|
|
|
01-15-2009, 02:44 PM
|
#1
|
CrackBerry Addict
Join Date: May 2005
Model: 8900
Carrier: T-Mobile
Posts: 560
|
Lotus Notes signed (but not encrypted) email question - SP6 MR3 Issue
Please Login to Remove!
Has anybody seen the following behavior in 4.1 SP6 MR3 for Domino:
1) Receive an email from internal Notes users that has signed but not encrypted it
2) Email icon on Blackberry appears as a message with a padlock on top
3) Try to scroll down after first few lines of email and get prompted with a popup, on the Blackberry, for your Notes ID file password.
4) Enter ID file password and view rest of email
This is very strange because we have not seen this before, and have not imported ID files into the mailfiles in order to support S/MIME or other encryption.
Anyone have any info on why this might be happening?
__________________
BESX 4.1.7 on Exchange 2003: 65 Devices
BESX 5.0.3 on Exchange 2003: 2007 Devices
Last edited by mahoward; 01-22-2009 at 11:16 AM..
|
Offline
|
|
01-16-2009, 06:15 AM
|
#2
|
CrackBerry Addict
Join Date: Sep 2008
Location: London, UK
Model: 9900
OS: 7.1
PIN: ask!
Carrier: O2 UK
Posts: 932
|
Padlock is a sign that the email is encrypted, if it were only signed, then the icon would show a key as opposed to the pad lock icon.
|
Offline
|
|
01-16-2009, 09:40 AM
|
#3
|
CrackBerry Addict
Join Date: May 2005
Model: 8900
Carrier: T-Mobile
Posts: 560
|
Thanks skyman84, but in 4.1 SP6 MR3 just a signed message will cause the icon to be a padlock. This looks like a bug.
My manager is not allowing me to apply MR3 (which fixes 2 crash bugs we have experienced) because he doesn't want everyone who receives an internal Notes signed message to get a Notes ID password popup.
We generally don't use digital signatures or encryption, but some bozos think they are adding a signature at the bottom of the message body by clicking the "Sign" box in Notes.
Can anyone else who has Domino and applied MR3 do a sanity check on this for me? Just send a signed internal mail to someone, and have them read it on their BB. Does the lock show up? Is there any text in blue? Does it do a popup for the Notes ID file password?
__________________
BESX 4.1.7 on Exchange 2003: 65 Devices
BESX 5.0.3 on Exchange 2003: 2007 Devices
|
Offline
|
|
01-16-2009, 12:19 PM
|
#4
|
Thumbs Must Hurt
Join Date: Oct 2006
Location: Loony bin
Model: 8800
Carrier: T-Mobile
Posts: 111
|
Just tested it and it came thru without asking for pw or showing an icon on the BB.
Domino/Notes 8.0.2 with BES4.1.6 MR3
|
Offline
|
|
01-16-2009, 01:02 PM
|
#5
|
CrackBerry Addict
Join Date: May 2005
Model: 8900
Carrier: T-Mobile
Posts: 560
|
Thanks m4ilm4n, that is strange you dont see the key or lock on your unread email icon. Have you disabled native notes encryption on your BES server via the SECMSGSupported reghack?
__________________
BESX 4.1.7 on Exchange 2003: 65 Devices
BESX 5.0.3 on Exchange 2003: 2007 Devices
|
Offline
|
|
01-16-2009, 01:19 PM
|
#6
|
Wireless Sith Lord
Join Date: Jan 2007
Location: Online
Model: iOS 6
Carrier: Verizon x2
Posts: 1,458
|
Don't have MR3 applied here yet. Sorry M.
__________________
DarthBBerry
6-Time BlackBerry World Champion (2007-2012)
BlackBerry® Certified Support Specialist v5.0
BlackBerry® Certified System Administrator v5.0
|
Offline
|
|
01-20-2009, 07:24 AM
|
#7
|
Thumbs Must Hurt
Join Date: Oct 2006
Location: Loony bin
Model: 8800
Carrier: T-Mobile
Posts: 111
|
Quote:
Originally Posted by mahoward
Have you disabled native notes encryption on your BES server via the SECMSGSupported reghack?
|
Nope. Running plain vanilla setup so far (except having turned off the PDF Distiller for now).
|
Offline
|
|
01-20-2009, 12:02 PM
|
#8
|
BBF War Game Mod
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
|
No MR3 here, soz
__________________
Jadey : Infrastructure Architect, Denver CO
|
Offline
|
|
01-21-2009, 09:38 AM
|
#9
|
New Member
Join Date: May 2008
Location: Newcastle,UK
Model: 8800
PIN: N/A
Carrier: T Mobile
Posts: 10
|
I am receiving exactly the same issue. Im speaking to RIM now and will post what i find.
With previous BES versions a user could receive a signed mail with no issue. The mail would appear in the inbox as a standard message and could be opened and forwarded no problem.
Since upgarding to SP6 MR3, signed messages appear with a key on the message icon (just like encrypted mail). When the user opens the mail and tries to forward it they receive a prompt
"Warning - This message will be sent without Lotus Notes encryption. Continue?" If the users selects yes they are then promted for the user id password (if stored in the mailfile)
|
Offline
|
|
01-21-2009, 11:51 AM
|
#10
|
Thumbs Must Hurt
Join Date: Oct 2006
Location: Loony bin
Model: 8800
Carrier: T-Mobile
Posts: 111
|
My bad - I never applied MR3, so it sounds specific to that maint release.
|
Offline
|
|
01-22-2009, 09:22 AM
|
#11
|
New Member
Join Date: May 2008
Location: Newcastle,UK
Model: 8800
PIN: N/A
Carrier: T Mobile
Posts: 10
|
More info
In BES 4.1.5 you could only read encrypted mails if your mailfile was based on a webmail template and you had attached your id file to your mailfile.
