Hi, I am just finishing my first personal email server build so I would really appreciate it if the response to my question can be spelled out in enough detail since I am struggling to fill in the gaps to get this working. I have scoured Google and the archives but I am not fully understanding the implementation for my setup. I am looking for a solution to encrypt email using a mechanism that increases the difficulty of decrypting my email. For example, having a plain-text decryption key on disk would not be suitable. From what I understand mail-crypt supports using the user password supplied via IMAP to decrypt email. Can someone explain how this technically works? i.e. is the private key encrypted in disk and then unlocked using the supplied password? Can someone also please step me through 1. how I would ammen the configuration below in order to set this up. 2. the command required to generate keys 3. Any help in understanding the limitations such as password changes or caveats around generating keys securely I am happy to take my notes and update the wiki to help others. Thanks, Adam # 2.3.8 (9df20d2db): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.8 (b7b03ba2) # OS: Linux 4.18.0-240.1.1.el8_3.x86_64 x86_64 Red Hat Enterprise Linux release 8.3 (Ootpa) # Hostname: mailserver.example.com debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log lda_mailbox_autocreate = yes log_path = /var/log/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " mail_home = /var/mail/%d/%n/ mail_location = maildir:~/mail/ mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location mailbox Archive { auto = create special_use = \Archive } mailbox Drafts { auto = create special_use = \Drafts } mailbox Junk { auto = create special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = create special_use = \Trash } prefix } passdb { args = scheme=CRYPT username_format=%n@%d /etc/dovecot/passdb driver = passwd-file } plugin { recipient_delimiter = - sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /etc/sieve/global/ } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } } service imap-login { inet_listener imap { address = * port = 143 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem ssl_cipher_list ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA: ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384: AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH: !EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes userdb { args = uid=vmail gid=vmail home=/var/mail/%d/%n driver = static } protocol lmtp { mail_fsync = optimized mail_plugins = " sieve" recipient_delimiter = - } -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20201217/9f19f40a/attachment.html>
On 17/12/2020 19.17, Adam Gould wrote:> I am looking for a solution to encrypt email using a mechanism that increases the difficulty of decrypting my email. For example, having a plain-text decryption key on disk would not be suitable.? From what I understand mail-crypt supports using the user password supplied via IMAP to decrypt email.? Can someone explain how this technically works? i.e. is the private key encrypted in disk and then unlocked using the supplied password?I can't offer any solutions, but maybe I can help by asking what scenarios are you trying to protect against? So obviously emails in transit between the server will be protected by SSL encryption. And as you mention IMAP, I think you intend all the emails to stay on the server. So now what does that leave? - You want to protect against an attacker who gains access to the server (how?) and can escalate privileges and read mails on the disk? - You want to protect against an ISP/Data center employee who can get hold of a copy of your VM and read emails from it? - You want to protect data stored in backups? - Other ... So maybe by understanding your fears, it might be possible to suggest solutions. One more random thought. It seems what you're trying to do is like what Lavabit did. They've opensourced their magma server on github, so it might be worth looking at that, if you haven't already 100 committed to dovecot. Possibly not a popular comment in this forum, but I'll risk it! Happy New Year everyone. It is upon us. P.