deeztek / hermes-secure-email-gateway Goto Github PK

Update 210504 will be used to implement this function.

Add ability to generate wildcard cert in Gateway --> Certificate Signing Request

Hey,

im currently testing this secure email gateway. Installation went pretty smooth but now im facing a error in the initial system settings page.

Postmaster E-Mail: [email protected]
Admin E-Mail: [email protected]

When i select "Save Settings" the system prompts: The Postmaster E-mail Address must be part of a domain that this system relays.

How can i fix this?

Hello nice project.
I have a contracted email service with GoDaddy that I would like to configure so that Hermes acts as a gateway between GoDaddy's email service and email clients. I followed the installation steps outlined in the documentation, where the installation was done on a virtual machine to host Hermes SEG, and it is installed on Ubuntu Server 20.04 with 8 GB of RAM and 4 processors.
After the installation, I will configure the network to use a static IP address as follows:

1. Network Mode: Static
2. HostName: smtp
3. Primary Domain Name: domain.tld
4. Ip Address: 192.168.1.50
5. Subnet Mask: 255.255.255.0/24
6. Gateway: 192.168.1.1
7. DNS1: 192.168.1.116

Finally, I added a domain with the following configuration in order for the messages sent and received by email clients to be filtered by Hermes and then forwarded to the GoDaddy server:

1. Domain Name smtp.test.tld
2. Delivery Method: SMTP
3. Recipient Delivery: ANY
4. Destination Address: smtpout.secureserver.net
5. Destination Port: 25
6. Destination Requires Authentication: YES
7. Destination Username: [email protected]
8. Destination Password: ****

Once I have made this configuration, I will try to connect the Outlook application using the following SMTP settings:

1. Smtp Domain: smtp.test.tld
2. Smtp Port: 25

The Outlook email configuration process was completed successfully; however, when I try to send an email, it doesn't go through, and the Hermes SEG log doesn't register anything.
On the other hand, I performed a test by setting up an SMTP client using .NET 8 language with the following configuration:

1. Smtp Domain: smtp.test.tld
2. Smtp Port: 25

In this instance, when I send the email, I get the following log from the Hermes application.

PREGREET 22 after 0.01 from [192.168.1.215]:52092: EHLO VMWindows\r\n
CONNECT from [192.168.1.215]:52092 to [192.168.1.50]:25

However, the email is not received by Hermes SEG because it doesn't appear in the Mail Queue view nor does it appear in the Message History view.

So, I would like to know exactly how the configuration should be done in Hermes SEG so that it can act as a gateway between the Godaddy email service and the email clients for the purpose of filtering emails.

What type of client and configuration in the client needs to be done? For example, if the port number is 25 and if the DNS registered in Hermes needs to be specified.
Is it necessary to configure SMTP TLS? If so, could an SSL certificate for a website provided by GoDaddy be used?

Is there a documented use case for configuring Hermes SEG? If so, where can I find this documentation?

When trying to edit a domain under Gateway --> Domains --> Edit Domain if an IP address is entered in the Destination Address field, the following error is generated when clicking Submit:

The Destination Address field must be a valid FQDN or IP Address

During git clone of hermes-seg-18.04.git, empty directories under /opt/hermes do not get cloned due to the way git works. In order to work around this issue, I already placed git_placeholder.txt files in all those empty directories so any new installations should clone all those empty directories. However, need to create update to address issue with existing installations.

Following error is displayed when attempting to add Email Archive Job and access to SMB share is denied:

Lucee 5.2.9.31 Error (application)
Message	Error invoking external process
Detail	/bin/cp: cannot create regular file '/mnt/hermesarchivetest/testsmb': Permission denied
Stacktrace	The Error Occurred in
/var/www/html/admin/email_archive.cfm: line 595
593: outputfile ="/dev/null"
594: arguments="-inputformat none">
595: </cfexecute>
596:
597:

Need to update cfcatch for "permission denied" in error detail.

Upgrade Authelia to 4.37.2 and migrate session storage from sqlite to MySQL.

Logging into the admin interface I am presented with the following warning box.

Examining the script, it contains:

#!/bin/bash df -hl | awk '/^\/dev\/mapper/ubuntu--vg-ubuntu--lv/ { sum+=$5 } END { print sum }'
Executing script:

awk: cmd. line:1: /^\/dev\/mapper/ubuntu--vg-ubuntu--lv/ { sum+=$5 } END { print sum } awk: cmd. line:1: ^ syntax error
It also looks like a new script is generated on each page load/refresh, is this expected behaviour?

Discussed in #37

In certain deployments where Internal Recipients are not utilized, all outbound e-mails are automatically PDF encrypted. Issue is caused by the domain being set with PDF encryption enabled.

Spamassassin does not update automatically. Issue is caused by CRON=0 in the /etc/default/spamassassin file.

When creating a PGP Keyring for internal/external user, private keyring does not get generated. The issue seems to be related to a change to the way gnupg handles private key exports. While in the past it would generate the private key without a password, it now prompt for a password before proceeding.

Here is the error received when selecting a quarantined message and message action block sender.

