On Wed, Jan 12, 2011 at 11:00:56AM -0500, Zhou, Yan wrote:
> Even if we can solve the above problem without disable bounce, we still
> need to do that anyway. We are exchanging only-encrypted messages
> between sender & recipients, so the concept of bounce does not apply
> here. If we were to generate a bounce message, the bounce would have to
> be encrypted for recipient to know how to interpret it, I do not know
> Postfix generates bounce with encryption in it.
Your analysis is substantially flawed:
The bounce is "as encrypted" as the original message. Nothing in the
bounce will contain "decrypted" content from the original message.
When an S/MIME or PGP message is bounced, the returned attached original
message is still S/MIME or PGP.
Even "encrypted" original messages send the envelope and headers in
plaintext, the bounce just describes the envelope addresses that failed.
There is no reason to (content) encrypt bounces via S/MIME, PGP, ...
You can however use mandatory or secure-channel TLS to encrypt the
network traffic between your server and specific peer systems.
--
Viktor.
