Auto-encrypting outgoing server monitoring emails

Background: I set up a server with mail/ssmtp and sysutils/logwatch because I wanted to painlessly monitor system security. Logwatch sent me a nice email, pretty much out-of-the-box, but when I read it I realized that the information in the body is sensitive. So I asked myself: why not encrypt the message with my gnupg public key before sending?

I came up with this script. Clearly it is only useful for logwatch because of the hardcoded line numbers:


while read line; do
done < /dev/stdin

HEAD="$(echo -e "$INPUT" | head -9 | tail -8)"
TAIL=$(echo -e "$INPUT" | tail -n+13)
ENC=$(echo -e "$TAIL" | gpg -ea -r <my email address> -o -)
echo -e "$FINAL"

Then in logwatch.conf I set mailer = | ssmtp -t. So this works fine and the email gets sent end-to-end encrypted which is great.

But now: How can we automatically encrypt all outgoing mail? Ideally the smtp agent would check if there is a public key for the recipient and automatically encrypt the body. Then all email that leaves the server would get the same treatment (crons, revaliases, etc).

There's a few addons for postfix which claim to address this: and But one of the reasons I have ssmtp is that I am not an email expert and I need simplicity.

Thoughts? Experiences? Feedback?