Added possibility to define a regex for finding recipients to decrypt for and also adding possibility to use default keys for domain ranges

gpg-mailgate.conf.sample

@@ -35,6 +35,14 @@ mail_case_insensitive = no
 # side effects. So if you want to take the risk set this to no.
 no_inline_dec = yes
 
+# Here you can define a regex for which the gateway should try to decrypt mails.
+# It could be used to define that decryption should be used for a wider range of
+# mail addresses e.g. a whole domain. No key is needed here. It is even active if 
+# dec_keymap is set to yes. If this feature should be disabled, don't leave it blank.
+# Set it to None. For further regex information please have a look at
+# https://docs.python.org/2/library/re.html
+dec_regex = None
+
 [gpg]
 # the directory where gpg-mailgate public keys are stored
 # (see INSTALL for details)
@@ -88,6 +96,22 @@ password = password
 # You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
 #you@domain.tld = 12345678
 
+[enc_domain_keymap]
+# This seems to be similar to the [enc_keymap] section. However, you
+# can define default keys for a domain here. Entries in the enc_keymap
+# and individual keys stored on the system have a higher priority than
+# the default keys specified here.
+#
+#
+# You can find these by running the following command:
+#	gpg --list-keys --keyid-format long user@example.com
+# Which will return output similar to:
+#	pub   1024D/AAAAAAAAAAAAAAAA 2007-10-22
+#	uid                          Joe User <user@example.com>
+#	sub   2048g/BBBBBBBBBBBBBBBB 2007-10-22
+# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
+#domain.tld = 12345678
+
 [dec_keymap]
 # You can find these by running the following command:
 #	gpg --list-secret-keys --keyid-format long user@example.com

gpg-mailgate.py

@@ -80,12 +80,21 @@ def gpg_decrypt( raw_message, recipients ):
 
 	keys = GnuPG.private_keys( cfg['gpg']['keyhome'] )
 
+	if get_bool_from_cfg('default', 'dec_regex'):
+		dec_regex = cfg['default']['dec_regex']
+	else:
+		dec_regex = None
+
 	for fingerprint in keys:
 		keys[fingerprint] = sanitize_case_sense(keys[fingerprint])
 
 	for to in recipients:
 		if to in keys.values() and not get_bool_from_cfg('default', 'dec_keymap_only', 'yes'):
 			gpg_to.append(to)
+		# Is this recipient defined in regex for default decryption?
+		elif not (dec_regex is None) and not (re.match(dec_regex, to) is None):
+			log("Using default decrytion defined in dec_regex for recipient '%s'" % to)
+			gpg_to.append(to)
 		elif get_bool_from_cfg('dec_keymap', to):
 			log("Decrypt keymap has key '%s'" % cfg['dec_keymap'][to] )
 			# Check we've got a matching key! If not, decline to attempt decryption. The key is checked for safty reasons.
@@ -302,12 +311,29 @@ def gpg_encrypt( raw_message, recipients ):
 			else:
 				log("Key '%s' in encrypt keymap not found in keyring for email address '%s'." % (cfg['enc_keymap'][to], to))
 
+		# Check if key in keychain is present
 		if to in keys.values() and not get_bool_from_cfg('default', 'enc_keymap_only', 'yes'):
 			gpg_to.append( (to, to) )
-		else:
-			if verbose:
-				log("Recipient (%s) not in PGP domain list for encrypting." % to)
-			ungpg_to.append(to)
+			continue
+
+		# Check if there is a default key for the domain
+		splitted_address = address.split('@')
+		if len(splitted_address) > 1:
+			domain = splitted_address[1]
+			if get_bool_from_cfg('enc_domain_keymap', domain):
+				log("Encrypt domain keymap has key '%s'" % cfg['enc_dec_keymap'][domain] )
+				# Check we've got a matching key!
+				if cfg['enc_domain_keymap'][domain] in keys:
+					log("Using default domain key for recipient '%s'" % to)
+					gpg_to.append( (to, cfg['enc_domain_keymap'][domain]) )
+					continue
+				else:
+					log("Key '%s' in encrypt domain keymap not found in keyring for email address '%s'." % (cfg['enc_domain_keymap'][domain], to))
+		
+		# At this point no key has been found
+		if verbose:
+			log("Recipient (%s) not in PGP domain list for encrypting." % to)
+		ungpg_to.append(to)
 
 	if gpg_to != list():
 		log("Encrypting email to: %s" % ' '.join( map(lambda x: x[0], gpg_to) ))