2) Is there any way to prevent Djigzo from DEcrypting
If all users are external users (the default), then no email will be
decrypted. Incoming email is split into two paths, for internal
recipients email will be decrypted, for external recipients email will
be encrypted. If you do not make any domain or user an internal user,
no email will be decrypted.
Essentially, here's what I'm looking for:
-- All messages in a user's
mail folders are SMIME encrypted. -- Any incoming mail that is SMIME
encrypted for that user passes untouched.
-- Any incoming mail that is unencrypted is encrypted by Djigzo
using the user's own key. -- Any outgoing mail that is encrypted is
untouched -- Any outgoing mail that is unencrypted is untouched.
I think that Djigzo ends up being total overkill in this situation?
I have been
thinking about such a use case as well because it can be
used to store all email encrypted in your local mailbox. This is kind
of different from the typical use case of the Djigzo gateway. If you
make sure that every user is an external user, this should work since
all incoming email for some internal user will be encrypted if it is
not already encrypted (if setup to encrypt all email for certain
users). How are your internal users going to send encrypted email to
each other? Using the S/MIME functionality of the email client?
Yes this is the
assumption. If the users import "all" of the
certificates, then wouldn't they be able to encrypt email going to
another user? If the user Johnny sends an unencrypted email to the user
Sammy on the same server, but they are both "external" users, isn't
Djigzo going to encrypt the incoming message?
EX: Sammy sends email to Johnny unencrypted. Djigzo will use Johnny's
key to encrypt the message before it is passed along to Johnny?