cd / ;
apropos ;
The script below will encrypt all incoming emails with gpg, as long as you own your public key (of course you do).
It just require mblaze
https://github.com/leahneukirchen/mblaze
First, set up a .forward file on your server home:
echo "|/usr/local/bin/encrypt-mail.sh -r you@domain.tld" > ~/.forward chmod 600 ~/.forward
Copy in /usr/local/bin/encrypt-mail.sh :
#!/bin/sh -x
# encrypt incoming mail
# Require mblaze
#
# "Initial setup:\n"
# "echo "|/usr/local/bin/encrypt-mail.sh" > ~/.forward\n"
# "chmod 600 ~/.forward\n"
usage() {
printf "usage: $0 [-r email@domain.tld] [-h]\n"
printf " -h: show this help\n"
printf " -r: set recipient email, default to user@hostname\n"
printf "---\n"
exit 1
}
# default user email
recipient="$(whoami)@$(hostname)"
while getopts 'r:h' c
do
case $c in
h) usage ;;
r) recipient="${OPTARG}" ;;
esac
done
tmpcryptd="$(mktemp -d -t mencrypt.XXXXXXXXXX)"
tmpplainmsg="$(mktemp -t msg.XXXXXXXXXX)"
trap "rm -rf ${tmpcryptd} ${tmpplainmsg}" INT TERM EXIT
# check if Maildir/new is here
d="$HOME/Maildir/new"
test ! -d "${d}" && mkdir -p "${d}"
# create a path to a new email
# format:
# gettimeofday().uniqu-id.gethostname()
timeofday="$(date +%s)"
uniq_id="$$"
myhostname="$(hostname | sed -e 's;/;\\057;' -e 's;:;\\072;g')"
new_mail_filename="$HOME/Maildir/new/${timeofday}.${uniq_id}.${myhostname}"
cat > "${tmpplainmsg}"
# check if already encrypted
mhdr -h Content-Type - < "${tmpplainmsg}" |\
grep -q "multipart/encrypted"
if [ $? -eq 0 ]; then
mv "${tmpplainmsg}" "${new_mail_filename}"
exit
fi
# from here, message is unencrypted, so call gpg
{
# print all after header, set mime and encrypt
awk '/^$/,0' "${tmpplainmsg}" |\
mmime |\
gpg --output "${tmpcryptd}/msg.asc" --encrypt --armor --recipient "${recipient}" || exit $?
printf "Version: 1\n" > "${tmpcryptd}/version"
{
awk '1 {print} /^$/ {exit}' "${tmpplainmsg}"
printf "#application/pgp-encrypted %s/version\n" "${tmpcryptd}"
printf "#application/octet-stream %s/msg.asc\n" "${tmpcryptd}"
} |\
mmime -t 'multipart/encrypted; protocol="application/pgp-encrypted"'
} > "${new_mail_filename}"
exit $?