Password modes

Webmail Messenger only supports the One Time Password (OTP) mode. For other password modes (“Static password”, “Generate password to originator” and “Send password by SMS Text”) the gateway should be used.

With OTP mode, a PDF password will be securely generated using a one time password algorithm. The recipient should login to the portal to retrieve the PDF password. The OTP mode requires that the portal functionality is correctly setup.

Portal

Webmail Messenger contains a built-in portal which is used by external recipients to reply to a PDF and to retrieve PDF passwords for OTP mode. The portal should be configured before the PDF reply functionality or OTP mode can be used. The global PDF portal settings can be configured using the portal sub-menu from the global settings page (Setting ‣ Portal).

One Time Password (OTP)

With the one time password mode, a password will be generated using a “One Time Password” (OTP) algorithm. The generated passwords will be based on the “Client Secret” of the recipient and the “Password ID” of the email. Because the “Password ID” of the email will always be different for every PDF, the generated password will be different for every PDF. To enable OTP mode, the following steps are required:

  • Enable PDF encryption

  • Enable OTP

  • Enable Auto create client secret

  • Enable Auto invite

  • Set password generated length

  • Edit PDF encryption template

Enable PDF encryption

To allow PDF encryption, the following settings should be set:

Encrypt Mode

should be set to “Allow”

PDF enabled

should be enabled.

Enable OTP

Enable the PDF setting “OTP enabled”.

Enable Auto create client secret

The “Client secret” of a recipient is used for generating the unique PDF password. Every recipient therefore requires a “Client secret”. The gateway will automatically generate a random client secret for a recipient if the setting “Auto create client secret” is enabled and the recipient does not have a client secret yet.

Enable Auto invite

A recipient needs to login to the portal to generate the one time password of the PDF. The recipient therefore requires a portal password. If the “Auto invite” option is enabled and there is not yet a portal password for the recipient, an invite link will be added to the email. After clicking the invite link, the recipient can choose a portal password for the portal account. Alternatively, the portal password can be set by the gateway administrator.

Set password Generated length

The length of the randomly generated password is by default 16 bytes (128 bits). The length of the generated password can be set using the advanced password setting generated length.

Important

Make sure the generated password is long enough to make it harder to brute-force guessing the password.

Edit PDF encryption template

The encrypted PDF will be attached to a new email. The new email is based on the “Encrypted PDF OTP” or “Encrypted PDF OTP invite” template. The “Encrypted PDF OTP invite” template is used for the first invite email. The template can be edited from the templates page (Setting ‣ Template). On the template page, select the template “Encrypted PDF OTP” or “Encrypted PDF OTP invite”, change the template and click Apply.

Configure PDF reply

To enable the PDF reply option, the following steps are required:

  • Configure portal base URL

  • Enable PDF reply

  • Open the firewall to allow access to the portal

Configure portal base URL

The “Base URL” defines the base URL on which the portal functionality is accessible for external users. It should be a fully qualified URL which can be resolved externally. Portal URLs, like for example the reply link URL and portal login URL, are based on the “Base URL”. The “Base URL” should be configured as follows:

https://www.example.com/web/portal

Where www.example.com should be replaced by the real domain name.

Enable PDF reply

Enable the global advanced PDF setting “Reply allowed”.

Open the firewall to allow access to the portal

The PDF reply page must be accessible for remote user on URL:

https://www.example.com/web/portal/pdf/reply

Make sure the firewall allows access to the reply URL for external recipients.