Quick-Sign Milter Installation
1. Introduction
The Quick-Sign Milter works in addition with a mail server; this software catches mails before they reach the standard mail server. The milter processes the mails if they correspond to a signature/seal request otherwise, these mails follow the standard process.
The quicksign-milter package must be installed and configured on a postfix server. WebADM/OpenOTP infrastructure must be already deployed and integrated with your LDAP backend. Your OpenOTP license must also support Sign option.
2. Package Installation
2.1 RHEL/CentOS through RCDevs Repository
The installation of the Quick-Sign Milter as a service is done with the following command once RCDevs repository is installed:
yum install quicksign-milter
OR
dnf install quicksign-milter
2.2 Debian/Ubuntu through RCDevs Repository
The installation of the Quick-Sign Milter as a service is done with the following command once RCDevs repository is installed:
apt install quicksign-milter
3. Components of the Milter
3.1 Mandatory Components
To work, the milter needs several components.
- IMAP and SMTP associated server
- Redis server to store sessions about pending signatures requests
- WebADM server for the junction to the OpenOTP process
3.2 Optional components
The Quick-Sign Milter can be associated to the Quick-Sign Portal. In this configuration, the milter can be used as is or with the portal without changing the configuration. For more information about this configuration, refer to Quick-Sign Portal Guide.
4. Configuration
The milter is installed in /etc/quicksign/ folder.
Please find below, the standard Milter configuration file for domain “server.com”.
4.1 Standard configuration file quicksign-milter.conf
[Milter]
; socket = /var/run/quicksign/quicksign-milter.sock
socket = inet:8890@localhost
timeout = 30
polling = 15
# Portal settings (optional)
# If one is enabled, the second one and the TemplatesPortal section have to be activated
portal_id = a9a9a9a9-a9a9-a9a9-a9a9-a9a9a9a9a9a9
portal_manager = Postman@server.com
[Redis]
host = redis.server.com
port = 6379
[OpenOTP]
server_url = https://webadm.server.com:8443/openotp/
client_id = QuickSign
signature_timeout = 600
[Signature]
# The following advanced configuration variable takes a regular expression to
# search the given pattern in the subject of the received e-mail. If a match
# is found, the signature will be switched to advanced mode
# Switch to advanced signature mode if any of the following case insensitive
# words is found anywhere in the subject of the e-mail
advanced_trigger = advanced|avancée
# Switch to advanced signature mode if [a], [adv], [advanced] or [avancée] is
# found case insensitive at the beginning of the subject of the e-mail
# advanced_trigger = ^\[(a|adv|advanced|avancée)\]
# Allowed values for advanced_scope: Local, Global or eIDAS
advanced_scope = Global
# Switch to eIDAS qualified signature mode if any of the following case
# insensitive words is found anywhere in the subject of the e-mail
qualified_trigger = qualified|qualifiée
# allowed mime types in advanced signature mode
allowed_mime_types = [
"application/msword",
"application/pdf",
"application/rtf",
"application/vnd.ms-excel",
"application/vnd.ms-powerpoint",
"application/vnd.oasis.opendocument.presentation",
"application/vnd.oasis.opendocument.spreadsheet",
"application/vnd.oasis.opendocument.text",
"application/vnd.openxmlformats-officedocument.presentationml.presentation",
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
"application/vnd.openxmlformats-officedocument.wordprocessingml.document",
"application/vnd.visio"
]
[EmailAddresses]
notification_sender = noreply@server.com
real_domain = server.com
sign_domain = sign.server.com
seal_email = seal@sign.server.com
[Logging]
log_filename = /var/log/quicksign/quicksign-milter.log
level = WARNING
; DEBUG
; INFO
; WARNING
; ERROR
; CRITICAL
# Mails templates sent by the Milter (mandatory)
[Templates]
_mail_footer_html = /etc/quicksign/templates/milter/_mail_footer.html
_mail_footer_txt = /etc/quicksign/templates/milter/_mail_footer.txt
_style = /etc/quicksign/templates/milter/_mail_style.inc
cancel_error_html = /etc/quicksign/templates/milter/cancel_error.html
cancel_error_subject = /etc/quicksign/templates/milter/cancel_error.subject
cancel_error_txt = /etc/quicksign/templates/milter/cancel_error.txt
cancel_inform_html = /etc/quicksign/templates/milter/cancel_inform.html
cancel_inform_subject = /etc/quicksign/templates/milter/cancel_inform.subject
cancel_inform_txt = /etc/quicksign/templates/milter/cancel_inform.txt
cancel_success_html = /etc/quicksign/templates/milter/cancel_success.html
cancel_success_subject = /etc/quicksign/templates/milter/cancel_success.subject
cancel_success_txt = /etc/quicksign/templates/milter/cancel_success.txt
recipient_error_html = /etc/quicksign/templates/milter/recipient_error.html
recipient_error_subject = /etc/quicksign/templates/milter/recipient_error.subject
recipient_error_txt = /etc/quicksign/templates/milter/recipient_error.txt
recipient_notice_html = /etc/quicksign/templates/milter/recipient_notice.html
recipient_notice_subject = /etc/quicksign/templates/milter/recipient_notice.subject
recipient_notice_txt = /etc/quicksign/templates/milter/recipient_notice.txt
recipient_reject_html = /etc/quicksign/templates/milter/recipient_reject.html
recipient_reject_subject = /etc/quicksign/templates/milter/recipient_reject.subject
recipient_reject_txt = /etc/quicksign/templates/milter/recipient_reject.txt
seal_error_html = /etc/quicksign/templates/milter/seal_error.html
seal_error_subject = /etc/quicksign/templates/milter/seal_error.subject
seal_error_txt = /etc/quicksign/templates/milter/seal_error.txt
seal_success_html = /etc/quicksign/templates/milter/seal_success.html
seal_success_subject = /etc/quicksign/templates/milter/seal_success.subject
seal_success_txt = /etc/quicksign/templates/milter/seal_success.txt
sender_error_html = /etc/quicksign/templates/milter/sender_error.html
sender_error_subject = /etc/quicksign/templates/milter/sender_error.subject
sender_error_txt = /etc/quicksign/templates/milter/sender_error.txt
sender_error_attachments_html = /etc/quicksign/templates/milter/sender_error_attachments.html
sender_error_attachments_subject = /etc/quicksign/templates/milter/sender_error_attachments.subject
sender_error_attachments_txt = /etc/quicksign/templates/milter/sender_error_attachments.txt
sender_notice_html = /etc/quicksign/templates/milter/sender_notice.html
sender_notice_subject = /etc/quicksign/templates/milter/sender_notice.subject
sender_notice_txt = /etc/quicksign/templates/milter/sender_notice.txt
sender_reject_html = /etc/quicksign/templates/milter/sender_reject.html
sender_reject_subject = /etc/quicksign/templates/milter/sender_reject.subject
sender_reject_txt = /etc/quicksign/templates/milter/sender_reject.txt
sign_details = /etc/quicksign/templates/milter/sign_details.html
sign_success_html = /etc/quicksign/templates/milter/sign_success.html
sign_success_subject = /etc/quicksign/templates/milter/sign_success.subject
sign_success_txt = /etc/quicksign/templates/milter/sign_success.txt
# Mails templates sent by the Portal/Milter
# Mandatory only if 'portal_id' and 'portal_manager' are enabled (otherwise they are ignored)
[TemplatesPortal]
_mail_footer_html = /etc/quicksign/templates/portal/_mail_footer.html
_mail_footer_txt = /etc/quicksign/templates/portal/_mail_footer.txt
_style = /etc/quicksign/templates/portal/_mail_style.inc
cancel_error_html = /etc/quicksign/templates/portal/cancel_error.html
cancel_error_subject = /etc/quicksign/templates/portal/cancel_error.subject
cancel_error_txt = /etc/quicksign/templates/portal/cancel_error.txt
cancel_inform_html = /etc/quicksign/templates/portal/cancel_inform.html
cancel_inform_subject = /etc/quicksign/templates/portal/cancel_inform.subject
cancel_inform_txt = /etc/quicksign/templates/portal/cancel_inform.txt
cancel_success_html = /etc/quicksign/templates/portal/cancel_success.html
