Force clients to use pgp encryption when sending email?
Hello all!
I am looking for a way to force imap clients to encrypt their messages with the public keys of the recipients before sending them. Would a post-login script in dovecot work for something like this? I am using postfix and dovecot on my mail server. Basically I want the server to check if the message being sent is encrypted with OpenGPG and either proceed or reject the message based on that criteria. If the message is rejected, the user could then encrypt the outgoing email message with the recipient public key and try again. Does anybody have a suggestion on how to implement something like this? Would there be a way that the the client software (thunderbird) could show an alert asking the user to encrypt the message and then attempt to resend the message?
I realize that you can tell a client (like thunderbird) to automatically encrypt outgoing messages with pgp but I would like to have some way to enforce that policy at the server level before the email is sent.
I want to have all messages end-to-end encrypted, hence my desire for functionality like this.
Any suggestions are welcome. Thanks in advance for your help!
Basically I want the server to check if the message being sent is encrypted with OpenGPG and either proceed or reject the message based on that criteria.
Postfix is your submission service so i think best to look that direction. If there is a header you can check for (if the header exist then allow sending) then postfix has header checks regexp/pcre that would be simple enough to setup.
On the more complex side, postfix also supports policy servers you can write as a script (php, perl, python, etc) or you can go full on milter.
http://www.postfix.org/header_checks.5.html http://www.postfix.org/SMTPD_POLICY_README.html http://www.postfix.org/postconf.5.html#non_smtpd_milters
Thanks for that info! It’s just what I needed!
On Dec 7, 2021, at 8:35 PM, dovecot@ptld.com wrote:
Basically I want the server to check if the message being sent is encrypted with OpenGPG and either proceed or reject the message based on that criteria.
Postfix is your submission service so i think best to look that direction. If there is a header you can check for (if the header exist then allow sending) then postfix has header checks regexp/pcre that would be simple enough to setup.
On the more complex side, postfix also supports policy servers you can write as a script (php, perl, python, etc) or you can go full on milter.
http://www.postfix.org/header_checks.5.html http://www.postfix.org/SMTPD_POLICY_README.html http://www.postfix.org/postconf.5.html#non_smtpd_milters
Another solution is to use for example Ciphermail to automatically encrypt mail server-side. In this way you don't need to reject non-encrypted mail, you can just make sure it gets encrypted before it leaves premises.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org dovecot-bounces@dovecot.org För Austin Witmer Skickat: den 8 december 2021 07:15 Till: dovecot@ptld.com; dovecot@dovecot.org Ämne: Re: Force clients to use pgp encryption when sending email?
Thanks for that info! It’s just what I needed!
On Dec 7, 2021, at 8:35 PM, dovecot@ptld.com wrote:
Basically I want the server to check if the message being sent is encrypted with OpenGPG and either proceed or reject the message based on that criteria.
Postfix is your submission service so i think best to look that direction. If there is a header you can check for (if the header exist then allow sending) then postfix has header checks regexp/pcre that would be simple enough to setup.
On the more complex side, postfix also supports policy servers you can write as a script (php, perl, python, etc) or you can go full on milter.
http://www.postfix.org/header_checks.5.html http://www.postfix.org/SMTPD_POLICY_README.html http://www.postfix.org/postconf.5.html#non_smtpd_milters
Thank a bunch for the suggestions. I really appreciate the help.
On 12/8/2021 1:17 AM, Sebastian Nielsen wrote:
Another solution is to use for example Ciphermail to automatically encrypt mail server-side. In this way you don't need to reject non-encrypted mail, you can just make sure it gets encrypted before it leaves premises.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org dovecot-bounces@dovecot.org För Austin Witmer Skickat: den 8 december 2021 07:15 Till: dovecot@ptld.com; dovecot@dovecot.org Ämne: Re: Force clients to use pgp encryption when sending email?
Thanks for that info! It’s just what I needed!
On Dec 7, 2021, at 8:35 PM, dovecot@ptld.com wrote:
Basically I want the server to check if the message being sent is encrypted with OpenGPG and either proceed or reject the message based on that criteria.
Postfix is your submission service so i think best to look that direction. If there is a header you can check for (if the header exist then allow sending) then postfix has header checks regexp/pcre that would be simple enough to setup.
On the more complex side, postfix also supports policy servers you can write as a script (php, perl, python, etc) or you can go full on milter.
http://www.postfix.org/header_checks.5.html http://www.postfix.org/SMTPD_POLICY_README.html http://www.postfix.org/postconf.5.html#non_smtpd_milters
participants (3)
-
Austin Witmer
-
dovecot@ptld.com
-
Sebastian Nielsen