I'm trying to implement a corporate policy on use of encryption, with restrictions in the filter to enforce the policy as much as possible.
The elements of the policy are: 1. All mail to selected domains must be encrypted 2. Encryption is to be all or nothing - if any unencrypted part is found, the mail is to be rejected 3. All messages must be encrypted to at least two internal keys, one of which must be the corporate key to ensure that we can recover the message contents if required. The corporate key ID is 4B771017. I have a working filter which is capable of spotting encrypted messages by the presence of a .PGP or .ASC attachment, and also by the presence of a PGP message block in a text/plain body, but in order to do the rest, I need to be able to get some details about the keys in the message, and so I have to use something like Mail::GPG to get the details. Here is my sub-routine to check entities: sub pgp_check($$$) { my ($entity,$fname,$type) = @_; use Mail::GPG; my $pass; my $reciplist; open(PASS,"</home/defang/.gpgpass") || die "Cannot open GNUPG passphrase file"; $pass=<PASS>; my $gpg = Mail::GPG->new(default_key_id=>'4B771017', default_passphrase=>$pass, debug=>1, gnupg_hash_init=>{ armor => 1, batch => 1, homedir => '/home/defang'} ); # try to use GNUPG to work out the keyholders (!) $encrypted = $gpg->is_encrypted (entity => $entity); if ( $encrypted) { ($decrypted_entity, $result) = $gpg->decrypt ( entity => $entity, passphrase => $pass ); $encrypted = $result->get_is_encrypted; $decryption_ok = $result->get_enc_ok; $encryption_key_id = $result->get_enc_key_id; $encryption_mail = $result->get_enc_mail; $signed = $result->get_is_signed; $signature_ok = $result->get_sign_ok; $signed_key = $result->get_sign_key_id; $signed_mail = $result->get_sign_mail; $signed_mail_aliases = $result->get_sign_mail_aliases; $stdout_sref = $result->get_gpg_stdout; $stderr_sref = $result->get_gpg_stderr; $gpg_exit_code = $result->get_gpg_rc; if ($encrypted) { if ($decryption_ok) { ($key_id, $key_mail) = $gpg->query_keyring ( search => $encryption_key_id ); $reciplist = $reciplist.":$key_mail($encryption_mail/$key_id)"; } if ($signed) { $gpgcomments = $gpgcomments." Signed by $signed_mail($signed_key)"; } } $i=1; foreach $line( split(/\n/,$$stderr_sref) ) { if ( $line =~ /encrypted with/ ) { @words = split / /, $line; $key= $words[7]; $key=~ s/,//g; ($key_id, $key_mail) = $gpg->query_keyring ( search => $key ); $reciplist = $reciplist.":$key_mail($key_id)"; } $i++; } } # now log the details if ( $encrypted ) { md_syslog('info',"GnuPG debug - $Sender,$fname,$reciplist,$gpgcomments"); } return 1; } When running this check from filter(), the slave dies with the following messages to STDERR: gpg: CRC error; 53ae1d - dc353a gpg: quoted printable character in armor - probably a buggy MTA has been used However, the documentation for MIME::Parser and MIME::Tools suggests that the entity should already have been decoded. Testing with a script which creates a MIME::Entity by calling parse_open on a captured mail file has similar results, but if I manually take out the quoted-printable encoding (replacing =3D by = in two places), then it works as expected. Any idea why it thinks the entity is still encoded? Best Wishes, Paul. __________________________________________________ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 _______________________________________________________________________ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 _______________________________________________________________________
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang