On 04/06/2015 11:34 AM, Arie Koppelaar wrote: > Thanks for your quick reply. I was not sure about the configuration > possibilities of CipherMail, but Martijn made an important point as > well. Why not always encrypt if its possible? I recon it's also a > mindset, and the knowledge that receivers do not use such a great > solution where mail is decrypted automatically, without any user > intervention.
The good thing of always encrypting is that you cannot forget to encrypt. Another reason to always encrypt is that if you only encrypt certain sensitive email, any outside attacker knows which mails to target since if the email is encrypted, it means that the email is sensitive. By encrypting all email, you are no longer leaking this information. Then again, like you said, not all recipients might like to receive every email encrypted if they do not use some kind of automated process. > Sebastian, thanks for your suggestions, they could work very well, but > would be a little too complicated for our support group. Another option would be to use your existing email filter/server to add a header when a rule matches and then force encryption if this header is found. Whether or not this works depends on whether you are using a mail server or mail filter with such capabilities. I think Exchange 2013 for example supports transports rules which allow you to add headers when some condition matches (https://technet.microsoft.com/en-us/library/dd638183%28v=exchg.150%29.aspx). Ironport probably also allows you to add headers when some condition matches. Kind regards, Martijn Brinkers > Sebastian Nielsen schreef op 06-04-2015 11:09: >> You could also configure this in Postfix, by using a policy server or >> plain rules. Configure Postfix to add a header like "X-DoEncrypt: >> true" when your specified advanced rule is met, and then you configure >> Ciphermail to always encrypt by header trigger. >> One example is to do "X-DoEncrypt: false" when a sender match your >> specified "encrypt from" list, and then use a EDIT filter to edit >> "X-DoEncrypt: false" to "X-DoEncrypt: true" when a recipient match >> your "encrypt to" list. >> This can be accomplished by simple sender and receipient filters >> inside Postfix. >> If the sender does not match the encryption list, X-DoEncrypt: is >> never added, and thus the recipient filter wont encrypt the mail even >> if the recipient match the encryption list. >> >> -----Ursprungligt meddelande----- From: Arie Koppelaar >> Sent: Monday, April 06, 2015 10:38 AM >> To: [email protected] >> Subject: [Djigzo users] PGP email from selected users >> >> Hi, >> >> We primarily use CipherMail for PGP. When a PGP public key (of an >> external email address) is imported, all email is automatically >> encrypted to this email address. We want only specific internal email >> addresses to send encrypted email to this external address. >> Is it possible to achieve this without the usage of subject triggers, >> because this manual action could be forgotten, and could lead into >> unwanted situations. >> Is there a way to configure this with CipherMail? > _______________________________________________ > Users mailing list > [email protected] > https://lists.djigzo.com/lists/listinfo/users -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
