dovecot - Oct 2013 - Encryption solution for messages at rest

Hi,

We have clients with various security & compliance requirements. Although
not required, it would be ideal to have messages encrypted at rest. We already
use SSL/TLS to secure the transmission of most email. However, it would be nice
to have them encrypted sitting on our server. Is anyone doing this? I think that
ideally, rather than full-disk encryption, we should use an encryption that
encrypts the actual email messages as they sit on our file system. This way even
if we ever had our server breached by an attacker, they wouldn't be able to
do anything with the messages. However, this would also mean that if the
attacker can't decrypt the files, than dovecot and postfix still would need
to. This means that the encryption key would need to be available to the dovecot
deamon. We'd either need to have it in a file that is restricted to access
only by dovecot (less secure), or use an encryption passphrase for the
certificate which would have to be typed in manually each time that dovecot
starts or restarts (more secure, but also more work and possibility of
disruption because the server can't restart gracefully without a human being
having to be present [although I don't think we have issues with unexpected
restarts anyway]).

Is anyone doing anything like this with dovecot?

Thanks!!
-
Doug Mortensen
Network Consultant
Impala Networks Inc
CCNA, MCSA, Security+, A+
Linux+, Network+, Server+
A.A.S. Information Technology
.
www.impalanetworks.com
P: (505) 327-7300
F: (505) 327-7545

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Am 28.10.2013 17:02, schrieb Douglas Mortensen:
> Hi,
> 
> We have clients with various security & compliance requirements.
> Although not required, it would be ideal to have messages encrypted
> at rest. We already use SSL/TLS to secure the transmission of most
> email. However, it would be nice to have them encrypted sitting on
> our server. Is anyone doing this? I think that ideally, rather than
> full-disk encryption, we should use an encryption that encrypts the
> actual email messages as they sit on our file system. This way even
> if we ever had our server breached by an attacker, they wouldn't be
> able to do anything with the messages. However, this would also
> mean that if the attacker can't decrypt the files, than dovecot and
> postfix still would need to. This means that the encryption key
> would need to be available to the dovecot deamon. We'd either need
> to have it in a file that is restricted to access only by dovecot
> (less secure), or use an encryption passphrase for the certificate
> which would have to be typed in manually each time that dovecot
> starts or restarts (more secure, but also more work and possibility
> of disruption because the server can't restart gracefully without a
> human being having to be present [although I don't think we have
> issues with unexpected restarts anyway]).
> 
> Is anyone doing anything like this with dovecot?
perhaps
look at

https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve
> 
> Thanks!! - Doug Mortensen Network Consultant Impala Networks Inc 
> CCNA, MCSA, Security+, A+ Linux+, Network+, Server+ A.A.S.
> Information Technology . www.impalanetworks.com P: (505) 327-7300 
> F: (505) 327-7545
> 

Best Regards
MfG Robert Schetterer

- -- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstra?e 15, 81669 M?nchen

Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSbpyxAAoJEP8jBObu0LlEFmUH/0i8vKvqvIC9d3AX/QHpd7G6
+ybdiRsndYnyrOMVoRf/P0L9S2QL/FY/stQ3s4xmIZbZAlh2qQI6PhcZRPDJD1pA
59bJppKwZmm37+uj+gEYgNWdG08Adtr9xsreKvYr97Un/9W/psXYxstswITLXC9Q
8/7n4S/GBUkG36924EvtSr+nrl5HrMKgY9H5XBVz/KAauK6NYy9A3UyiaNaGVgnJ
Sd58ZgMKuk84pkSFov+uj5VNz84btyfH3JQowZwN3tN8hxrmqDdkEpO38LB87PMX
/sJprTisgS5WetB9GOXcSY2rbpE7I5uL3VycA/46nB1PQHe2zRY9ZQEdTNHOiTQ=NEp8
-----END PGP SIGNATURE-----

On 10/28/2013 12:02 PM, Douglas Mortensen wrote:
> Hi,
> 
> We have clients with various security & compliance requirements.
> Although not required, it would be ideal to have messages encrypted
> at rest.
You can rule out a lot of the crazier options by answering the questions,

(a) What attack scenario do you have in mind?

