Introduction

The Quick-Sign Milter works in addition with a mail server; this software catches mails before they reach the standard mail server. The milter processes the mails if they correspond to a signature/seal request otherwise, these mails follow the standard process.
The quicksign-milter package must be installed and configured on a postfix server. WebADM/OpenOTP infrastructure must be already deployed and integrated with your LDAP backend. Your OpenOTP license must also support Sign option.

Package Installation

RHEL/CentOS through RCDevs Repository

The installation of the Quick-Sign Milter as a service is done with the following command once RCDevs repository is installed:

dnf install quicksign-milter

Debian/Ubuntu through RCDevs Repository

The installation of the Quick-Sign Milter as a service is done with the following command once RCDevs repository is installed:

apt install quicksign-milter

Components of the Milter

Mandatory Components

To work, the milter needs several components.

  • IMAP and SMTP associated server
  • Redis server to store sessions about pending signatures requests
  • WebADM server for the junction to the OpenOTP process

Optional components

The Quick-Sign Milter can be associated to the Quick-Sign Portal. In this configuration, the milter can be used as is or with the portal without changing the configuration. For more information about this configuration, refer to Quick-Sign Portal Guide.

Configuration

The milter is installed in /etc/quicksign/ folder.
Please find below, the standard Milter configuration file for domain "server.com".

Standard configuration file quicksign-milter.conf

[Milter]
; socket          = /var/run/quicksign/quicksign-milter.sock
socket          = inet:8890@localhost
timeout         = 30
polling         = 15
# Portal settings (optional)
# If one is enabled, the second one and the TemplatesPortal section have to be activated
portal_id       = a9a9a9a9-a9a9-a9a9-a9a9-a9a9a9a9a9a9
portal_manager  = Postman@server.com

[Redis]
host = redis.server.com
port = 6379

[OpenOTP]
server_url        = https://webadm.server.com:8443/openotp/
client_id         = QuickSign
signature_timeout = 600

[Signature]
# The following advanced configuration variable takes a regular expression to
# search the given pattern in the subject of the received e-mail. If a match
# is found, the signature will be switched to advanced mode

# Switch to advanced signature mode if any of the following case insensitive
# words is found anywhere in the subject of the e-mail
advanced_trigger = advanced|avancée

# Switch to advanced signature mode if [a], [adv], [advanced] or [avancée] is
# found case insensitive at the beginning of the subject of the e-mail
# advanced_trigger = ^\[(a|adv|advanced|avancée)\]

# Allowed values for advanced_scope: Local, Global or eIDAS
advanced_scope = Global

# Switch to eIDAS qualified signature mode if any of the following case
# insensitive words is found anywhere in the subject of the e-mail
qualified_trigger = qualified|qualifiée

# allowed mime types in advanced signature mode
allowed_mime_types = [
    "application/msword",
    "application/pdf",
    "application/rtf",
    "application/vnd.ms-excel",
    "application/vnd.ms-powerpoint",
    "application/vnd.oasis.opendocument.presentation",
    "application/vnd.oasis.opendocument.spreadsheet",
    "application/vnd.oasis.opendocument.text",
    "application/vnd.openxmlformats-officedocument.presentationml.presentation",
    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
    "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
    "application/vnd.visio"
    ]

[EmailAddresses]
notification_sender = noreply@server.com
real_domain         = server.com
sign_domain         = sign.server.com
seal_email          = seal@sign.server.com

[Logging]
log_filename = /var/log/quicksign/quicksign-milter.log
level        = WARNING
; DEBUG
; INFO
; WARNING
; ERROR
; CRITICAL

