Unable to send email to transport testing tool

[rakeshra...@gmail.com]

Hi,

I am getting below entries in gateway log file whereas i had added properly ransport-testing.nist.gov certificate into my anchor where owner is my domain. I am able to successfully receive emails from transport testing tool.  Please guide me where i am doing wrong step.

2014-04-17 05:38:40.3350 [1] Debug Health.Direct.SmtpAgent.AgentDiagnostics - MAILFROM=rak...@myenkiworld.com;RCPTTO=SMTP:rak...@transport-testing.nist.gov;

2014-04-17 05:38:40.4470 [1] Error Health.Direct.SmtpAgent.AgentDiagnostics - OUTGOING

REJECTED RECIPIENTS=rak...@transport-testing.nist.gov

NO CERTS=rak...@transport-testing.nist.gov;

OTHER RECIPIENTS=rak...@transport-testing.nist.gov

Health.Direct.Agent.OutgoingAgentException: Error=NoTrustedRecipients

   at Health.Direct.Agent.DirectAgent.ProcessMessage(OutgoingMessage message)

   at Health.Direct.Agent.DirectAgent.ProcessOutgoing(OutgoingMessage message)

2014-04-17 05:38:40.4480 [1] Debug Health.Direct.SmtpAgent.SmtpAgent - Rejected Message

2014-04-17 05:38:40.4480 [1] Fatal Health.Direct.SmtpAgent.MessageArrivalEventHandler - While ProcessCDOMessage

[Joe Shook]

When you added the Anchor to your store did you set it's status to enabled?

--
You received this message because you are subscribed to the Google Groups "Direct Certificate Discovery Tool" group.
To unsubscribe from this group and stop receiving emails from it, send an email to directtesttoo...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[rakeshra...@gmail.com]

Yes I made it enabled.

Sent from my BlackBerry 10 smartphone.

From: Joe Shook Sent: Thursday, 17 April 2014 12:46 PM To: Direct Certificate Discovery Tool Google Group Reply To: directt...@googlegroups.com Subject: Re: Unable to send email to transport testing tool

You received this message because you are subscribed to a topic in the Google Groups "Direct Certificate Discovery Tool" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/directtesttool/u9L8fhb5I5Q/unsubscribe.
To unsubscribe from this group and all its topics, send an email to directtesttoo...@googlegroups.com.

[Joe Shook]

Try this command from ConfigConsole:

anchor_search_byName myenkiworld.com transport-testing false

What are the results?

[rakeshra...@gmail.com]

Got below reply:-

>anchor_search_byName myenkiworld.com transport-testing false

Name Matched

Email Matched

Owner = myenkiworld.com

Thumbprint = 1186E1ADAAD1F0435956430A45328866E8A22349

ID = 14

CreateDate = 4/17/2014 5:55:19 AM

ValidStart = 4/2/2014 2:00:50 PM

ValidEnd = 4/1/2016 2:00:50 PM

ForIncoming = True

ForOutgoing = True

Status = Enabled

Subject = E=transport-testing.nist.gov, CN=transport-testing.nist.gov, O=NIST, L=Gaithersburg, S=MD, C=US

SerialNumber = 04

Issuer = E=nist.gov, CN=nist.gov, O=NIST, L=Gaithersburg, S=MD, C=US

HasPrivateKey = False

------

[Joe Shook]

OK I gave you the wrong search string.  It should have actually been:

anchor_search_byName myenkiworld.com direct.sitenv false

Your previous search appears to be their public Certificate.  

--

[rakeshra...@gmail.com]

I got "No matches" by triggering below statement

anchor_search_byName myenkiworld.com direct.sitenv false

[Joe Shook]

This proves you do not trust the NIST anchor.

Experiment with the other ConfigConsole commands.  Maybe you did install the anchor.  But it is not associated with the myenkiworld.com domain.  So currently you can not send to NIST from myenkiworld.com because you have not set up the trust relationship.

