Hello, dear community!
I’m looking for a way to protect emails from our mail server administrators. I want emails to pass through the server or be stored on it only encrypted. However, I’m not sure the sender will always encrypt the emails themselves, so I can’t implement a PGP/S/MIME scheme on the client side. Please help me figure out whether Ciphermail can be used to solve this problem.
I drew a few diagrams for clarity. Is it possible to use Ciphermail in any of these configurations?
The gateway uses two processing pipelines to manage mail: encryption and decryption.
The decryption pipeline handles email sent to recipients with the Locality set to Internal. You should generally set all of your own domains to Internal to ensure the gateway decrypts incoming mail for your users.
The encryption pipeline handles email sent to recipients with the Locality set to External. Since External is the default setting, any email sent to a domain not explicitly marked as internal will be encrypted whenever possible.
If you want to ensure all email is encrypted, including mail sent to internal users, you can keep the Locality set to External for everyone and add the public certificates or PGP keys for your internal users to the gateway. If you use this configuration, your users must have email clients capable of decrypting messages locally using S/MIME or PGP.
