dovecot - Jan 2011 - Pointers for developing a proper encryption plugin?

Hi all,

One thing that's always itching when I think about mail-servers, is the
storage of e-mail messages in (rather) plain-text.
Meaning, any administrator with sufficient privileges would be able to read
messages not meant for them.
Of course, PGP alike solutions exist, but that's not for the masses.

In my opinion I would like to have e-mail messages stored encrypted using a
(strong) user-supplied password.
That password would ideally be the same as the one the user logs in with.
So for me it's okay to place and enforce that requirement on any of the
users.

Having this in place would for sure reassure external auditors/accountants of
any kind.

Having Google'd from here to 'yonder and consulting experts on Experts
Exhange, I have come up with only this pointer:
http://dovecot.markmail.org/search/?q=dovecot+encrypt#query:dovecot%20encrypt+page:1+mid:khhe646k675x3yfd+state:results
It mention the same issue, and also mentions the non-existence of a solution
(back in May 2010).
But, beforing diving into developing solutions myself, I have to be absolutely
sure that there isn't any solution yet.
And, in consequence of non-existence: what would allow me to fasttrack any
development efforts on this? Is there an overview available where I could learn
the best approach for plugin development? Tutorials maybe?

Kind regards,
Jeroen Zuijderhoudt.

On Jan 3, 2011, at 10:05 AM, dovecot at moorooboorai.com wrote:
> Hi all,
>
> One thing that's always itching when I think about mail-servers, is  
> the storage of e-mail messages in (rather) plain-text.
> Meaning, any administrator with sufficient privileges would be able  
> to read messages not meant for them.
> Of course, PGP alike solutions exist, but that's not for the masses.
>
> In my opinion I would like to have e-mail messages stored encrypted  
> using a (strong) user-supplied password.
> That password would ideally be the same as the one the user logs in  
> with.
> So for me it's okay to place and enforce that requirement on any of  
> the users.
Would forgotten passwords result in lost emails?

// Brad

On 3.1.2011, at 20.05, dovecot at moorooboorai.com wrote:
> One thing that's always itching when I think about mail-servers, is the
storage of e-mail messages in (rather) plain-text.
> Meaning, any administrator with sufficient privileges would be able to read
messages not meant for them.
> Of course, PGP alike solutions exist, but that's not for the masses.
> 
> In my opinion I would like to have e-mail messages stored encrypted using a
(strong) user-supplied password.
> That password would ideally be the same as the one the user logs in with.
> So for me it's okay to place and enforce that requirement on any of the
users.
1) See http://dovecot.org/patches/2.0/mail-filter.tar.gz - you should be able to
use that to pass all emails to a filter that decrypts mails. I'm not happy
that imap process there forks new processes, it should be more like
quota-warning where dovecot master process forks them. So it'll probably
change.

2) I remember Alex Baule has been talking about things more or less related to
this.. Although I'm not longer entirely certain what it is that he's
built. You could try asking him.

* Christian Felsing <hostmaster at taunusstein.net>:
> I would wish that Timo would consider to implement required functions to
> plugin API, so such a plugin would be possible without massive patching
> Dovecot source code.
It would come in handy for archiving mail as well!

-- 
Ralf Hildebrandt
  Gesch?ftsbereich IT | Abteilung Netzwerk
  Charit? - Universit?tsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebrandt at charite.de | http://www.charite.de