[ / ] [ /contact ] [ /sitemap ] [ /thanks ]

Encrypt all incoming mails #

The script below will encrypt all incoming emails with gpg, as long as you own your public key (of course you do). It just require mblaze

https://github.com/leahneukirchen/mblaze

First, set up a .forward file on your server home:

echo "|/usr/local/bin/encrypt-mail.sh -r you@domain.tld" > ~/.forward
chmod 600 ~/.forward

Copy in /usr/local/bin/encrypt-mail.sh :

#!/bin/sh -x
# encrypt incoming mail
# Require mblaze
#
# 	"Initial setup:\n"
# 	"echo "|/usr/local/bin/encrypt-mail.sh" > ~/.forward\n"
# 	"chmod 600 ~/.forward\n"

usage() {
	printf "usage: $0 [-r email@domain.tld] [-h]\n"
	printf "	-h: show this help\n"
	printf "	-r: set recipient email, default to user@hostname\n"
	printf "---\n"
	exit 1
}

# default user email
recipient="$(whoami)@$(hostname)"

while getopts 'r:h' c
do
    case $c in
	h) usage ;;
        r) recipient="${OPTARG}" ;;
    esac
done

tmpcryptd="$(mktemp -d -t mencrypt.XXXXXXXXXX)"
tmpplainmsg="$(mktemp -t msg.XXXXXXXXXX)"
trap "rm -rf ${tmpcryptd} ${tmpplainmsg}" INT TERM EXIT

# check if Maildir/new is here
d="$HOME/Maildir/new"
test ! -d "${d}" && mkdir -p "${d}"

# create a path to a new email
# format:
# gettimeofday().uniqu-id.gethostname()
timeofday="$(date +%s)"
uniq_id="$$"
myhostname="$(hostname | sed -e 's;/;\\057;' -e 's;:;\\072;g')"
new_mail_filename="$HOME/Maildir/new/${timeofday}.${uniq_id}.${myhostname}"

cat > "${tmpplainmsg}"

# check if already encrypted
mhdr -h Content-Type - < "${tmpplainmsg}" |\
	grep -q "multipart/encrypted"
if [ $? -eq 0 ]; then
	mv "${tmpplainmsg}" "${new_mail_filename}"
	exit
fi

# from here, message is unencrypted, so call gpg
{
	# print all after header, set mime and encrypt 
	awk '/^$/,0' "${tmpplainmsg}" |\
		mmime |\
		gpg --output "${tmpcryptd}/msg.asc" --encrypt --armor --recipient "${recipient}" || exit $?

	printf "Version: 1\n" > "${tmpcryptd}/version"

	{
		awk '1 {print} /^$/ {exit}' "${tmpplainmsg}"
		printf "#application/pgp-encrypted %s/version\n" "${tmpcryptd}"
		printf "#application/octet-stream %s/msg.asc\n" "${tmpcryptd}"
	} |\
	mmime -t 'multipart/encrypted; protocol="application/pgp-encrypted"'

} > "${new_mail_filename}"
exit $?