cancel_success_subject = /etc/quicksign/templates/portal/cancel_success.subject
cancel_success_txt = /etc/quicksign/templates/portal/cancel_success.txt
recipient_error_html = /etc/quicksign/templates/portal/recipient_error.html
recipient_error_subject = /etc/quicksign/templates/portal/recipient_error.subject
recipient_error_txt = /etc/quicksign/templates/portal/recipient_error.txt
recipient_notice_html = /etc/quicksign/templates/portal/recipient_notice.html
recipient_notice_subject = /etc/quicksign/templates/portal/recipient_notice.subject
recipient_notice_txt = /etc/quicksign/templates/portal/recipient_notice.txt
recipient_reject_html = /etc/quicksign/templates/portal/recipient_reject.html
recipient_reject_subject = /etc/quicksign/templates/portal/recipient_reject.subject
recipient_reject_txt = /etc/quicksign/templates/portal/recipient_reject.txt
seal_error_html = /etc/quicksign/templates/portal/seal_error.html
seal_error_subject = /etc/quicksign/templates/portal/seal_error.subject
seal_error_txt = /etc/quicksign/templates/portal/seal_error.txt
seal_success_html = /etc/quicksign/templates/portal/seal_success.html
seal_success_subject = /etc/quicksign/templates/portal/seal_success.subject
seal_success_txt = /etc/quicksign/templates/portal/seal_success.txt
sender_error_html = /etc/quicksign/templates/portal/sender_error.html
sender_error_subject = /etc/quicksign/templates/portal/sender_error.subject
sender_error_txt = /etc/quicksign/templates/portal/sender_error.txt
sender_error_attachments_html = /etc/quicksign/templates/portal/sender_error_attachments.html
sender_error_attachments_subject = /etc/quicksign/templates/portal/sender_error_attachments.subject
sender_error_attachments_txt = /etc/quicksign/templates/portal/sender_error_attachments.txt
sender_notice_html = /etc/quicksign/templates/portal/sender_notice.html
sender_notice_subject = /etc/quicksign/templates/portal/sender_notice.subject
sender_notice_txt = /etc/quicksign/templates/portal/sender_notice.txt
sender_reject_html = /etc/quicksign/templates/portal/sender_reject.html
sender_reject_subject = /etc/quicksign/templates/portal/sender_reject.subject
sender_reject_txt = /etc/quicksign/templates/portal/sender_reject.txt
sign_details = /etc/quicksign/templates/portal/sign_details.html
sign_success_html = /etc/quicksign/templates/portal/sign_success.html
sign_success_subject = /etc/quicksign/templates/portal/sign_success.subject
sign_success_txt = /etc/quicksign/templates/portal/sign_success.txt
[Contact]
company_website = https://www.server.com
supervisor = hilda@server.com
phone = +351 23 45 67 89
[Language]
# ISO 639-1
selected_language = en
4.2 Parameters explanations
4.2.1 Milter
socket
Defines the socket on which the process runs and on which other processes can communicate with the Milter. The format of this parameter can be
- a file format with .sock extension (e.g.
/var/run/quicksign/quicksign-milter.sock) - or inet format (e.g.
inet:8890@localhostwhere 8890 is of course the used port)
timeout
This parameter is the standard duration for OpenOTP timeout (in seconds).
polling
This delay represents the number of seconds between two signatures checking which are pending.
portal_id
The portal ID is simply a string without specific format which permits to link the Milter and the Quick-Sign Portal ; the same string has to be included in the Portal configuration. The ID has no specific format: you can insert a UUID, a secret phrase, etc.
Note
This information should not be communicated to the standard users otherwise anybody can usurp the applicant of the signature request.
portal_manager
This is the user who actually sends and receives signatures requests only for the Quick-Sign Portal. In the standard configuration, users send requests with their email client software; their correspondents receive the requests on their own email client software. In the Portal configuration, all these emails are centralized on the Portal manager.
