[Djigzo users] Reject unencrypted mail

Martijn Brinkers martijn at djigzo.com
Fri Apr 29 14:56:32 CEST 2011


Hi Ralf,

> post suggests, I want to reject all mail that's not encrypted. I
> know there has been a discussion on this maillinglist regarding the 
> usefulness of this measure, but we have a special environment in
> which rejecting unencrypted messages is a "must have". I know I
> should add a matcher to the james/config.xml, but I cannot define the
> right matcher. Could someone help me defining the right matcher for
> rejecting all non encrypted mail? Thank you in advance!

The following matcher matches whether the content-type of the message
says the message is encrypted, and if so, the next processor will handle
the message (change *CHANGE_THIS* to match the processor you want to use
when the message is encrypted)

<mailet match="IsSMIME=matchOnError=false,encrypted" class="GotoProcessor">
    <processor> *CHANGE_THIS* </processor>
</mailet>

Note: the above matcher is already used in the current config.xml file
to check whether the message is already encrypted.

Unfortunately it's not possible to inverse the matcher so if you want to
do handle the email differently when not encrypted add it after the
matcher for encryption. For example like this:

<mailet match="IsSMIME=matchOnError=false,encrypted" class="GotoProcessor">
    <processor> *CHANGE_THIS* </processor>
</mailet>

<mailet match="All" class="GotoProcessor">
    <processor> *PROCESSOR_NOT_ENCRYPTED* </processor>
</mailet>


A question, are you only interested in whether outgoing email is
encrypted or also incoming email? If you only need to be sure that
outgoing email is encrypted you can set the encrypt mode to "Mandatory".

If you want to check whether incoming email is encrypted what do you
want to do with the message if the message is not encrypted?

As Andreas noted, the email has already been accepted and bouncing it
back to the sender can cause your SMTP server to be blacklisted (search
for the term Backscatter) if you are not 100% certain that the message
was not spam.

Kind regards,

Martijn Brinkers


On 01/-10/-28163 08:59 PM, Ralf Bardoel wrote:
> Dear users of Djigzo,
> 
> First of all I want to say I love your product! Like the subject of my
> post suggests, I want to reject all mail that's not encrypted. I know
> there has been a discussion on this maillinglist regarding the
> usefulness of this measure, but we  have a special environment in which
> rejecting unencrypted messages is a "must have". I know I should add a
> matcher to the james/config.xml, but I cannot define the right matcher.
> Could someone help me defining the right matcher for rejecting all non
> encrypted mail? Thank you in advance!
> 
> Kind regards,
> 
> Ralf Bardoel
> 


-- 
Djigzo open source email encryption
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3398 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.ciphermail.com/pipermail/users/attachments/20110429/fbfae855/attachment-0001.p7s>


More information about the Users mailing list