Mutt GPG – How to Encrypt for Only One Specific Recipient

mutt

I'm trying to set up a send-hook so that gpg encryption is enabled when I send to a specific recipient, but if it's sent to other recipients as well, then encryption is disabled. However, send-hooks seem to fire when a particular recipient is anywhere in the recipient list, regardless of who else is present.

Ideally, I'd encrypt if it goes to foo@bar.com, but not if goes to foo@bar.com, not@this.com, or@whatever.com. The mutt manual says

When multiple matches occur, [send-hook] commands are executed in the order they are specified in the muttrc.

Hence, I put the following in my muttrc. If mail is sent to foo@bar.com, then enable autoencrypt. However, if there is a recipient that is not foo@bar.com, then unset autoencrypt.

send-hook . unset crypt_autoencrypt
send-hook "!~l ~t ^foo@bar\\.com$" "set crypt_autoencrypt"
send-hook "!~l !~t ^foo@bar\\.com$" "unset crypt_autoencrypt"

However, it doesn't seem to work. It seems that send-hooks don't seem to parse each individual recipient separately. Even if I address mail to foo@bar.com, not@this.com, mutt attempts to encrypt it.

Workaround

I can get around this with a very ugly hack.

send-hook . unset crypt_autoencrypt
send-hook "!~l ~t ^foo@bar\\.com$" "set crypt_autoencrypt"
send-hook "!~l ~t [^r]\\.com$" "unset crypt_autoencrypt"

If I send an email to a .com address that has a non-r character preceding, then it won't encrypt. There are obviously lots of …r.com addresses that aren't foo@bar.com, so I have to extend the third line as follows.

send-hook "!~l ~t '([^r]\\.com|[^a]r\\.com)$" "unset crypt_autoencrypt"

This also excludes …r.com addresses with a non-a character preceding too. I just repeat this sequence a few more times.

The major problem with this is that send-hooks don't seem to fire for cc: addresses, making this whole third line moot if the email is cc:ed to not@this.com.

Best Answer

In muttrc, use

set crypt_opportunistic_encrypt = yes

From $ man 5 muttrc

crypt_opportunistic_encrypt
      Type: boolean
      Default: no

      Setting this variable will cause Mutt to automatically enable
      and disable encryption, based on whether all message recipient
      keys can be located by mutt.

      When this option is enabled, mutt will determine the encryption
      setting each time the TO, CC, and BCC lists are edited.  If
      $edit_headers is set, mutt will also do so each time the
      message is edited.

      While this is set, encryption settings can't be manually
      changed.  The pgp or smime menus provide an option to disable
      the option for a particular message.

      If $crypt_autoencrypt or $crypt_replyencrypt enable encryption
      for a message, this option will be disabled for the message.  It
      can be manually re-enabled in the pgp or smime menus.  (Crypto
      only)

This also inspects cc:ed addresses for validity. Unfortunately, as per the second-last paragraph, this overrides many useful settings. For example, I have set pgp_autoinline = yes, which is deprecated, but necessary for sending to older clients¹, which don't support PGP/MIME.

¹ For example, Android's K-9 + APG. AFAIK this is the only FOSS Android email client that reads PGP-encrypted email at all, but only in a limited fashion. (EDIT: K-9 + openkeychain now supports PGP/MIME.)

Related Solutions

Changing SMTP authentication in mutt based on From e-mail address

You could switch to esmtp, there it is pretty trivial:

identity myself@gmail.com
        hostname smtp.googlemail.com:25
        username "myself@gmail.com"
        password "secret"
        starttls enabled
        default

identity mysecondaccount@gmail.com
        hostname smtp.googlemail.com:25
        username "mysecondaccount@gmail.com"
        password "evenmoresecret"
        starttls enabled
        default

Automatically send from specific email addresses in Mutt

You can configure mutt to use different from addresses (via your ~/.muttrc), e.g.:

set use_from = yes
set envelope_from = yes
set from = default@example.org
set realname = "Default Realname"
# list of all your addresses
alternates @example\.org$

You can setup some macros to explicitly switch the from before composing a new mail:

macro index \e1 "set from=foo@example.org\n" "Select foo address"
macro index \e2 "set from=bar@example.org\n" "Select bar address"
# ...

When replying to an email, you can configure mutt to automatically use the to-header as from address (this is point 2 from your question):

set reverse_name=yes

Don't reuse the real name - helps when people send you crap like "foo@example.org" <foo@example.org>:

set reverse_realname=no

Then you can set up some hooks to make things depend on header values - e.g. to use different fcc folders:

fcc-hook '~f ^foo@example\.org' '=foo'

(There are also other hooks, like send-hook etc.)

I would look into the hooks to implement something like point 1 from your question. Although, you would need some external scripting to maintain such a database.

Depending on your current MTA setup you may have to change its config as well, i.e. such that it accepts different envelope froms.

It is also possible to use different SMTP relays depending on e.g. the hostname of the envelope from - but this must be configured in the MTA.

Workaround

Best Answer

Related Solutions

Changing SMTP authentication in mutt based on From e-mail address

Automatically send from specific email addresses in Mutt

Related Question