In version 4.1.6 MR3 any user who is setup for roaming and has the id file attached to their address book can read encrypted mails, a definite improvement. The downside of this is that signed messages also require you to enter the id pwd when trying to forward.
|
Offline
|
|
01-22-2009, 09:32 AM
|
#12
|
New Member
Join Date: Jan 2009
Location: Tampa, FL
Model: 9000
PIN: N/A
Carrier: AT&T
Posts: 11
|
mahoward and hzgjlv, I'm seeing the exact same thing as you, and I'm on BES 4.1.6 MR3, Interim Security Update 2 (the ISU 2 is highly recommended, BTW, as it fixes a nasty PDF vulerability), running on Domino 7.0.3FP1.
Since m4ilm4n is running Domino 8.x, me wonders if it's a Domino 7.0.3 <-> BES 4.1.6 MR3 issue? I've been on 7.0.3 since 12/26, but only MR3 since 01/16, and my users only started reporting this issue this week (starting Monday 01/19).
hzgjlv, have you heard anything from RIM?
|
Offline
|
|
01-22-2009, 10:32 AM
|
#13
|
CrackBerry Addict
Join Date: May 2005
Model: 8900
Carrier: T-Mobile
Posts: 560
|
m4ilm4n just stated he is not running MR3, so he hasn't seen this issue.
It is simply the MR3 update causing this, as I had one server up to MR3 but *without* the Interim Security update when we noticed this behavior.
In order to upgrade to MR3, as part of the process we are now disabling native notes encryption on the BES servers via the SECMSGSupported = 0 reghack.
This seems to work, no more key icons, no more prompts.
We needed to apply MR3 to fix 2 issues which caused crashes in our environment. One of these was related to particular S/MIME messages, but not sure how that relates to native notes encryption.
Looks like they slipped in some new code along with their fixes perchance?
In any case not good. Don't like getting bitten with this stuff.
__________________
BESX 4.1.7 on Exchange 2003: 65 Devices
BESX 5.0.3 on Exchange 2003: 2007 Devices
|
Offline
|
|
01-22-2009, 11:52 AM
|
#14
|
New Member
Join Date: Jan 2009
Location: Tampa, FL
Model: 9000
PIN: N/A
Carrier: AT&T
Posts: 11
|
Good to know that you worked around it via the SECMSGSupported reghack. BTW... is that a live hack, or is a restart of one or more services/processes needed? RIM's technote says nada about it.
BTW... were you directed to the reghack by RIM, or did you have a hunch?
OT comment: Google is scary... it already indexed your reply to me. I found it when I googled "SECMSGSupported".
|
Offline
|
|
01-22-2009, 12:08 PM
|
#15
|
CrackBerry Addict
Join Date: May 2005
Model: 8900
Carrier: T-Mobile
Posts: 560
|
You would need to restart the BES task to enable the hack. I searched for notes native encryption on the BB T-Support KB and it pointed me to the article on how to disable.
__________________
BESX 4.1.7 on Exchange 2003: 65 Devices
BESX 5.0.3 on Exchange 2003: 2007 Devices
|
Offline
|
|
01-23-2009, 02:40 AM
|
#16
|
CrackBerry Addict
Join Date: Oct 2004
Location: Toronto
Model: Z10
Carrier: Lord Rogers - 107
Posts: 862
|
@mahoward , nice find!
I definately think that you Domino/BES Admins are on the cutting EDGE of the UC industry. Always learning new things but still confused, hehe.
__________________
Senior help desk administrator (rim_db_admin_sr_helpdesk)
Serious Mobile
|
Offline
|
|
01-23-2009, 05:39 AM
|
#17
|
New Member
Join Date: May 2008
Location: Newcastle,UK
Model: 8800
PIN: N/A
Carrier: T Mobile
Posts: 10
|
Answer from RIM. This is a known issue and is being investigated under SDR285197.
Currently there is no workaround and no estimated time to fix (as this issue occurred in 4.1.6 MR3 and has only just been reported).
|
Offline
|
|
01-23-2009, 02:43 PM
|
#18
|
New Member
Join Date: Jan 2009
Location: Tampa, FL
Model: 9000
PIN: N/A
Carrier: AT&T
Posts: 11
|
@mahoward, by "restart the BES task", do you mean just the DBES server task as it appears in Domino? Just trying to gauge the duration of the outage.
Thanks for sharing, btw.
|
Offline
|
|
01-23-2009, 03:11 PM
|
#19
|
CrackBerry Addict
Join Date: May 2005
Model: 8900
Carrier: T-Mobile
Posts: 560
|
Yeah since the reghack exists in the Agents subkey then I suspect the only thing that needs to be restarted is the DBES server task. Or "tell BES quit" & "load bes"
__________________
BESX 4.1.7 on Exchange 2003: 65 Devices
BESX 5.0.3 on Exchange 2003: 2007 Devices
|
Offline
|
|
01-26-2009, 11:13 AM
|
#20
|
BlackBerry Extraordinaire
Join Date: Jul 2005
Location: NYC
Model: 9800
OS: 6.0.0.546
Carrier: AT&T
Posts: 2,344
|
__________________
Exchange 2007/BES 5.0.2 MR2
|
Offline
|
|
|
|