Hello, I am new to Dovecot but installation was quite easy, so there is one more LDAP authenticated, Dovecot / Postfix mailbox online, but there is one question left: I would like to set up a configuration, which encrypts every user mail with a unique key. If user logs in, private key should be decrypted with user password and every mail user requests should be decrypted with users private key. If a mail comes in, it should be encrypted with users public key. That key pair should be used for that purpose only. Obviously a GnuPG plugin between deliver and rest of Dovecot is needed. best reagrds Christian
On Wed, 2009-07-15 at 18:26 +0200, Christian Felsing wrote:> I would like to set up a configuration, which encrypts every user mail > with a unique key. If user logs in, private key should be decrypted with > user password and every mail user requests should be decrypted with > users private key. If a mail comes in, it should be encrypted with users > public key. That key pair should be used for that purpose only. > Obviously a GnuPG plugin between deliver and rest of Dovecot is needed.Feel free to write such a plugin. :) Decryption could be done the same way as zlib plugin works. Encryption would need a bit more work. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20090715/bf3b2cbf/attachment-0002.bin>
Christian Felsing schrieb:> Hello, > > I am new to Dovecot but installation was quite easy, so there is one > more LDAP authenticated, Dovecot / Postfix mailbox online, but there is > one question left: > > I would like to set up a configuration, which encrypts every user mail > with a unique key. If user logs in, private key should be decrypted with > user password and every mail user requests should be decrypted with > users private key. If a mail comes in, it should be encrypted with users > public key. That key pair should be used for that purpose only. > Obviously a GnuPG plugin between deliver and rest of Dovecot is needed. > > best reagrds > Christiani might fail but this is not the job for an imap server what you need is a gpg gateway mailserver the only open source i found is here http://www.djigzo.com/ comercial http://www.zertificon.com/ if there are other solutions , i will be happy to hear about it -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
The only benefit this would being, is email being saved on the server would be encrypted. Otherwise it offers no protection. I guess if you paranoid that the system admin might read your emails, but then, he can just as easily read them as they come in or out of the system. Quoting Christian Felsing <hostmaster at taunusstein.net>:> Hello, > > I am new to Dovecot but installation was quite easy, so there is one > more LDAP authenticated, Dovecot / Postfix mailbox online, but there is > one question left: > > I would like to set up a configuration, which encrypts every user mail > with a unique key. If user logs in, private key should be decrypted with > user password and every mail user requests should be decrypted with > users private key. If a mail comes in, it should be encrypted with users > public key. That key pair should be used for that purpose only. > Obviously a GnuPG plugin between deliver and rest of Dovecot is needed. > > best reagrds > Christian >
So I have to inspect zlib plugin (and Dovecot) code ;-) If plugin "knows" username, it needs a way to get user password in clear text and of course his username to find and decrypt users private key. These items have to be saved in a secure way, while user is logged in. Obviously there are several differences to zlib plugin. If plugin API supports these extra requirements, it should be possible to write such a plugin which will stay compatible to future Dovecot versions. Encryption should be done in deliver tool, so there is no requirement to touch MTA (e.g. Postfix) code. Deliver tool must know dest. mail adress, so it can ask LDAP for the right public key. Does deliver also support plugins ? Christian Timo Sirainen schrieb:> Feel free to write such a plugin. :) Decryption could be done the same > way as zlib plugin works. Encryption would need a bit more work. >
On Wednesday 15 of July 2009, Patrick Domack wrote:> The only benefit this would being, is email being saved on the server > would be encrypted. Otherwise it offers no protection. > > I guess if you paranoid that the system admin might read your emails, > but then, he can just as easily read them as they come in or out of > the system.Actually such encryption is interesting as a protection in case when someone steals server hardware/disks. -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/