# Mails templates sent by the Milter (mandatory)
[Templates]
_mail_footer_html                   = /etc/quicksign/templates/milter/_mail_footer.html
_mail_footer_txt                    = /etc/quicksign/templates/milter/_mail_footer.txt
_style                              = /etc/quicksign/templates/milter/_mail_style.inc
cancel_error_html                   = /etc/quicksign/templates/milter/cancel_error.html
cancel_error_subject                = /etc/quicksign/templates/milter/cancel_error.subject
cancel_error_txt                    = /etc/quicksign/templates/milter/cancel_error.txt
cancel_inform_html                  = /etc/quicksign/templates/milter/cancel_inform.html
cancel_inform_subject               = /etc/quicksign/templates/milter/cancel_inform.subject
cancel_inform_txt                   = /etc/quicksign/templates/milter/cancel_inform.txt
cancel_success_html                 = /etc/quicksign/templates/milter/cancel_success.html
cancel_success_subject              = /etc/quicksign/templates/milter/cancel_success.subject
cancel_success_txt                  = /etc/quicksign/templates/milter/cancel_success.txt
recipient_error_html                = /etc/quicksign/templates/milter/recipient_error.html
recipient_error_subject             = /etc/quicksign/templates/milter/recipient_error.subject
recipient_error_txt                 = /etc/quicksign/templates/milter/recipient_error.txt
recipient_notice_html               = /etc/quicksign/templates/milter/recipient_notice.html
recipient_notice_subject            = /etc/quicksign/templates/milter/recipient_notice.subject
recipient_notice_txt                = /etc/quicksign/templates/milter/recipient_notice.txt
recipient_reject_html               = /etc/quicksign/templates/milter/recipient_reject.html
recipient_reject_subject            = /etc/quicksign/templates/milter/recipient_reject.subject
recipient_reject_txt                = /etc/quicksign/templates/milter/recipient_reject.txt
seal_error_html                     = /etc/quicksign/templates/milter/seal_error.html
seal_error_subject                  = /etc/quicksign/templates/milter/seal_error.subject
seal_error_txt                      = /etc/quicksign/templates/milter/seal_error.txt
seal_success_html                   = /etc/quicksign/templates/milter/seal_success.html
seal_success_subject                = /etc/quicksign/templates/milter/seal_success.subject
seal_success_txt                    = /etc/quicksign/templates/milter/seal_success.txt
sender_error_html                   = /etc/quicksign/templates/milter/sender_error.html
sender_error_subject                = /etc/quicksign/templates/milter/sender_error.subject
sender_error_txt                    = /etc/quicksign/templates/milter/sender_error.txt
sender_error_attachments_html       = /etc/quicksign/templates/milter/sender_error_attachments.html
sender_error_attachments_subject    = /etc/quicksign/templates/milter/sender_error_attachments.subject
sender_error_attachments_txt        = /etc/quicksign/templates/milter/sender_error_attachments.txt
sender_notice_html                  = /etc/quicksign/templates/milter/sender_notice.html
sender_notice_subject               = /etc/quicksign/templates/milter/sender_notice.subject
sender_notice_txt                   = /etc/quicksign/templates/milter/sender_notice.txt
sender_reject_html                  = /etc/quicksign/templates/milter/sender_reject.html
sender_reject_subject               = /etc/quicksign/templates/milter/sender_reject.subject
sender_reject_txt                   = /etc/quicksign/templates/milter/sender_reject.txt
sign_details                        = /etc/quicksign/templates/milter/sign_details.html
sign_success_html                   = /etc/quicksign/templates/milter/sign_success.html
sign_success_subject                = /etc/quicksign/templates/milter/sign_success.subject
sign_success_txt                    = /etc/quicksign/templates/milter/sign_success.txt

