# Auto-encrypting outgoing server monitoring emails



## aw256 (Jun 10, 2021)

Background: I set up a server with mail/ssmtp and sysutils/logwatch because I wanted to painlessly monitor system security. Logwatch sent me a nice email, pretty much out-of-the-box, but when I read it I realized that the information in the body is sensitive. So I asked myself: why not encrypt the message with my gnupg public key before sending?

I came up with this script. Clearly it is only useful for logwatch because of the hardcoded line numbers:


```
#!/bin/sh

INPUT=""
while read line; do
  INPUT="${INPUT}\n${line}"
done < /dev/stdin

HEAD="$(echo -e "$INPUT" | head -9 | tail -8)"
TAIL=$(echo -e "$INPUT" | tail -n+13)
ENC=$(echo -e "$TAIL" | gpg -ea -r <my email address> -o -)
FINAL="${HEAD}\n${ENC}"
echo -e "$FINAL"
```

Then in logwatch.conf I set `mailer = mailer.sh | ssmtp -t`. So this works fine and the email gets sent end-to-end encrypted which is great.

But now: *How can we automatically encrypt all outgoing mail? *Ideally the smtp agent would check if there is a public key for the recipient and automatically encrypt the body. Then all email that leaves the server would get the same treatment (crons, revaliases, etc).

There's a few addons for postfix which claim to address this: https://github.com/infertux/zeyple and https://github.com/fkrone/gpg-mailgate. But one of the reasons I have ssmtp is that I am not an email expert and I need simplicity.

Thoughts? Experiences? Feedback?


----------