On Thu, Apr 17, 2014 at 1:41 AM, <rakeshra...@gmail.com> wrote:

I got "No matches" by triggering below statement

anchor_search_byName myenkiworld.com direct.sitenv false

--

[rakeshra...@gmail.com]

I had downloaded anchors from transport testing site. Is there any other website through I have to download this anchor? 

Also I am able to receive emails from transport testing site but able to send.

Can you please some hint on this.

Appreciate your help.

Sent from my BlackBerry 10 smartphone.

From: Joe Shook Sent: Thursday, 17 April 2014 8:02 PM

To: Direct Certificate Discovery Tool Google Group Reply To: directt...@googlegroups.com Subject: Re: Unable to send email to transport testing tool

You received this message because you are subscribed to a topic in the Google Groups "Direct Certificate Discovery Tool" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/directtesttool/u9L8fhb5I5Q/unsubscribe.
To unsubscribe from this group and all its topics, send an email to directtesttoo...@googlegroups.com.

[Joe Shook]

This is the thumbprint of the cert I downloaded:

‎fe 66 51 ba 31 95 91 a0 89 ab ba 80 89 de 58 66 55 18 a1 44

What is yours?

Anchors_List will show you all the anchors installed and their domain association.

Could you share the link for the Anchor you downloaded, because I am curious how you downloaded their public certificate.

I download mine from this page: http://sitenv.org/web/site/direct-transport-test-tool in step 1.

[Manu]

When i had triggered anchors_list command in config console i had received below output:-

>anchors_list

Owner = myenkiworld.com

Thumbprint = 1186E1ADAAD1F0435956430A45328866E8A22349

ID = 14

CreateDate = 4/17/2014 5:55:19 AM

ValidStart = 4/2/2014 2:00:50 PM

ValidEnd = 4/1/2016 2:00:50 PM

ForIncoming = True

ForOutgoing = True

Status = Enabled

------

I had downloaded anchor from this http://sitenv.org/web/site/direct-transport-test-tool site and added into myenkiworld.com trust list and now by triggerein command "anchor_search_byName myenkiworld.com direct.sitenv false" i am getting below response 

>anchor_search_byName myenkiworld.com direct.sitenv false

Name Matched

Owner = myenkiworld.com

Thumbprint = FE6651BA319591A089ABBA8089DE58665518A144

ID = 15

CreateDate = 4/17/2014 3:39:34 PM

ValidStart = 7/5/2013 6:39:26 PM

ValidEnd = 11/25/2021 7:39:26 PM

ForIncoming = True

ForOutgoing = True

Status = Enabled

Subject = CN=direct.sitenv.org_ca

SerialNumber = 747BC4C03EB7FFC4

Issuer = CN=direct.sitenv.org_ca

HasPrivateKey = False

------

but still while sending email to rak...@transport-testing.nist.gov i am getting below error in my gateway file

2014-04-17 15:43:19.9600 [1] Debug Health.Direct.SmtpAgent.AgentDiagnostics - MAILFROM=rak...@myenkiworld.com;RCPTTO=SMTP:rak...@transport-testing.nist.gov;

2014-04-17 15:43:21.5320 [1] Error Health.Direct.SmtpAgent.AgentDiagnostics - OUTGOING

REJECTED RECIPIENTS=rak...@transport-testing.nist.gov

NO CERTS=rak...@transport-testing.nist.gov;

OTHER RECIPIENTS=rak...@transport-testing.nist.gov

Health.Direct.Agent.OutgoingAgentException: Error=NoTrustedRecipients

   at Health.Direct.Agent.DirectAgent.ProcessMessage(OutgoingMessage message)

   at Health.Direct.Agent.DirectAgent.ProcessOutgoing(OutgoingMessage message)

2014-04-17 15:43:21.5460 [1] Debug Health.Direct.SmtpAgent.SmtpAgent - Rejected Message

2014-04-17 15:43:21.5580 [1] Fatal Health.Direct.SmtpAgent.MessageArrivalEventHandler - While ProcessCDOMessage

[Joe Shook]

OK...

So now lets see if you can resolve the NIST public certificate.

Oh wait.