4.2.2 Redis
host
Redis server name for the Milter. This Redis can be merged with another Redis server because the Quick-Sign sessions have a specific prefix. In the case the Quick-Sign Portal is installed, the two theoretical Redis servers can also run on a single Redis server thanks to the different prefixes of the Milter and the Portal
port
The default Redis port is 6379. In theory, it is not needed to change it.
4.2.3 OpenOTP
The Milter has to be linked to a RCDevs WebADM where OpenOTP is activated (see here for information: WebADM Administrator Guide).
server_url
This is the address of the WebADM server which supports OpenOTP add-on.
client_id
This parameter is the identifier of the Milter Policy created in WebADM (find more information: Policies).
signature_timeout
This is how long the signature is available (Pending status, waiting for the user to sign the document). After this delay, the signature is obsolete, considered as rejected by the process. The applicant and the “non-signer” will both received an email for their information.
4.2.4 Signature
advanced_trigger
The advanced configuration variable takes a regular expression to search the given pattern in the subject of the received e-mail. If a match is found, the signature will be switched to advanced mode. This parameter is case-insensitive.
advanced_scope
Defines the scope for advance signatures; this parameter can be Local, Global or eIDAS
qualified_trigger
Switch to eIDAS qualified signature mode if any of the following words is found anywhere in the subject of the e-mail. This parameter is case-insensitive.
allowed_mime_types
This array parameter can contain all the file types your company needs.
Note
Note that only PDF files can be submitted for standard signatures. All the other files types will be automatically switched to advanced signature.
4.2.5 EmailAddresses
Note
notification_sender = noreply@server.com
real_domain
As opposed to sign domain below, this domain is the actual mail domain used in the organisation.
sign_domain
The sign domain, generally built according to the following format: “sign.<real_domain>”. It is used by the applicant to send a signature request in the receiver email field (e.g. itManager@sign.server.com)
seal_email
The seal mail address used by a user for his own documents sealing. This parameter is generally built according to the following format: “seal@sign.<real_domain>”.
4.2.6 Logging
log_filename
This parameter is used to set the full path for the Logs.
level
The level parameter defines the Logs verbosity; WARNING is the default level.
Five levels are available, from DEBUG to CRITICAL, respectively from the most verbose to the less one.
The presented levels are as follows:
- DEBUG
- INFO
- WARNING
- ERROR
- CRITICAL
4.2.7 Templates
4.2.7.1 Templates for status messages
The Milter mails templates are composed of three files for each status; these files are suffixed by:
_htmlfor the body of the mail (in HTML format) sent by the Milter to inform applicant and signer of the signature status_subjectfor the subject of the same email_txtfor this whole email in text format The different status are:cancel_error: an error happened when the applicant cancelled his requestcancel_inform: after a cancellation, the applicant and the signer are informed of the eventcancel_success: cancellation process succeededrecipient_error: information for the signer; the process is wrong (e.g. server error)recipient_notice: the signer is noticed about a document is waiting his signaturerecipient_reject: the signer is informed himself rejected the signature of the documentseal_error: sent when an error happened during the sealingseal_success: the sealing is done successfullysender_error: information for the applicant; the process is wrong (e.g. server error)sender_error_attachments: the attached documents are wrong of something wrong happened with these documentssender_notice: the applicant is noticed about a document is waiting the signer’s signaturesender_reject: the applicant is informed the signer rejected the signature of the documentsign_success: signature is done successfully
4.2.7.2 Templates for specific uses
sign_details: this is the template displayed on the mobile device where OpenOTP app is installed_mail_footer_html: For each status templates above, the footer; HTML format_mail_footer_txt: For each status templates above, the footer; Text format_style: the common CSS style for all these templates emails
4.2.7.3 Templates for Portal
Please refer to previous paragraphs: these templates have the same purpose but are used by the Portal.
Note
These Portal templates are mandatory if the fields portal_id and portal_manager are not empty.
Otherwise, they are optional.
4.2.8 Contact and Language
In these sections, you can customize miscellaneous information.