signing-milter enables you to s/mime sign an ordinary mail while passing a MTA. It is written in C and tested with the postfix MTA. It should work with any MTA implementing the milter protocol.
News 2016-07-07: We have written another version of this milter in C++14.
Signing emails allows the receiver to trust the content much more then only relying on the senderaddress. So signing mails is a way to a increase your reputation. Sometimes you are unable to sign all mail as a person using an MUA. You may want to sign all mails generated by your trusted system. Here signing-milter may help.
There are two standards for signing mail: PGP and S/MIME. signing-milter supports S/MIME.
While you inject plain, wellformatted mail into your MTA, signing-milter capture the whole mail, extracts the envelope sender and consults a lookuptable to find a corresponding private key and certificate. If all matches, the MTA is instructed via the milter protocol to replace the whole mailbody with a signed one. The mailheaders are properly adjusted to reflect changed content-types and mime format.
You can download the C++ version named sigh on Github v1607.1.0.tar.gz.
Demonstrating signed mails is a little bit boring. Neverless we setup a autoresponder replying with a signed mail. The certificate used by the autoresponder is issued by CACert.org. Ask for permission to use this service at regular intervals.
Currently there is no more documentation then the manpage, the code itself and this Wiki. Feel free to add content to this wiki!
Documentation for sigh is included in the source tree of the project. See the README.build file for required dependencies and how to create the binary. There is also a man page and two example configuration files that describe in detail how to get the milter up and running.
signing-milter is licensed unter the terms of GNU General Public License as published by the Free Software Foundation. Only version 2 of the License is applicable.
sigh is licensed und the GNU General Public License version 3.
sigh was written by Christian Roessner. Some ideas are based on the original code from Andreas Schulze. As the code is written in C++, the OpenSSL part is mostly done with smart-pointers to prevent memrory leaks. Coding this way was based on ideas given by people on stackoverflow.
You may contact the author per e-mail and the mailing lists.