Autor: W B Hacker Data: Para: exim users Asunto: Re: [exim] automagic GnuPG handling
Daniel Aleksandersen wrote: > Ted Cooper wrote:
>> Daniel Aleksandersen wrote:
>>> My first posting.
>>>
>>> Can exim4 handle GnuPG automagically? What I am imagining is the
>>> following two senarios:
>>>
>>> outgoing messages > check if recipient’s public key is known > encrypt
>>>> send message as normal
>>> incoming messages > check if message is encrypted and sender’s public
>>> key is known > decrypt > save message as normal
>>>
>>> Is this within exim’s capabilities?
>>>
>>> Can anyone please advise on how to implement this?
>> This is a MUA problem, not an MTA problem. There are a number of plugins
>> for each of the usual MUAs that allow you to do this.
>>
>> eg. Thunderbird has Enigmail
>
> I specifically intended for the server to handle the encryption instead of the client.
Then closest you can do is store each user's public key, build an
router/transport set that can utilize it, and place the whole shebang
into the mailstore encrypted.
Forget the far-end being able to do anything useful with such!
You'll them have to code-up either aPOP/IMAP deamon or a new MUA that
cna get it TF *back out again* in usable form, 'coz the headers and such
will be encrypted also.
Much easier to put the mailstore atop an OS-encrypted fs, (Exim won't
know or care..)
... and/or establish a specialty 'inter/intra office' net of smtps-only
servers that epeak only to each other. Easier to just put staff in all
offices onto ONE server, use SSL/TLS submission & POP/IMAP, and deny
off-net traffic to those in-house accounts. A road very well-traveled.
Otherwise - as stated - *PG or SMIME is an MUA's task if you want any
sort of interoperability at all. Or sleep.
Further - it distributes the not-insignificant workload of
encryption/decryption - not to mention key management and support - over
many user CPU and their local support staff instead of one server and
one mailadmin (team)...