The testing tool page says under Direct Send to use 

• Prov...@direct.sitenv.org 

[Manu]

I had tried sending email to Prov...@direct.sitenv.org but below message in gateway log:-

2014-04-18 04:18:28.0600 [1] Debug Health.Direct.SmtpAgent.AgentDiagnostics - MAILFROM=rak...@myenkiworld.com;RCPTTO=SMTP:Prov...@direct.sitenv.org;

2014-04-18 04:18:31.0040 [1] Error Health.Direct.SmtpAgent.AgentDiagnostics - OUTGOING

REJECTED RECIPIENTS=Prov...@direct.sitenv.org

NO CERTS=Prov...@direct.sitenv.org;

OTHER RECIPIENTS=Prov...@direct.sitenv.org

Health.Direct.Agent.OutgoingAgentException: Error=NoTrustedRecipients

   at Health.Direct.Agent.DirectAgent.ProcessMessage(OutgoingMessage message)

   at Health.Direct.Agent.DirectAgent.ProcessOutgoing(OutgoingMessage message)

2014-04-18 04:18:31.0040 [1] Debug Health.Direct.SmtpAgent.SmtpAgent - Rejected Message

2014-04-18 04:18:31.0040 [1] Fatal Health.Direct.SmtpAgent.MessageArrivalEventHandler - While ProcessCDOMessage

[Manu]

On this website http://sitenv.org/web/site/direct-transport-test-tool i am unable to receive and send emails. When i am triggering anchors_list command i am able to see anchor(mentioned in the site) successfully.

Appreciate your continuous help on this topic. 

[Joe Shook]

OK, back to my last train of thought:

Using AgentConsole test to see if you can resolve the public cert:

I get a cert for the following

dns_setserver = { ip of your dns resolver in smtpagentconfig.xml }  

dns_resolvecert  direct.sitenv.org

The signature of you log indicates you are not getting a public certificate.

[Manu]

I had got below reply:-

>dns_setserver 54.214.21.163

>dns_resolvecert direct.sitenv.org

No certs found

[Joe Shook]

And there in lies your problem

54.214.21.163 should be a DNS server that can resolve external (internet) resources.  Usually I pick the same IP my network cards are bound to.

[Manu]

currently our DNS server is setup on godaddy

[Manu]

Also i can receive email from rakesh@transport-testing,nist.gov i.e. from http://transport-testing.nist.gov/ttt/ this site

[Joe Shook]

What kind of DNS server is 54.214.21.163?  Is it the same IP your network card is using as a DNS server? 

Can you resolve the A record?

DNS_RESOLVE  direct.sitenv.org ANAME

[Manu]

54.214.21.163 is an Amazon EC2 instance and it is a public ip address for myenkiworld.com

When i had triggered below command on agentconsole i got below reply:-

>dns_resolve direct.sitenv.org ANAME

RequestID = 46663

Response Code = NameError

[Joe Shook]

You need to pick a DNS IP address.  You can look at the primary and secondary DNS IP Addresses your virtual network is bound to.

from the command line

ipconfig /all

Look for DNS Servers.

Put these IP addresses into your smtpagentconfig.xml for dns resolution.  

You are hosting the Direct DNS server on myenkiworld.com I assume, which is 54.214.21.163.  But the Direct DNS server it is not capable of serving records and resolving against an authoritative name server at the same time.  So basically the Direct DNS server can be either a record storage service or authoritative and resolve records from other DNS servers.  It can not be both at the same time. By default it is just a record storage service.  

[Manu]

Thanks Joe. I able to send emails from rak...@myenkiworld.com to prov...@direct.sitenv.org now but not able to receive any emails from prov...@direct.sitenv.org, is there something still i missing as i am also not getting in gateway log file

[Joe Shook]

I notice you said you could receive messages from rakesh@transport-testing,nist.gov i.e. from http://transport-testing.nist.gov/ttt/ this site.

Oh, I just clicked that link.  It has been so long since I visited that testing version for Direct.  So I believe you uploaded your public certificate to them back in the past and thus they do not have to resolve your certificate.

