I am trying to create a system that will intercept emails coming into various email addresses and catalogue them, along with all of their attachments. These attachments are all files that we need to load into another system. Currently, we are using Outlook Macros to drop all of the attachments to a directory and load them that way. Unfortunately, this method does not lend itself easily to tracking which emails had which attachments. If we want to ensure we are accounting for every document we have received, we need a more robust approach.
So, I am building an EWS-based Windows service. The idea is that it will subscribe to all of the email addresses that I want to manage. So, it will know about all new emails, catalogue them, and track the attachments. It works well for most emails, but emails sent securely need to be viewed by a person (as those emails require a log-in to a secure server somewhere to view the message and download attachments). But, digitally signed emails, I just wind up downloading an attachment named 'smime.p7m'. I found a post on this forum that shows me how to grab the attachments, but what about if the email body is digitally signed? Is there a way I could extract that, as well?
I decided to go with the MimeKit approach described here (it is not the accepted answer, but several of the answers deal with MimeKit, so I decided to check it out, and it looks promising).
My current approach is, if the email body was not digitally signed, then I can load that into my system directly from the base email. But, if it is digitally signed, then I need to grab it from the smime.p7m file, and that is where I am running into trouble. I have no problem using the examples to extract the attachments, though. Currently, I have no examples of a digitally signed email body. But, I would like to be proactive and find a solution before it does happen and a user asks why the email body is missing. Alternately, it would be equally helpful to know if this is not possible, and the only portion of an email that gets digitally signed would be the attachments (in which case, I can ignore this completely). That would actually be the best case scenario!
Generally, when a message is signed via S/MIME, the entire message (including the body and attachments) are signed.
Theoretically, it is possible for each individual component of the message to be signed individually, but that's not how most mail clients work (I don't know of any that do anything other than signing the entire message).
If you want to make sure to handle any scenario, just make sure to handle all MultipartSigned parts and/or ApplicationPkcs7Mime parts within the message and then you'll be sure to handle all scenarios (in other words, don't assume there is only ever 1 of those).