# Mails templates sent by the Portal/Milter
# Mandatory only if 'portal_id' and 'portal_manager' are enabled (otherwise they are ignored)
[TemplatesPortal]
_mail_footer_html                   = /etc/quicksign/templates/portal/_mail_footer.html
_mail_footer_txt                    = /etc/quicksign/templates/portal/_mail_footer.txt
_style                              = /etc/quicksign/templates/portal/_mail_style.inc
cancel_error_html                   = /etc/quicksign/templates/portal/cancel_error.html
cancel_error_subject                = /etc/quicksign/templates/portal/cancel_error.subject
cancel_error_txt                    = /etc/quicksign/templates/portal/cancel_error.txt
cancel_inform_html                  = /etc/quicksign/templates/portal/cancel_inform.html
cancel_inform_subject               = /etc/quicksign/templates/portal/cancel_inform.subject
cancel_inform_txt                   = /etc/quicksign/templates/portal/cancel_inform.txt
cancel_success_html                 = /etc/quicksign/templates/portal/cancel_success.html
cancel_success_subject              = /etc/quicksign/templates/portal/cancel_success.subject
cancel_success_txt                  = /etc/quicksign/templates/portal/cancel_success.txt
recipient_error_html                = /etc/quicksign/templates/portal/recipient_error.html
recipient_error_subject             = /etc/quicksign/templates/portal/recipient_error.subject
recipient_error_txt                 = /etc/quicksign/templates/portal/recipient_error.txt
recipient_notice_html               = /etc/quicksign/templates/portal/recipient_notice.html
recipient_notice_subject            = /etc/quicksign/templates/portal/recipient_notice.subject
recipient_notice_txt                = /etc/quicksign/templates/portal/recipient_notice.txt
recipient_reject_html               = /etc/quicksign/templates/portal/recipient_reject.html
recipient_reject_subject            = /etc/quicksign/templates/portal/recipient_reject.subject
recipient_reject_txt                = /etc/quicksign/templates/portal/recipient_reject.txt
seal_error_html                     = /etc/quicksign/templates/portal/seal_error.html
seal_error_subject                  = /etc/quicksign/templates/portal/seal_error.subject
seal_error_txt                      = /etc/quicksign/templates/portal/seal_error.txt
seal_success_html                   = /etc/quicksign/templates/portal/seal_success.html
seal_success_subject                = /etc/quicksign/templates/portal/seal_success.subject
seal_success_txt                    = /etc/quicksign/templates/portal/seal_success.txt
sender_error_html                   = /etc/quicksign/templates/portal/sender_error.html
sender_error_subject                = /etc/quicksign/templates/portal/sender_error.subject
sender_error_txt                    = /etc/quicksign/templates/portal/sender_error.txt
sender_error_attachments_html       = /etc/quicksign/templates/portal/sender_error_attachments.html
sender_error_attachments_subject    = /etc/quicksign/templates/portal/sender_error_attachments.subject
sender_error_attachments_txt        = /etc/quicksign/templates/portal/sender_error_attachments.txt
sender_notice_html                  = /etc/quicksign/templates/portal/sender_notice.html
sender_notice_subject               = /etc/quicksign/templates/portal/sender_notice.subject
sender_notice_txt                   = /etc/quicksign/templates/portal/sender_notice.txt
sender_reject_html                  = /etc/quicksign/templates/portal/sender_reject.html
sender_reject_subject               = /etc/quicksign/templates/portal/sender_reject.subject
sender_reject_txt                   = /etc/quicksign/templates/portal/sender_reject.txt
sign_details                        = /etc/quicksign/templates/portal/sign_details.html
sign_success_html                   = /etc/quicksign/templates/portal/sign_success.html
sign_success_subject                = /etc/quicksign/templates/portal/sign_success.subject
sign_success_txt                    = /etc/quicksign/templates/portal/sign_success.txt

[Contact]
company_website = https://www.server.com
supervisor      = hilda@server.com
phone           = +351 23 45 67 89

[Language]
# ISO 639-1
selected_language = en

Parameters explanations

Milter

socket

Defines the socket on which the process runs and on which other processes can communicate with the Milter.
The format of this parameter can be

  • a file format with .sock extension (e.g. /var/run/quicksign/quicksign-milter.sock)
  • or inet format (e.g. inet:8890@localhost where 8890 is of course the used port)
timeout

This parameter is the standard duration for OpenOTP timeout (in seconds).

polling

This delay represents the number of seconds between two signatures checking which are pending.

portal_id

The portal ID is simply a string without specific format which permits to link the Milter and the Quick-Sign Portal ; the same string has to be included in the Portal configuration.
The ID has no specific format: you can insert a UUID, a secret phrase, etc.
{{< warning title="Note" >}}
This information should not be communicated to the standard users otherwise anybody can usurp the applicant of the signature request.
{{< /warning >}}

portal_manager

This is the user who actually sends and receives signatures requests only for the Quick-Sign Portal.
In the standard configuration, users send requests with their email client software; their correspondents receive the requests on their own email client software.
In the Portal configuration, all these emails are centralized on the Portal manager.

