SMIME is an interesting protocol that is a bit tricky to implement. Its tricky to _create_ an SMIME mail in the first place as email content changes every step through the email transition. This of course means the digest must be calculated for only a portion of the mail (the secure part). When I had to do this it meant constructing a headerless multipart MIME mail, and then using OpenSSL (iirc) to sign it.

I did a bit of research into setting up a secure email gateway once, and I reckon it would behave similarly. A mail is received by the gateway. It would remove the preexisting headers, use the sender name to lookup a certificate, sign the content, and then put the headers back on.

Incidentally we used MIME::Parser/MIME::Entity to handle the mime stuff.... And it looks like the module you refernce is just the thing to do all of this. It looks like it handles all the tricky stuff we had to hand code.

Incidentally if you do a super search for my name and SMIME I think you will find some code we wrote ages back to do our signing. (That I had permission to release) Its probably out of date and not very useful but it may be worth a quick gander. I dont remember. :-)