Hi David,
I don't know how to do what you want with dovecot, but what you are
asking is easy and straightforward with Postfix.
Postfix can easily be configured to feed mail through a milter ("mail
filter") interface. You would just need to write a milter (there is a
nice python library) that checks if the messages is "encrypted" to
your
specifications and tells Postfix to bounce the message if its not. This
would be a nice backscatter-free solution.
After you have the milter written, you specify it with the
"smtpd_milters" option for Postfix.
Ryan
On Wed, Jan 10, 2018 at 02:08:38PM +0200, David Seaward
wrote:> Hi,
>
> Is it possible to configure Dovecot to reject mail that is not
> encrypted. In other words:
>
> 1. If the user tries to send an unencrypted message from their MUA,
> the server rejects it.
>
> 2. If a third-party tries to send an unencrypted message to the user,
> the server rejects it.
>
> The end result would be that no mail stored on the server can be
> decrypted by the administrator.
>
> I am aware that:
>
> * "Encrypted" could mean a lot of things. I'm imagining GPG
> encryption, but am open to other supported methods.
>
> * This configuration would not suit everyone, e.g. someone posting to
> a public mailing list :)
>
> Regards,
> David
>
