#1337 ✓fixcommitted
Mike

S/MIME signatures and from addresses

Reported by Mike | December 4th, 2015 @ 08:17 AM

I have set up MailMate to always sign mails. But I only want this for my job address. When I write a mail from my private address, MailMate tries to sign with my job certificate which ends in an error message.

Is there a way to connect a certificate to a specific address? Maybe I have overseen it?

Comments and changes to this ticket

  • benny

    benny December 7th, 2015 @ 11:50 AM

    No, there is a bit for OpenPGP, but I'm not even sure that can be used to disable signing for a specific email address.

    Are you sure MailMate tries to use your job certificate? If MailMate does not find a certificate for the current email address then it should at least report this (and not use the wrong one).

  • Mike

    Mike December 7th, 2015 @ 11:55 AM

    When I open the compositor to write a mail from my private account and try to send, I get following message:

    Failed to find identity to sign for *******@*******.***.
    The specified item could not be found in the keychain. Error code: -25300

    Then I deactivate the signing and I can send.

  • benny

    benny December 8th, 2015 @ 01:08 PM

    • State changed from “new” to “accepted”

    This is the expected behavior. MailMate cannot find a certificate to match the identity (email address). MailMate doesn't currently have a setting to exclude an email address when signing is enabled. The default behavior has to be that MailMate does not ignore this issue (otherwise some keychain problem or other issue might result in unintentionally sending unsigned or unencrypted messages).

    As I noted, using OpenPGP it's possible (low level) to map an email address (sender identity) to a specific key. If I do the same for S/MIME (mapping to a specific certificate) and then add that an empty value means no certificate, would that satisfy your needs?

  • Mike

    Mike December 8th, 2015 @ 05:25 PM

    If I understand correctly, something like the should do it. (I use S/MIME.)

  • benny

    benny December 9th, 2015 @ 08:01 AM

    Ok, I'll update this ticket when/if this is added. I don't think it should be hard, but I might be wrong :)

  • benny

    benny December 9th, 2015 @ 09:45 AM

    • State changed from “accepted” to “fixcommitted”

    In the next update, something like this should work to disable signing/encrypting when using a specific email address:

    {
    map = (
        {
            address = "user@example.com";
            serial = "";
        },
    );
}
  • benny

    benny December 9th, 2015 @ 09:46 AM

    It'll eventually be documented here.

  • Mike

    Mike December 27th, 2015 @ 12:11 AM

    Thank you. It's working. But it would be nice to be able to use wildcards/regexes and/or opt-in instead of opt-out. I have several addresses and aliases and only one is used with S/MIME, so it's troublesome to keep this list in sync with my in-use addresses.

  • benny

    benny March 15th, 2016 @ 12:14 PM

    • State changed from “fixcommitted” to “fixreleased”

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Mac OS X email client.

Shared Ticket Bins

People watching this ticket

Pages