Sometimes Good Enough Really Sucks
Since I began using gmail as a spam filter, I've certainly noticed less spam coming into my mailbox. It's not perfect, but it cuts down on a lot. However, it's still not perfect.
As I'm just using forwarding to send everything to gmail, any mail that would go to my mailbox ends up going to gmail. There's a lot of locally generated mail for which this is not desirable (root mail, security sensitive stuff, etc...). All of this stuff is getting indexed over at google, and while in practice, that's not that big of a deal, in theory, some important sensitive information might just end up in there and my gmail account might be compromised, and various bad things will happen to my cat.
Now, the obvious solution for this new problem is to conditionally forward the mail so stuff that's supposed to be local stays local. I thought I'd try something a little more interesting, though. What if instead of trying to identify automatically generated email that originates locally and bypassing the filter somehow, I just encrypt it?
So I started work on figuring out how to create content filters for postfix. I currently have a simple filter (too simple) that figures out any email that's originating from one of my local machines and encrypts the body with gpg for four different recipients (two keys each for two people who are likely to ever even receive these emails).
The current filter is primitive, but it's effective. It's actually just a little bit too effective, in that it seems to prevent me from developing the motivation required to actually do stuff the right way. The right way, of course, involves creating an SMTP server that runs as a daemon and proxies requests into another postfix SMTP listener. With this advanced filter
config, I can do a before-queue filter that is applied conditionally based on access or header or body checks. This greatly increases efficiency in two ways: 1) the filter becomes persistent (instead of forking a new child per filter request) and 2) since I only want it applied to a small amount of my mail, I can avoid the filter altogether most of the time.
But I probably won't now that I have it working well enough.