Anyway, I can not resolve your CERT from the internet so direct.sitenv.org will not be able to fine you.

I used www.digwebinterface.com to test this:

http://www.digwebinterface.com/?hostnames=myenkiworld.com&type=CERT&ns=resolver&useresolver=8.8.4.4&nameservers=

You will need to register your Direct DNS Server with Amazon as a DNS server.  You will have to follow their instructions on how to host your own DNS server.  I have not experience this at Amazon.

On Fri, Apr 18, 2014 at 1:39 AM, Manu <rakeshra...@gmail.com> wrote:

Thanks Joe. I able to send emails from rak...@myenkiworld.com to prov...@direct.sitenv.org now but not able to receive any emails from prov...@direct.sitenv.org, is there something still i missing as i am also not getting in gateway log file

[Manu]

i had used below command to set mx and soa record for myenkiworld.com

DNS_SOA_ENSURE myenkiworld.com ns19.domaincontrol.com. dns.jomax.net. 2014040803 28800 7200 604800 3600

DNS_MX_ENSURE myenkiworld.com myenkiworld.com 3600

--
You received this message because you are subscribed to a topic in the Google Groups "Direct Certificate Discovery Tool" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/directtesttool/u9L8fhb5I5Q/unsubscribe.
To unsubscribe from this group and all its topics, send an email to directtesttoo...@googlegroups.com.

[Joe Shook]

Yes, but you need to register your DNS server so it can be found.  Look to Amazon for that I would imagine.

[Manu]

sure i will check on it

[Manu]

Hi Joe, 

I had setup my DNS server with Amazon route53 and now i am able to receive and send emails from http://transport-testing.nist.gov/ttt/ but the same emails sending and receiving is not happening with http://sitenv.org/web/site/direct-transport-test-tool.

I had followed below steps to do the same:-

1. Downloaded the trust anchor of http://sitenv.org/web/site/direct-transport-test-tool site and made it enable.

2. Triggered below commands to satisfy that the i am able to resolve the DNS and trust anchors:-

   1.  >dns_resolvecert direct.sitenv.org

          1 found

          O=direct.sitenv.org, CN=direct.sitenv.org, E=direct.sitenv.org

   2.  >anchor_search_byname myenkiworld.com direct.sitenv.org false

Name Matched

Owner = myenkiworld.com

Thumbprint = FE6651BA319591A089ABBA8089DE58665518A144

ID = 15

CreateDate = 4/17/2014 3:39:34 PM

ValidStart = 7/5/2013 6:39:26 PM

ValidEnd = 11/25/2021 7:39:26 PM

ForIncoming = True

ForOutgoing = True

Status = Enabled

Subject = CN=direct.sitenv.org_ca

SerialNumber = 747BC4C03EB7FFC4

Issuer = CN=direct.sitenv.org_ca

HasPrivateKey = False

------

Please let me know whether i am missing something in this.

[Manu]

Also the MDN what i am receiving from http://transport-testing.nist.gov/ttt/ are unencrypted because of which i getting below log in gateway file:-

2014-04-23 07:45:08.9288 [1] Debug Health.Direct.SmtpAgent.AgentDiagnostics - MAILFROM=transpor...@nist.gov;RCPTTO=SMTP:rak...@myenkiworld.com;

2014-04-23 07:45:08.9838 [1] Error Health.Direct.SmtpAgent.AgentDiagnostics - INCOMING

RECIPIENTS=rak...@myenkiworld.com

DOMAIN RECIPIENTS=rak...@myenkiworld.com

ERROR=NotEncrypted;

Health.Direct.Common.Cryptography.EncryptionException: Error occurred during a cryptographic operation.

   at Health.Direct.Common.Cryptography.SMIMECryptographer.GetEncryptedBytes(MimeEntity encryptedEntity)

   at Health.Direct.Agent.IncomingMessage.GetEncryptedBytes(SMIMECryptographer cryptographer)

   at Health.Direct.Agent.DirectAgent.DecryptSignatures(IncomingMessage message, X509Certificate2 certificate, SignedCms& signatures, MimeEntity& payload)

   at Health.Direct.Agent.DirectAgent.DecryptSignedContent(IncomingMessage message, DirectAddress recipient, SignedCms& signatures, MimeEntity& payload)

2014-04-23 07:45:08.9838 [1] Fatal Health.Direct.SmtpAgent.MessageArrivalEventHandler - While ProcessCDOMessage

[ghulama...@gmail.com]

Hi Manu,

have you got resolved your issue ?