We apologize for the inconvenience but a system error has occurred or malicious activity has been detected or database credentials are missing/incorrect

Page Specific Error below
Message History: url.startdate is invalid
Attempting to modify a URL parameter or form input or attempting to use certain keywords such as (select, update etc.) in form fields will generate this error. Please go back to retry your operation without modifying any system URLs and/or change your form input with fields that are not banned. Additionally, verify the database credentials are correct under System --> System Settings.

If you have any further questions, please contact support

Discussed in #51

Deploy Docker Nextcloud in Hermes SEG as the groupware solution to compliment Dovecot Server.

There seems to be some confusion in the MySQL/MariaDB username/password prompts as having default values and people simply hitting Enter to proceed. They need to be made mandatory in the next release.

We have been getting a lot of support requests for Hermes from people getting 502 Gateway errors when attempting to run Hermes SEG in a LXC environment. Hermes SEG will not run in a LXC environment. Hermes is designed to run in a physical machine or in a full virtual environment (Vmware, virtualbox etc...)

I am not sure what is breaking, but I have noticed a few things that stand out as issues. After logging into the application I get the following errors:

Lucee 5.2.9.31 Error (application)
--
Message | Error invoking external process
Detail | /sys/firmware/dmi/tables/smbios_entry_point: Permission denied/dev/mem: No such file or directory
Stacktrace | The Error Occurred in/compile/proprietary/2/inc/setsession.cfm: line 1412: ?O�13: doStartTagQ$14: ?R��initBody�&(Ljavax/servlet/jsp/tagext/BodyTag;I)VTU15: /V��16: �X��doAfterBodyZ$called from /var/www/html/admin/Application.cfc: line 261

I also noticed that the Hermes user cannot access the DB:
Aug 30 18:05:16 Hermes-SEG postfix/smtp[9692]: warning: connect to mysql server 127.0.0.1: Access denied for user 'hermes'@'localhost' (using password: YES)

I was able to login with the DB user locally, but the application fails to do so. This proves that the password works.

I used the exact recommended setup for Ubuntu 20.04. It is running in a LXC container on ProxMox

ExtremeShok clamav-unofficial-sigs looks like an abandoned project. Create build-in code to handle ClamAV 3rd party signatures.

Newest build will stall out on fresh installation during mysql when running the install script.

When adding DKIM Trusted Hosts, DMARC does not get updated to accept the new hosts for DMARC Sign if DMARC is enabled.

Deploy Docker Dovecot Mail Server in Hermes SEG in order to be able to additionally receive e-mail locally instead of being limited to only relay e-mail to external servers.

Authelia 4.37.2 seems to require a Storage Encryption Key.

Following error is reported by Hermes SEG:

/etc/cron.daily/logrotate:
error: Ignoring authelia because of bad file mode - must be 0644 or 0444.

Due to the pending end of the standard standard five year maintenance window for Long Term Support (LTS) for Ubuntu 18.04 LTS Server on May 31, 2023, we have created instructions and a script to perform a release upgrade and migration for existing Ubuntu 18.04 LTS based Hermes installation to Ubuntu 20.04 LTS. Details and instructions can be located here:

https://docs.deeztek.com/books/hermes-seg-administrator-guide/page/upgrade-and-migrate-hermes-seg-1804-to-2004

When navigating to System --> Mail Queue the system throws the following error:

Unknown column 'queue_type' in 'field list'
--
SQL | insert into postfix_queue(trans_id, msg_id, queue_type)values('dXFq2Yrl', '83261121B3E', 'N/A')

This is caused by missing column in the postfix_queue table in the build-220410 release.

Add Duo Security MFA in Hermes SEG.

Error occurs when attempting to save console settings and the following fields are blank:

Encryption --> Encryption Settings --> Server Secret Keyword
Encryption --> Encryption Settings --> Client Secret Keyword
Encryption --> Encryption Settings --> Mail Secret Keyword

Gateway --> SMTP TLS Settings throws ApplicationException error when SMTP TLS Support Available is selected and Certificate, Unencrypted Key and Root & Int CA Certificate are left blank and the Save & Apply Settings button is clicked.

Until issue is resolved, workaround is to ensure ensure you fill out the Certificate, Unencrypted Key and Root & Int CA Certificate fields before clicking the Save & Apply Settings button

Add ability to remove system user 2FA devices when user is deleted and when required without having to delete the user.

Hello Hermes Secure Email Gateway Admin,
I want to edit some UI in files like view_console_settings.cfm.
How I view the source code

Thanks.

Deploy Docker and Docker Compose in Hermes SEG in order to be able to deploy various Docker containers for future enhancements.

When there is a reverse proxy in front of Hermes SEG (nginx), Hermes SEG displays both the client IP and the reverse proxy IP which causes Hermes SEG to deny access to admin interface.

Under certain conditions, the ciphermail user.otpEnabled flag does not get set

Hi there,
I'd like to evaluate Hermes SEG however each time diring install the installation quits all of a sudden. The log file shows the following on the last line;
Error step 61 of 61: 1, occured during ensuring Hermes SEG permissions are set correctly

This happens right after the expected OpenDMARC error.

The server is a VM on on ESXI.
It's a new install and has Ubuntu 18.04 installed with the latest updates, 10Gb RAM, 1x 16Gb disk and 1x 250Gb disk.

I wasn't able to find any documents on the forum so I'm not really sure where to go from here. Any support would be much appreciated.

Kind regards,
Ronald.