Advanced Settings
Using an S/Notify release before version 4.0 (or before Bitbucket 2.0)?
Then please refer to Earlier Versions for the appropriate documentation.
Background
From Encryption Settings, you can switch to Advanced Settings from the top right button for some specific configuration options. These are options that did not make it into the user interface yet for different reasons. Most of them are too specific, so they make sense only in special scenarios, and we did not want to clutter the user interface with options that are useless for the vast majority of users.
Below we describe those we consider useful for more than just one client.
Usage
Please note that these options may be subject to change. If you decide to use them, please make sure to read our release notes before upgrading to a new version and/or watch this page to get notified of any changes.
We would also appreciate if you dropped us a short note which option you found useful.
Advanced Settings are configured with simple key/value properties. You enter the key and a value as explained below and save them, then the option will become effective.
If you delete the key, the default behavior will become effective again.
Customize Problem Report
If encryption is not possible and you have set the Encryption Fallback behavior to Do not allow unencrypted notifications - send problem report instead, then there are currently two options available to customize that problem report.
Key reportAdditionalText
Purpose
This property allows you to add your own text to the built-in problem report. Your custom contents will be added at the end of the email.
Value
The value must be a path and filename of a file as seen from the Jira, Confluence or Bitbucket instance.
The file must contains the text that you want to add to the error report. It can include HTML tags, and we recommend to escape special characters using their respective HTML entities. The contents will be included within the HTML body of the email.
Default
The default is to append nothing to the problem report.
Key reportReplaceText
Purpose
This property allows you to completely replace the built-in problem report by your own contents. Note that, if you have configured Include links to the Jira issue or Confluence page resp., these links will also be replaced by your custom contents.
Value
The value must be a path and filename of a file as seen from the Jira, Confluence or Bitbucket instance.
The file must contain the full contents of your custom error report in HTML format. We recommend to escape special characters using their respective HTML entities. The contents will be used as the HTML body of the email.
Default
The default is to use the built-in problem report.
Exempt From Encryption By Contents
Key skipEncryptionRegex
Purpose
This property allows you exempt emails from encryption when they contain a specific text pattern.
If you have special requirements that cannot be met using Per-project or Per-space Encryption and/or the Exemption Whitelist, then this property allows you to specify a RegEx pattern that is applied to each outgoing email. When the pattern matches, then encryption is skipped for this email. If the email has been quoted-printable (MIME) encoded, it is automatically decoded before applying the pattern to it. The complete emails including their headers are examined.
The pattern is applied using multiline matching. We recommend https://regex101.com for testing your RegEx patterns.
Value
As the value, enter the RegEx pattern. The pattern length may not exceed 255 characters as of now.
Default
The default is not to skip encryption.
Domain Certificate Support
Key smimeDomainCertificates
Purpose
This property allows you to define that all emails that are sent to specific domain can be encrypted using one single S/MIME certificate. This can be useful if emails are sent to a domain that uses an email encryption gateway that handles encryption for all users of that domain.
Domain certificate are defined by the email address they are issued for. The certificate’s email address is configured by this property, however, the certificate itself must be available from one of the key stores defined under User Key Management. Emails addressed to that domain will then be encrypted using the domain certificate.
Multiple domain certificates are supported, but only one per domain.
Note that S/Notify will first attempt to encrypt email using the recipient’s personal S/MIME certificate. Only if that is not possible, the domain certificate will be used.
Value
This is a string property. As the value, enter the email address which the domain certificate has been issued for. To use multiple domain certificates, it is possible to enter multiple email addresses separated by a space character.
Default
The default is not to use any domain certificates.
Enforce CRL checks
Key smimeCertificateCrlCheck
Purpose
A Certificate Revocation List (CRL) is a list of serial numbers of certificates that have been revoked. This list can be retrieved from an URL that is published in specific extension of a certificate called the CRL Distribution Point (CDP).
Clients can retrieve the CRL to check if the S/MIME certificate is still valid or if it should be rejected.
CRL checks can cause a lot of traffic, which is – most of the time – unnecessary, because S/MIME certificates are only very rarely revoked.
Value
This is a boolean property. So the value must be either one of
true - S/MIME certificate will be checked against the CRL and rejected if they have been revoked
false -S/MIME certificates will not be checked for revocation
Default
The default is false.
Support Incoming PGP/inline
Key pgpInlineSupport
Purpose
There are two formats for PGP encrypted emails: PGP/MIME and PGP/inline. Because there are several problems with PGP/inline (see PGP/inline vs. PGP/MIME under Reference > PGP for details), S/Notify usually only supports PGP/MIME.
However, sometimes incoming email is in PGP/inline format, and there may be reasons why it is not possible to switch to PGP/MIME. This property enables support for PGP/inline in incoming emails to Jira, so they can be decrypted.
If you have configured S/Notify under Encryptions Settings > Incoming Emails to Add indicators to descriptions and comments created from incoming emails, you should be aware that PGP/inline emails may be only partly encrypted or partly signed. In theses case, they will be appear marked encrypted or signed resp. with no way to tell the difference.
When enabled, S/Notify will scan incoming emails for text/plain message parts as well as MIME attachments for a BEGIN PGP MESSAGE line. If found, it expects to find a base-64 encoded PGP encrypted message part, which then will be decrypted.
Value
This is a boolean property. So the value must be either one of
true - PGP/inline emails will be decrypted and/or signatures checked
false - PGP/inline are not processed (i.e. passed on unchanged)
Default
The default value is false.
Key pgpBinaryRegex
Purpose
Note that this key requires that pgpInlineSupport is true, otherwise it won’t have any effect.
In rare cases, PGP encrypted messages are properly sent as PGP/inline in base-64 encoded format, but as file attachments. By default, these won’t be examined.
If attachments need to be examined for possible PGP encrypted contents, set this property to a RegEx file name pattern that matches the files that have to be examined. For example, the pattern .*\.(pgp|gpg)
would check all file attachments with a file name suffix of pgp or gpg.
Value
As the value, enter the RegEx pattern. The pattern length may not exceed 255 characters as of now.
Default
The default value is not to examine any file attachments.
Support Tools
Under support tools, you can export and download all app properties as well as relevant system properties. This will help the S/Notify support team to help you track down any issues you may experience.