...
Either configure GPG to use the old keystore format, or export the keys in ASCII-armored or (old) GPG binary format.
LDAP: Unprocessed Continuation Reference(s)
Preconditions
you use Active Directory
you have multiple catalogs connected in your Active Directory setup
Description
Under the above circumstances, the retrieval of S/MIME certificates from the Active Directory may fail with an error message: Unprocessed Continuation Reference(s).
This means that Active Directory returns additional directories to look at (a so-called referral). With referral chasing enabled in Active Directory, the client could go from domain to domain in the Active Directory tree trying to satisfy the request if the query cannot be satisfied by the initial domain. This method can be extremely time-consuming, which is why S/Notify does not support referral chasing, but Active Directory does not accept that and throws an error when the client does not follow the referral.
Resolution
S/Notify does not properly ignore the referral error. A fix is in the works.
If, however, it is required to follow referrals in order to search the whole Active Directory, it is recommended to use Active Directory's Global Catalog instead, which is much faster. To connect to the Global Catalog, in the LDAP connection setup, replace 389 by port 3268, or port 686 by 3269, respectively.
Work-around
Use Active Directory's Global Catalog. To connect to the Global Catalog, in the LDAP connection setup, replace 389 by port 3268, or port 686 by 3269, respectively.
Duplicate email addresses
Preconditions
you have two or more users sharing the same email address
and user uploads are allowed
Description
If, in your Jira or Confluence, multiple users share the same email address, S/Notify cannot determine which of these users the email is actually meant for. Usually, this doesn't matter, because all these users would have to share the same S/MIME certificate or PGP key anyway, as these are bound to the email address.
...
Note that this is not a problem if S/Notify is configured to get S/MIME certificates and PGP keys from a key store or key server rather than from the user profile.
Resolution
In the unlikely case that different users with the same email address have uploaded different S/MIME certificates or PGP keys, it is impossible to determine which of them is the desired one for a specific email. Therefore, this specific issue cannot be resolved completely by the app.
However, S/Notify displays a warning in the user profile if there is another active user using that email address.
Work-around
Different users having the same email address should not have different S/MIME certificates or PGP keys uploaded to their user profile.
Invites in encrypted emails not visible in MS Outlook
Preconditions
outbound email encrypted with S/MIME
outgoing mail contains an ics file attachment for an invite
recipient views message in Microsoft Outlook client
Description
Note that this issue is not specific to S/Notify, but it occurs with any invite in an encrypted email viewed in Microsoft Outlook.
...
This is a long-standing problem in the Microsoft Outlook client. Outlook tries to recognize invites in order to present a dialog to accept or deny them. However, to do so, Outlook relies on a message header with Content-Type: text/calendar, but when a message is encrypted, this message header is inside the encrypted part. Obviously, Outlook does not decrypt the message when checking for that header, but later nonetheless hides the corresponding ics file attachment. As a result, neither the dialog nor the attachment can be seen, and the invite seems to have disappeared.
Resolution
There is no working solution. Microsoft needs to fix this, but hasn’t yet.
Work-around
As the only existing work-around, Microsoft always sends invites unencrypted. However, S/Notify does not currently check outgoing emails for invites. Please let us know if you run into this problem.
PGP: AEAD encrypted emails cannot be decrypted
Preconditions
inbound email encrypted with PGP
the email is encrypted using the new AEAD method
Description
Decryptions fails. The log file shows an error unknown packet type 20.
GnuPG 2.3 generates keys with an AEAD algorithm, and GnuPG 2.3 by default uses this algorithm to encrypt. However, to date, while AEAD is proposed to become part of the OpenPGP standard, it has not been approved yet (see OpenPGP Message Format Draft rfc4880bis-10). To the best of our knowledge, it is not yet broadly supported. Applications based on GnuPG usually still use GnuPG 2.2 under the hood.
Resolution
We are planning to include AEAD support in a future release of S/Notify.
Work-around
In GnuPG 2.3, the --rfc4880
or --openpgp
flag must be used so it conforms to the PGP standard.
...
Jira Email This Issue app is configured to receive emails over its own built-in Next Gen Mail Handler
Description
S/Notify is not being invoked by the Next Gen mail handler. As a result
incoming mail cannot be decrypted
signature attachments cannot be removed
indicators cannot be added
Resolution
We have proposed a solution to the vendor of Email This Issue to make S/Notify and JETI Next Gen Mail Handlers compatible with each other. We are still waiting for them to restore full compatibility between our apps.
Customers interested in the integration are encouraged to upvote the feature request for Email This Issue here and/or to contact META-INF, the vendor of Email This Issue to ask for their current progress status.
Work-around
There is a work-around using a simple patch in Email This Issue. In order to enable Email This Issue to use the email decryption handlers in S/Notify, create a text file named javamail.providers
with the following contents:
...
Send Email To Page app is installed in Confluence to process incoming emails
Users send encrypted emails
Description
Incoming email won’t get decrypted because in Confluence, there is usually no support for incoming email, so S/Notify for Confluence does not include the functionality.
Resolution
While S/Notify could process incoming email with Send Email To Page, to date, we haven’t seen any requests.
Customers interested in the integration are encouraged to let us know!
Work-around
There’s no way currently. Please contact our service desk for available options.
...