Hello Michael.
It is a near impossible task, as i.e. encrypted data can easily be
transferred as uuencode text in a plain text message, and you will not
notice this in the headers.
And also trying to actively detected whether or not the body or the
attachments of a message are encrypted is quite tricky, and also
potentially prone to a number of positive false detections.
If this is not enough steganography and other methodologies can be used
to hide encrypted data, making the task really complex even for high-end
organizations....
More, you could maybe have some form of binding agreement with the
ham-radio operators, prohibiting the usage of encryption. However you
will be not able to have a such legal protection with all other Internet
users sending mails to the ham-radio users.
This means you have to decide whether or not you want to take the risk,
and if yes, maybe, minimize it with some filtering for the obvious cases
as you propose.
Have a nice day
Marco
Il 16. 07. 16 07:25, Michael Fox ha scritto:
> I'd like to be able to reject mail that contains encrypted content. This is
> to satisfy US FCC rules against encrypted content on amateur radio
> frequencies. Some of our clients may connect via amateur radio.
>
> I'd like to be able to restrict it only for certain clients. But, as I
> understand it, header checks can only be applied globally, to all mail.
>
> Sorry if this is a dumb question. But, unfortunately, I don't have any
> experience with encrypted mail. From what I've read, I'm thinking I need:
>
> main.cf:
>
> mime_header_checks = pcre:${config_directory}/mime_header_checks.pcre
>
>
> mime_header_checks.pcre:
>
> # Block encrypted mail
> /^Content-Type\:.*multipart\/encrypted/ REJECT Encrypted
> content not allowed
>
>
>
> Is that sufficient?
> Any better ideas or other issues to consider?
>
> Thanks,
> Michael
>
>
