On 01/-10/-28163 08:59 PM, [email protected] wrote: > This is the same problem any MTA will have. Postfix by default limit the > number of recipients per mail to 100... > What i don't found out yet is if the domain-encryption feature can be > set on the receiver side or if it is only triggered by the sender, using > one of the recipients valid certificates to encrypt mail for many > different recipients. > So is it a sender or a recipient "policy". I would for sure like to > control on my end (receiver) if i like cross-usage of certificates/keys, > but it looks like all is needed is a sender able split certificate usage > from recipient address?? > In case i got it right the answer will be yes, we need a switch to turn > off this behaviour and splitting the messages in a part with valid > recipient<-->certificate pairs and a part without, which will not be > decrypted will be a way to go.
Currently the domain certificate is only used for encrypting. For decryption the gateway works like any email client i.e, decrypt when possible. So what I'm thinking of is to add "strict mode", In "strict mode" a recipient will only receive the message decrypted if one of the following is true: 1. the message is encrypted with a certificate with private key containing an email address that matches the email address of the recipient. or, 2. the message is encrypted with a certificate with private key that was manually selected for the recipient or, 3. the message is encrypted with a certificate with private key that was manually selected for the domain of the recipient On non-strict mode the gateway behaves like it does not i.e, decrypt when possible. Am I missing something? Kind regards, Martijn -- Djigzo open source email encryption
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
