diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
index 3f33e3a38c6..604d0220fe0 100644
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@@ -429,6 +429,9 @@ module Email
     def create_post_with_attachments(options={})
       # deal with attachments
       @mail.attachments.each do |attachment|
+        # always strip S/MIME signatures
+        next if attachment.content_type == "application/pkcs7-mime".freeze
+
         tmp = Tempfile.new("discourse-email-attachment")
         begin
           # read attachment
diff --git a/lib/validators/upload_validator.rb b/lib/validators/upload_validator.rb
index b200fc16c32..23cfe2f8110 100644
--- a/lib/validators/upload_validator.rb
+++ b/lib/validators/upload_validator.rb
@@ -5,7 +5,11 @@ module Validators; end
 class Validators::UploadValidator < ActiveModel::Validator
 
   def validate(upload)
-    return true if upload.is_attachment_for_group_message && SiteSetting.allow_all_attachments_for_group_messages
+    # allow all attachments except S/MIME signatures
+    # cf. https://meta.discourse.org/t/strip-s-mime-signatures/46371
+    if upload.is_attachment_for_group_message && SiteSetting.allow_all_attachments_for_group_messages
+      return upload.original_filename != "smime.p7s".freeze
+    end
 
     extension = File.extname(upload.original_filename)[1..-1] || ""