Hello, I have been running my first deployment of ciphermail/djigzo for a few days, and I like it a lot.
I managed to configure pretty much everything how I wanted, but there is one thing which I could not find: is it possible to instruct the MPA not to decrypt incoming emails even if it has the correct private key to do it? My use case is the following: I would like to use ciphermail to enforce outbound encryption and signature. On the other hand for inbound messages there is no enforcement of receiving only encrypted emails. However if received emails are encrypted I would like this to be more visible to users than just via the headers (as would be the case if decryption is done at MPA), and also ensure a maximum security in keeping the secrecy as close to the reader client as possible. I do not need virus/spam checking for encrypted messages at the gateway level. One other reason for the request is that I suspect a bug, or at least an incompatibility with signed+encrypted messages that get incorrectly transformed into a message with a single attachment called smime.p7m which the webmail cannot identify. This occurs every time I receive a signed+encrypted email generated at the external sender from outlook through ciphermail and have cipermail decrypt the message (my server is set to not remove signature from messages - again I want users to have a maximum visibility of what happens to their communications). This was raised previously to this list (july 21st) but I could not see a final answer. Once more, thanks for this great piece of software, Stéphane
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
