Am 16.07.16 21:30 schrieb(en) Sebastian Nielsen:
You could use iptables to look for: "--BEGIN" "--END" "/signed" "/encrypted" "/pkcs7" "/pgp"Anywhere in the packet. In that case, you drop the connection, send a RST
IMO this is too restrictive as it would produce false positives, e.g. for your
message which is obviously not encrypted.
For rfc 2633/3156, it would be sufficient to inspect the mime headers of all
parts. Note that just looking at the top-level content type is /not/ adequate,
as the following would fully comply with the standards:
multipart/mixed
+- text/plain
+- message/rfc822
+- multipart/encrypted
+- application/pgp-encrypted
+- application/octet-stream
For rfc 2440, every mime part must be checked for "-----BEGIN PGP MESSAGE-----[cr][lf]"
*and* "-----END PGP MESSAGE-----[cr][lf]" following it (not necessarily at the very
beginning and end, though).
I guess you need a milter for that...
(NOTE: Signed content is technically encrypted content too)
The signature is a cryptographic hash, encrypted with a private key, which in turn can be decrypted with publicly available material (the public key). Thus, IMO this should rather be considered as a "safe encoding", as it is possible to inspect the contents with minimum effort. But attachments are difficult to deal with - ZIP, OpenDoc, MS Office, PDF, ... all support encrypted (with a password for opening) contents... Cheers Albrecht.
pgpP2kC5m2fRO.pgp
Description: PGP signature