Redis

host

Redis server name for the Milter.
This Redis can be merged with another Redis server because the Quick-Sign sessions have a specific prefix.
In the case the Quick-Sign Portal is installed, the two theoretical Redis servers can also run on a single Redis server thanks to the different prefixes of the Milter and the Portal

port

The default Redis port is 6379.
In theory, it is not needed to change it.

OpenOTP

The Milter has to be linked to a RCDevs WebADM where OpenOTP is activated (see here for information: WebADM Administrator Guide).

server_url

This is the address of the WebADM server which supports OpenOTP add-on.

client_id

This parameter is the identifier of the Milter Policy created in WebADM (find more information: Policies).

signature_timeout

This is how long the signature is available (Pending status, waiting for the user to sign the document).
After this delay, the signature is obsolete, considered as rejected by the process. The applicant and the "non-signer" will both received an email for their information.

Signature

advanced_trigger

The advanced configuration variable takes a regular expression to search the given pattern in the subject of the received e-mail.
If a match is found, the signature will be switched to advanced mode.
This parameter is case-insensitive.

advanced_scope

Defines the scope for advance signatures; this parameter can be Local, Global or eIDAS

qualified_trigger

Switch to eIDAS qualified signature mode if any of the following words is found anywhere in the subject of the e-mail.
This parameter is case-insensitive.

allowed_mime_types

This array parameter can contain all the file types your company needs.
{{< note title="Note" >}}
Note that only PDF files can be submitted for standard signatures. All the other files types will be automatically switched to advanced signature.
{{</ note >}}

EmailAddresses

{{< warning title="Note" >}}

notification_sender = noreply@server.com

{{< /warning >}}

real_domain

As opposed to sign domain below, this domain is the actual mail domain used in the organisation.

sign_domain

The sign domain, generally built according to the following format: "sign.<real_domain>".
It is used by the applicant to send a signature request in the receiver email field (e.g. itManager@sign.server.com)

seal_email

The seal mail address used by a user for his own documents sealing.
This parameter is generally built according to the following format: "seal@sign.<real_domain>".

Logging

log_filename

This parameter is used to set the full path for the Logs.

level

The level parameter defines the Logs verbosity; WARNING is the default level.
Five levels are available, from DEBUG to CRITICAL, respectively from the most verbose to the less one.
The presented levels are as follows:

  • DEBUG
  • INFO
  • WARNING
  • ERROR
  • CRITICAL

Templates

Templates for status messages

The Milter mails templates are composed of three files for each status; these files are suffixed by:

  • _html for the body of the mail (in HTML format) sent by the Milter to inform applicant and signer of the signature status
  • _subject for the subject of the same email
  • _txt for this whole email in text format
    The different status are:
  • cancel_error: an error happened when the applicant cancelled his request
  • cancel_inform: after a cancellation, the applicant and the signer are informed of the event
  • cancel_success: cancellation process succeeded
  • recipient_error: information for the signer; the process is wrong (e.g. server error)
  • recipient_notice: the signer is noticed about a document is waiting his signature
  • recipient_reject: the signer is informed himself rejected the signature of the document
  • seal_error: sent when an error happened during the sealing
  • seal_success: the sealing is done successfully
  • sender_error: information for the applicant; the process is wrong (e.g. server error)
  • sender_error_attachments: the attached documents are wrong of something wrong happened with these documents
  • sender_notice: the applicant is noticed about a document is waiting the signer's signature
  • sender_reject: the applicant is informed the signer rejected the signature of the document
  • sign_success: signature is done successfully

Templates for specific uses

  • sign_details: this is the template displayed on the mobile device where OpenOTP app is installed
  • _mail_footer_html: For each status templates above, the footer; HTML format
  • _mail_footer_txt: For each status templates above, the footer; Text format
  • _style: the common CSS style for all these templates emails

Templates for Portal

Please refer to previous paragraphs: these templates have the same purpose but are used by the Portal.
{{< warning title="Note" >}}
These Portal templates are mandatory if the fields portal_id and portal_manager are not empty.
Otherwise, they are optional.
{{< /warning >}}

Contact and Language

In these sections, you can customize miscellaneous information.