Thanks
Ghulam Abbas

On Thursday, April 17, 2014 at 11:05:32 AM UTC+5, rakeshra...@gmail.com wrote:

Hi,

I am getting below entries in gateway log file whereas i had added properly ransport-testing.nist.gov certificate into my anchor where owner is my domain. I am able to successfully receive emails from transport testing tool.  Please guide me where i am doing wrong step.

2014-04-17 05:38:40.3350 [1] Debug Health.Direct.SmtpAgent.AgentDiagnostics - MAILFROM=rakesh@myenkiworld.com;RCPTTO=SMTP:rakesh@transport-testing.nist.gov;

2014-04-17 05:38:40.4470 [1] Error Health.Direct.SmtpAgent.AgentDiagnostics - OUTGOING

REJECTED RECIPIENTS=rakesh@transport-testing.nist.gov

NO CERTS=rakesh@transport-testing.nist.gov;

OTHER RECIPIENTS=rakesh@transport-testing.nist.gov

Health.Direct.Agent.OutgoingAgentException: Error=NoTrustedRecipients

   at Health.Direct.Agent.DirectAgent.ProcessMessage(OutgoingMessage message)

   at Health.Direct.Agent.DirectAgent.ProcessOutgoing(OutgoingMessage message)

2014-04-17 05:38:40.4480 [1] Debug Health.Direct.SmtpAgent.SmtpAgent - Rejected Message

2014-04-17 05:38:40.4480 [1] Fatal Health.Direct.SmtpAgent.MessageArrivalEventHandler - While ProcessCDOMessage

[albinac...@gmail.com]

Sir,

    Can u plz guide me how to create a testing email to send and receive mail from Direct Project.As a newbie I couldnt step forward

[Elizabeth So]

Hi,

Below are some links to information regarding the Direct Project.

• http://wiki.directproject.org/CSharp+Setup+Instructions (.NET RI)
• http://api.directproject.info/assembly/stock/4.0/users-guide/ (Java RI 4.0) - the 5.0 version is expected to be available soon with information available at http://api.directproject.info/assembly/stock/5.0/users-guide/
• https://groups.google.com/forum/#!forum/nhindirect-discuss (forum for questions related to the Direct Project) 

If you could provide specific details as to which type of system you are trying to configure, that would be helpful in determining which of the above guides/sections would be most useful for you to read. In addition, you should have a domain available for testing purposes.

Thanks,

Elizabeth

DCDT Dev Team

[anilja...@gmail.com]

Hi,

I am also facing issue while sending secure email through direct project to "d...@domain1.dcdt30prod.sitenv.org" and "direct-clin...@transport-testing.nist.gov".

I am using below code and and its giving me error "Key does not exists".

On last line i am getting error. I have attached all of certificate in my direct project console.

                Health.Direct.SmtpAgent.SmtpAgent m_agent = Health.Direct.SmtpAgent.SmtpAgentFactory.Create(@"C:\Program Files\Direct Project .NET Gateway\SmtpAgentConfig.xml");

                setting = m_agent.Settings;

                DirectAgent agent = setting.CreateAgent();

                //agent.PreProcessOutgoing += OnPreProcessOutgoing;

                agent.Error += OnGeneralError;

                SubscribeToResolverEvents(agent.PublicCertResolver);

                //CDO.Message message = this.LoadMessage(string.Format(TestMessage, to, Guid.NewGuid()));

                //m_agent.ProcessMessage(message);

                agent.ProcessOutgoing(string.Format(TestMessage, to, Guid.NewGuid()));

Please help me into this.

Thanks

Anil

--------------------------------------