On 03/04/2014 06:59 AM, Djigzo Users wrote:
> is there a way to send outgoing messages (unencrypted) and incoming messages
> (decrypted) to a mail archiving system?
>
> All the known postfix mechanism doesnt work for me.
> Sender_bcc_maps and recipient_bcc_maps are working in principle and can be
> configured on a domain basis, but incoming mail ist stored encrypted at the
> archive system.
With always_bcc, you can tell Postfix to always add some recipient (the
archiving system) as a BCC. Whether or not this works for you depends on
your requirements and setup. If your requirement is that incoming email
should be stored decrypted in the archive, you should make sure that the
archive recipient (i.e., the one set to always_bcc) is an "Internal"
user (otherwise email sent to the archive recipient will not be
decrypted (and possible be encrypted).
Postfix adds the BCC before sending the email to the
encryption/decryption backend (using a content_filter) and after the
content filter. Generally speaking there will be two different
scenario's: email sent to an internal domain and email sent to an
external domain.
1. Encrypted email sent to internal user (or domain)
The encryption/decryption backend decrypts the email. The decrypted
email will be sent to all the required recipients *and* to the archiver
recipient (the email is decrypted).
2. Plain email sent to external user (or domain)
The encryption backend encrypts the email for the required recipients.
After encryption, Postfix will add the archiver email address
(always_bcc) to the recipients. The archiver will therefore receive the
original email (i.e., unencrypted) and encrypted since the archiver
address was added to the recipients of the encrypted message. So, the
archiver will receive the outgoing email encrypted and decrypted. If you
do not want the archiver to receive the encrypted copy, I think you can
tell the reinjection port not to add a BCC again by overriding
always_bcc of the cleanup_reinject config in /etc/postfix/master.cf
cleanup_reinject unix n - - - 0 cleanup
-o hopcount_limit=100
-o always_bcc=
(* the line -o always_bcc= was added)
If your requirements are that email sent to the archiver *must* be
encrypted (for example you want an encrypted archive) you need a
different setup.
> To keep the original sender/recipient the best way would be to send
> decrypted/not yet encrypted mail to a host:port instead of an emailaddress.
> This works perfect i.e. with the GPL email archiver "OpenBenno"
> (openbenno.org).
Not sure whether this is possible with Postfix. You somehow need to
duplicate the email and sent the duplicate to some other server.
Kind regards,
Martijn Brinkers
--
DJIGZO email encryption
_______________________________________________
Users mailing list
[email protected]
https://lists.djigzo.com/lists/listinfo/users
