Hi David,

I don't know how to do what you want with dovecot, but what you are asking is easy and straightforward with Postfix.

Postfix can easily be configured to feed mail through a milter ("mail filter") interface. You would just need to write a milter (there is a nice python library) that checks if the messages is "encrypted" to your specifications and tells Postfix to bounce the message if its not. This would be a nice backscatter-free solution.

After you have the milter written, you specify it with the "smtpd_milters" option for Postfix.

Ryan

On Wed, Jan 10, 2018 at 02:08:38PM +0200, David Seaward wrote:

Hi,

Is it possible to configure Dovecot to reject mail that is not encrypted. In other words:

1. If the user tries to send an unencrypted message from their MUA, the server rejects it.

2. If a third-party tries to send an unencrypted message to the user, the server rejects it.

The end result would be that no mail stored on the server can be decrypted by the administrator.

I am aware that:

• "Encrypted" could mean a lot of things. I'm imagining GPG encryption, but am open to other supported methods.

• This configuration would not suit everyone, e.g. someone posting to a public mailing list :)

Regards, David