Sign your emails using iQ.Suite KeyManager. No certificate is available for the first time a user would like to send a signed email.
The first email is created as a request for a new certificate in iQ.Suite KeyManager. While the certificate is created via a Trust Center or an individual certificate, the email cannot be processed further and would be wrongfully put into quarantine by the signature job.
In a case like this, the administrator would have to send the email anew from quarantine, or the original sender would have to send it from his mail file, as soon as a key existed in iQ.Suite KeyManager.
Using the Smart module, this can be automated.
Step By Step
A rule requesting the signing of the email (e.g. a text rule)
iQ.Suite Text Rule: iQ.Suite KeyManager – Sign E-Mail
This jobs signs emails using iQ.Suite KeyManager. If successful, the text ““ is added to the subject heading.
If an error occurred (e.g. missing certificate), your email would not be transferred to the next job and also NOT put into quarantine.
Crypt Mail Job [Misc.] – iQ.Suite KeyManager – Sign S/MIME Outgoing Message with iQ.Suite KeyManager
A rule that checks whether the email was signed
This rule checks via the “success text” in the subject line whether the previous job signed the email.
iQ.Suite Text rule: iQ.Suite KeyManager – is signed
A rule that checks whether the email should be signed.
This rule checks using the list ($TKFlag50), whether the signing job has been processed.
iQ.Suite KeyManager – should be signed
A Smart Mail Job that delays the email when the signing job was processed, but the email could NOT be signed successfully.
Job: iQ.Suite KeyManager – delay not signed emails [Basics]
ATTENTION: Rule Execution Mode must be set to “Just Before the job“, since the values of both rules are changed with the “iQ.Suite KeyManager – Sign S/MIME Outgoing Message with iQ.Suite KeyManager” job.
The global parameter “ToolKit_UseDynamicRuleEvaluation” must be set to “Yes“.
Job: iQ.Suite KeyManager – delay not signed emails [Operations]
Entry into the delay database
Since the Mail-Grabber resumes after retrieving the email from the Smart Database at the same point at which the email was parked, an additional job is needed for signing (the first job will NOT be re-started).
Job: iQ.Suite KeyManager – Sign S/MIME Outgoing Message with iQ.Suite KeyManager 2 [Basics]
This job is only executed, if the email should be signed, but has not yet been signed. The rule must be checked immediately before the job.
Job: iQ.Suite KeyManager – Sign S/MIME Outgoing Message with iQ.Suite KeyManager 2 [Operations]
In this job, the email is stopped in case of an error, put into quarantine and the administrator is notified.
If successful “” is also added in the subject heading. Due to the delay of the email, iQ.Suite KeyManager has enough time to create the necessary certificate in a Trust Center and is then able to sign the email with the second job.
Job: iQ.Suite KeyManager – Sign S/MIME Outgoing Message with iQ.Suite KeyManager 2 [Misc.]
Body with Signatur
You can add the configuration documents, as stated in the example, via the import function into your own iQ.Suite configuration (or any testing environment).
