Hi Andreas
I don't know about that tool, but I don't see any problem in simply calling GPG after you've generated the email body to encrypt (and perhaps sign) that, whereafter you can pass it to the MTA.
Wouldn't that mean that I have to change the script that generates the eMail?
Not necessarily. You do need to change it if the script calls the MTA. If it doesn't, but, for example, dumps the email to a file where a cron job collects it, you don't.
This is what I can't / not supposed to do.
You weren't very explicit in your original email. You'd written:
Because I am not supposed to change the application I am looking for a tool that sits in between the generation of the eMail and the MTA.
Which is exactly what my proposed solution does (sit in between email generation and the MTA). It is unclear to me what the application that you shan't change does. Cheers Tobias