pect is something I have been cooking up for a while. I once set up a business, Enqoder to offer this service to the masses, however, with the creation of ProtonMail, I dropped it in favour of them.

However, even as a premium user, I found there were a few limitations.

So, despite my moans, and the lack of response from their support team on matters, I decided to see what I could do. I got my old Enqoder code out from cold storage and quickly realised it was too complicated and had some issues when it came to encrypting specific email content, so that got scrapped and I worked on something new, and not in PHP.

pect enables all inbound and outbound messages to be opportunistically encrypted with GPG, works alongside Dovecot to provide the IMAP layer and works flawlessly with Enigmail (Thunderbird), gpgtools (Mac), or any other GPG enabled email client.

For email addresses which do not have a public key stored, the message will be passed through as plain text - this is ideal as an outbound solution for external contacts that have GPG and you wish for messages to be encrypted automatically.

Messages are checked to make sure they are not already encrypted, and if they are, they are left untouched.

Requirements

Install Instructions

Create a pect user and where needed, create the home directory as well.

Check the code out:

git clone [email protected]:andydixon/pect.git

Add the following to /etc/postfix/master.cf:

127.0.0.1:10026 inet    n       -       -       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

pect  unix    -       n       n       -       10      pipe
    flags=Rq user=pect      null_sender=
    argv=/path/to/pect ${recipient} ${sender} ${original_recipient}

Replacing /path/to/pect to the full path of where pect is stored (and made executable, of course).

If postfix is running amavisd, you need to make a change on in the :10025 section of /etc/postfix/master.cf:

127.0.0.1:10025 inet    n       -       -       -       -       smtpd
    -o content_filter=pect
    -o local_recipient_maps=

The next important step is to add public keys to pect’s keychain so that it can encrypt your messages. If you want to cover multiple email addresses, then you need to add a public key for each email address to be encrypted, or have a public key which covers all the addresses.

Please make sure that you ONLY add the Public Key and not your private key. Adding the private key is a bit of a dick move.

At this moment in time, these need to be done as the pect user, although this will be sorted hopefully with a future update.

su - pect
gpg --import publicKey.pub

or

su - pect
curl http://www.andydixon.com/public.key | gpg --import

If you need help, get in touch, I would be happy to help, either by email, [email protected] or through Twitter, @andydixon.

Found bugs or have feature requests? Awesome! Raise an issue on GitHub and it will be reviewed, probably added or fixed, or if you want to get involved, pull requests are always accepted. Fixed bugs for hugs.