(b) How will encryption help?

Currently our dovecot servers are on our webhosting linux boxes. We are using
the LAMP stack to host websites, and also doing email with postfix & dovecot
on these systems. We provide this as a hosting setup for 100+ accounts/websites
on a single server (a multi-tenant setup). Each customer has anywhere between
1-100 email accounts which Dovecot services.

If a customer has vulnerable PHP code on a website, some of these will allow a
remote file upload. I have seen cases where they upload a PHP script that is a
sort of web-based console/shell to the server (file-system, etc.). It provides
several tools which all run through the uploaded PHP script to try to brute
force and do other attacks. I've seen attempts at a root exploit. We've
never had a root exploit and any such case of a customer's site being hacked
has been easily contained by simple filesystem permissions being correct (and
the fact that we have apache setup to run all scripts as the user who is the
owner of the script files, which confines the script to that users'
permissions). Still nobody loves the idea of bad guys trying to hack on your
box.

So.... given that type of scenario, if filesystem permissions weren't
correct, or some new exploit surfaced that allowed someone bypass or elevate to
root, then they could theoretically have access to the entire fileystem
including where emails are stored.

I hope to never have this sort of thing happen. We patch our systems regularly
and have other security measures we follow to prevent this. We also are managing
most of the PHP scripts customers use ourselves now and are updating those for
the CMS' and other systems proactively.

However, it would be nice to know that even if we were breached, the emails on
the server were encrypted and would be completely useless to an attacker.

This type of encryption is ideal and some regulations prefer (although don't
require) it.
-
Doug Mortensen
Network Consultant
Impala Networks
P: 505.327.7300

-----Original Message-----
From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On
Behalf Of Michael Orlitzky
Sent: Monday, October 28, 2013 11:52 AM
To: dovecot
Subject: Re: [Dovecot] Encryption solution for messages at rest

On 10/28/2013 12:02 PM, Douglas Mortensen wrote:
> Hi,
> 
> We have clients with various security & compliance requirements.
> Although not required, it would be ideal to have messages encrypted at 
> rest.
You can rule out a lot of the crazier options by answering the questions,

(a) What attack scenario do you have in mind?

(b) How will encryption help?

> Date: Tue, 29 Oct 2013 08:54:04 +0100
> From: Robert Schetterer <rs at sys4.de>
> To: dovecot at dovecot.org
> Subject: Re: [Dovecot] Encryption solution for messages at rest
> Message-ID: <526F699C.9080402 at sys4.de>
> Content-Type: text/plain; charset=ISO-8859-1
>
>
> you shouldnt host mail/imap services on the same servers with massive
> http hosting,

You shouldn't host anything else on a webserver FULLSTOP.

Webservers are best treated as "disposable" and should be heavily 
sandboxed. Any resources they can use should be vetted and ideally set 
as "read only"

Inbound external access should be firewalled down to the webserver ports 
and OUTBOUND traffic should be firewalled too (If it has no business 
initiating external connections then block all SYNs), in order to stop 
it becoming a DDoS zombie.

It's foolish (at best) to have mail servers running on a webserver, 
because if it's compromised it can immediately be used as a spam engine 
without much further effort.

At least if it has to hand mail off to another mailserver you have a 
chance to run outbound filtering on the emitted mail without worrying 
about that being compromised too.

