incoming email signed with a certificate from an untrusted authority

Milan11 · ‎06-22-2023

Hi,

the end user has sent a certificate signed email to our instance and this incoming email appears to be empty.
Content type of the email is application/pkcs7-mime; smime-type=signed-data; name="smime.p7m"

I attached the screenshot of the email.

Because this email was also sent to another recipient, we know that this email is not empty and also contains an attachment. The certificate that the email was signed with is issued by an untrusted authority.

Do you have any experience with such behaviour.

Regards,

Milan

Tony Chatfield1 · ‎06-22-2023

Hi, have you checked Antivirus > Quarantine to see if an attachment was quarantined.

Although redacted, the partial screenshot seems to show only 1 recipient (based on length of the black line and the bottom of only 1 @ symbol being visible), can you clarify how you concluded that this message was sent to multiple recipients?

Milan11 · ‎06-23-2023

Hi, Tony,
thank you for your reply.
There are no files in quarantine.
We use the company domain for incoming emails. I don't know how it's set up exactly, but there is a rule on our email server that sends incoming emails to our SN instance and also to the standard mailbox.
Through MS Outlook I can see this email with the content and attachment. The attachment is an MS Word document. When the email is viewed, it only shows an extra warning that the email is signed with a certificate from an untrusted certificate authority.

In our SN instance I can see that the Incoming action has been triggered. You directed me to see what happened to the attachment and it appears that the entire contents of the email have been converted to an attachment of type smime.p7m. This type of attachment is not on the allowed attachment list. I'm afraid that allowing this type of attachment probably doesn't help, as it will probably just get appended to the ticket.

Regards,

Milan