
- Other
Virtual Appliance
Office 365 Integration
- Introduction
- Setup O365
- Enable Soft bounce
- Allow O365 IP range
- Enable client side cert auth
- Add O365 incoming connector
- Add O365 outgoing connector
- Configure mandatory TLS
- Relay via O365
- Skip internal email
- Add header after processing email
- Add Authorization header
- Relay external email via the CipherMail gateway
- Remove processed header
- Relay incoming email via the CipherMail gateway
Google Workspace Integration
Cluster Administration
Frequently Asked Questions
- Gateway
- Incoming encrypted email is not decrypted. Why is that?
- Email received by the gateway contain X-CipherMail-Info headers. What are these?
- Certificates from incoming digitally signed emails are not automatically saved to the certificate store
- Where should the CipherMail gateway be placed?
- Is the gateway an on-premises or a cloud based application?
- Can the gateway be used as a milter?
- Does the gateway support Let’s Encrypt?
- Why is it not possible to create a backup from the UI?
- Why is it not possible to restore a backup from the UI?
- How can I upgrade from version 5 to version 6?
- CLI
- S/MIME
- What exactly is a certificate?
- What is a root certificate?
- What is an intermediate certificate?
- What is an end-user certificate?
- Why do certificates expire?
- How does the gateway handle expired certificates?
- What is the difference between a signature and an encryption certificate?
- How does the gateway handle key usage and extended key usage?
- Do we need separate signing and encryption certificates?
- Can we use a self-signed root certificate or should it be issued by a trusted CA?
- What does it mean when a certificate is revoked?
- What is a certificate Trust List (CTL)?
- What does the key usage nonRepudiation mean?
- PGP
- PDF Encryption
- What is PDF email encryption?
- With PDF encryption, are attachments encrypted as well?
- Is PDF encryption safe? Some companies claim they can crack PDFs?
- With PDF encryption, how can the recipient securely reply ?
- There are different password modes for PDF encryption. Which mode is the most secure?
- With the One Time Password (OTP) mode, a recipient can be invited. Is this not insecure? What happens if the invite is intercepted?
- Is HTML email supported by PDF Messenger?
- Webmail Messenger
- DLP
- I would like to quarantine an outgoing email when the To and CC header contains a large number of recipients. How can I do this?
- Can the DLP module detect all information leakage?
- I have added a sentence to the list of patterns but somehow the sentence is not matched. Why is the sentence not matched?
- What is the skip list?
- I would like to match a word if the word contains uppercase characters but not when it contains lowercase characters. Is this possible?
- Are there any pre-defined patterns?
- Are attachments also scanned?
- I cannot delete certain patterns. Why is that?
- Are email headers scanned?
- Cluster
- Why do I need at least three nodes for a cluster?
- Can a node run in a different data center than the other nodes?
- If two nodes are running in data center A and one node in data center B and the connection between the data centers fail, can I make sure that CipherMail is functional in both data centers?
- Virtual Appliance
- What are the default admin UI login credentials?
- What are the default SSH and console login credentials?
- I forgot the UI admin password. How can I reset the password?
- The gateway comes with no certificates installed. Why is that?
- Is SElinux enabled?
- In earlier versions of the Virtual Appliance, network settings could be configured through the user interface. In the current release, this option is no longer available.
- Support policy and EOL statements
CipherMail for Android