On 28.10.2013, at 18.02, Douglas Mortensen <doug at impalanetworks.com>
wrote:
> We have clients with various security & compliance requirements.
Although not required, it would be ideal to have messages encrypted at rest. We
already use SSL/TLS to secure the transmission of most email. However, it would
be nice to have them encrypted sitting on our server. Is anyone doing this? I
think that ideally, rather than full-disk encryption, we should use an
encryption that encrypts the actual email messages as they sit on our file
system. This way even if we ever had our server breached by an attacker, they
wouldn't be able to do anything with the messages. However, this would also
mean that if the attacker can't decrypt the files, than dovecot and postfix
still would need to. This means that the encryption key would need to be
available to the dovecot deamon. We'd either need to have it in a file that
is restricted to access only by dovecot (less secure), or use an encryption
passphrase for the certificate which would have to be typed in manually each
time that dovecot starts or restarts (more secure, but also more work and
possibility of disruption because the server can't restart gracefully
without a human being having to be present [although I don't think we have
issues with unexpected restarts anyway]).
> 
> Is anyone doing anything like this with dovecot?
http://dovecot.org/patches/2.2/mail-filter.tar.gz could be used as the base for
this.

So I suppose you're not a fan of the email hosting systems on the planet
that bundle many services onto 1 box. Thanks for the feedback.

-
Doug Mortensen
Network Consultant
Impala Networks
P: 505.327.7300

-----Original Message-----
From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On
Behalf Of Alan Brown
Sent: Tuesday, October 29, 2013 10:05 AM
To: dovecot
Subject: [Dovecot] Encryption solution for messages at rest

> Date: Tue, 29 Oct 2013 08:54:04 +0100
> From: Robert Schetterer <rs at sys4.de>
> To: dovecot at dovecot.org
> Subject: Re: [Dovecot] Encryption solution for messages at rest
> Message-ID: <526F699C.9080402 at sys4.de>
> Content-Type: text/plain; charset=ISO-8859-1
>
>
> you shouldnt host mail/imap services on the same servers with massive 
> http hosting,

You shouldn't host anything else on a webserver FULLSTOP.

Webservers are best treated as "disposable" and should be heavily
sandboxed. Any resources they can use should be vetted and ideally set as
"read only"

Inbound external access should be firewalled down to the webserver ports and
OUTBOUND traffic should be firewalled too (If it has no business initiating
external connections then block all SYNs), in order to stop it becoming a DDoS
zombie.

It's foolish (at best) to have mail servers running on a webserver, because
if it's compromised it can immediately be used as a spam engine without much
further effort.

At least if it has to hand mail off to another mailserver you have a chance to
run outbound filtering on the emitted mail without worrying about that being
compromised too.

On 10/28/2013 9:02 AM, Douglas Mortensen wrote:
> Hi,
>
> We have clients with various security & compliance requirements.
Although not required, it would be ideal to have messages encrypted at rest. We
already use SSL/TLS to secure the transmission of most email. However, it would
be nice to have them encrypted sitting on our server. Is anyone doing this? I
think that ideally, rather than full-disk encryption, we should use an
encryption that encrypts the actual email messages as they sit on our file
system. This way even if we ever had our server breached by an attacker, they
wouldn't be able to do anything with the messages. However, this would also
mean that if the attacker can't decrypt the files, than dovecot and postfix
still would need to. This means that the encryption key would need to be
available to the dovecot deamon. We'd either need to have it in a file that
is restricted to access only by dovecot (less secure), or use an encryption
passphrase for the certificate which would have to be typed in manually each
time that dovecot starts or restarts (more secure, but also more work and
possibility of disruption because the server can't restart gracefully
without a human being having to be present [although I don't think we have
issues with unexpected restarts anyway]).
>
> Is anyone doing anything like this with dovecot?
>
> Thanks!!
> -
> Doug Mortensen
> Network Consultant
> Impala Networks Inc
> CCNA, MCSA, Security+, A+
> Linux+, Network+, Server+
> A.A.S. Information Technology
> .
> www.impalanetworks.com
> P: (505) 327-7300
> F: (505) 327-7545
>
I use OpenVZ which is a near 0 overhead virtualization for Linux only. 
So I create a separate virtual machine for web services and email 
services. So someone hacking the web will never get at the email because 
it's not there. It also allows me to back them up separately and 
move/restore them separately on different computers.