See https://grepular.com/Automatically_Encrypting_all_Incoming_Email

This application takes one argument on the command line. The email address to
look up the public key that the message will be encrypted with. An email
message is piped through the application, and the resulting email is sent to
STDOUT encrypted with the relevant public key. If you provide multiple email
addresses, then the message will be encrypted with multiple keys. There are
several options to do with the type of encryption used, ie PGP/MIME or inline
and these can be discovered by running the script without any arguments to
read the usage information.

If the message is already encrypted, it doesn't get encrypted a second time.

Exim users can use the transport_filter directive in a transport in order to
call this application, like so:

  transport_filter = /bin/gpgit.pl my.email.address@example.com

Procmail users can add a procmail recipe as follows

  :0 f
  | /bin/gpgit.pl my.email.address@example.com

If you call gpgit.pl from a different application, I'd love to hear from you so
I can update this README file.