On 2011-01-06 IT geek 31 wrote: > My accountant and I both have digital certificates and most of the > time encrypt our mails. But he often forgets, meaning sensitive > information is sent in plaintext. > > Is there any way to instruct Postfix to reject his mail unless it is > encrypted? > > I know I can setup TLS, but that is something I don't want to do just > yet. > > Any ideas?
I'm going to assume that you're talking about encrpyting the mail content for either outbound or internal mail. TLS won't help you there, because it encrypts only the connection to the next HOP, not end-to-end. What technology are you using? GPG/PGP or S/MIME? For GPG a friend of mine and myself wrote a simple encrypting proxy [1] (I suppose it could be adapted for S/MIME). The Proxy will drop all recipients for whom no encryption key exists from the mail. It will drop the mail altogether, if none of the recipients have an encryption key. Are you positive that your accountant will never have to send unencrypted mail? [1] http://www.planetcobalt.net/download/crypter.pl Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
