Reject unencrypted mail

Dear users of Djigzo,

First of all I want to say I love your product! Like the subject of my
post suggests, I want to reject all mail that's not encrypted. I know
there has been a discussion on this maillinglist regarding the
usefulness of this measure, but we have a special environment in which
rejecting unencrypted messages is a "must have". I know I should add a
matcher to the james/config.xml, but I cannot define the right matcher.
Could someone help me defining the right matcher for rejecting all non
encrypted mail? Thank you in advance!

Kind regards,

Ralf Bardoel

Hello

If you really want to reject (instead of bounce) you have to use
Postfix for this, because at Djigzo stage the mail has already been
accepted. You may have a look here
http://www.postfix.org/BUILTIN_FILTER_README.html to see how Postfix
can examine a mail on-the-fly before queuing. With this you can create
a matching pattern for S/MIME encrypted and reject all others.
But no, i don't know what to (reliable) look for.

Regards

Andreas

Hi Ralf,

post suggests, I want to reject all mail that's not encrypted. I
know there has been a discussion on this maillinglist regarding the
usefulness of this measure, but we have a special environment in
which rejecting unencrypted messages is a "must have". I know I
should add a matcher to the james/config.xml, but I cannot define the
right matcher. Could someone help me defining the right matcher for
rejecting all non encrypted mail? Thank you in advance!

The following matcher matches whether the content-type of the message
says the message is encrypted, and if so, the next processor will handle
the message (change *CHANGE_THIS* to match the processor you want to use
when the message is encrypted)

<mailet match="IsSMIME=matchOnError=false,encrypted" class="GotoProcessor">
    <processor> *CHANGE_THIS* </processor>
</mailet>

Note: the above matcher is already used in the current config.xml file
to check whether the message is already encrypted.

Unfortunately it's not possible to inverse the matcher so if you want to
do handle the email differently when not encrypted add it after the
matcher for encryption. For example like this:

<mailet match="IsSMIME=matchOnError=false,encrypted" class="GotoProcessor">
    <processor> *CHANGE_THIS* </processor>
</mailet>

<mailet match="All" class="GotoProcessor">
    <processor> *PROCESSOR_NOT_ENCRYPTED* </processor>
</mailet>

A question, are you only interested in whether outgoing email is
encrypted or also incoming email? If you only need to be sure that
outgoing email is encrypted you can set the encrypt mode to "Mandatory".

If you want to check whether incoming email is encrypted what do you
want to do with the message if the message is not encrypted?

As Andreas noted, the email has already been accepted and bouncing it
back to the sender can cause your SMTP server to be blacklisted (search
for the term Backscatter) if you are not 100% certain that the message
was not spam.

Kind regards,

Martijn Brinkers

Forgot to add the following note:

The IsSMIME matcher checks the message for a specific S/MIME content
type. It is possible to 'fake' an encrypted email by taking a plain text
email and set the content type to:

application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data

If your requirements are such that you need to be 100% sure that an
email is encrypted (and also be sure that it is encrypted with a strong
enough cipher), a specialized matcher should be created that checks the
smime.p7m attachment (CMS blob) and checks whether it is encrypted with
a strong enough cipher.

Kind regards,

Martijn Brinkers