Thank you for the help. It’s much appreciated. Seems to be working so far. 

-jeremy



On Wednesday, Jul 28, 2021 at 6:52 AM, Martijn Brinkers <martijn@ciphermail.com> wrote:
By default, the gateway does not check whether the message is already
PGP encrypted and therefore it will be double encrypted if the gateway
has a valid PGP key for the recipient.

Why there is no check for already encrypted PGP message is because
checking this for PGP is not always easy/reliable. With PGP/Inline, you
cannot reliably detect whether every part of the email is encrypted.
For example how should the gateway react if some MIME part is encrypted
or not but the other parts are not? With PGP/Inline it's also hard to
detect whether a MIME part is really encrypted or not.

For example is the following part encrypted? Or is it just an example
of an encrypted inline part which is not valid:

-----BEGIN PGP MESSAGE-----
BLABLA
-----END PGP MESSAGE-----

With PGP/Inline you can have mixed content, i.e., some parts of the
body are encrypted and some parts are not.

Checking PGP/MIME is easier because there is a clear and distinct
content type. You might add a check which checks the content type for
PGP/MIME encryption and skip further handling.

Why has this not been added? Various reasons, historical and the fact
that this has never been requested. If you want to support encryption
on the desktop and on the gateway, the best would be to not add a valid
key for the recipient on the gateway.

That said, you can add the following snippet to config.xml to skip
further encryption if the message is already PGP/MIME encrypted (to be
precise if the content type contains a specific protocol value)

Add the following check just below the existing "message is already
S/MIME encrypted" part (add to config.xml)

<mailet match="HeaderValueRegEx=matchOnError=false,content-
type=(?i)protocol=&quot;application/pgp-encrypted&quot;"
class="GotoProcessor">
<log> message is already PGP/MIME encrypted </log>
<processor> dkim-sign </processor>
</mailet>


After adding the above snippet, the back-end should be restarted.

Kind regards,

Martijn Brinkers

On Tue, 2021-07-20 at 10:30 -0400, Jeremy Hansen wrote:
On Jul 20, 2021, at 7:56 AM, Martijn Brinkers via Users <
users@lists.ciphermail.com> wrote:




On Thu, 2021-07-15 at 01:13 -0400, Jeremy Hansen via Users wrote:
I noticed if I sent a message that is encrypted at the client,
ciphermail will encrypt that message again and the original
message
is sent as an attachment.

What type of encryption is applied at the client side and what
encryption is applied server side?

PGP on both sides.

I also noticed if I send a message from a host using something
like
mailx, the body of the message is never included in the email.

What do you mean with "the body of the message is never included in
the
email"?

echo test | mail -s Test jeremy@losangelesrecording.com

The message comes through encrypted but I don’t see “test” in the
body of the email.

Thank you!

Kind regards,

Martijn Brinkers

--
CipherMail email encryption
Email encryption with support for S/MIME,
Ope
nPGP, PDF Messenger and Webmail Messenger

--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger