Can I encrypt already existant unencrypted mail before I start using the mail-crypt plugin?

Tue Feb 21 22:29:32 UTC 2023

On Tuesday, February 21st, 2023 at 09:54, Aki Tuomi <aki.tuomi at open-xchange.com> wrote:

> > On 16/02/2023 07:18 EET mailinglist-subscriptions mailinglist-subscriptions at protonmail.com wrote:
> > 
> > Hi,
> > 
> > I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts.
> > 
> > I'd like to start using the mail-crypt plugin. However, I'm having a bit some difficulty understanding the documentation at
> > 
> > https://doc.dovecot.org/configuration_manual/mail_crypt_plugin
> > 
> > to reach my goal. I plan to ask questions about those issues by starting new threads in this mailing list. But before I even come to that, I'd like to investigate the following:
> > 
> > The above documentation only addresses a clean install and doesn't seem to mention encrypting already existent unencrypted mails, like my server has. Is it possible to encrypt those before I start using the mail-crypt plugin, such that it will be able to decrypt those messages as well?
> > 
> > If it is, I am assuming that how I would go about achieving that will be very dependent on the ultimate configuration I have in mind (pub/priv keys, etc.). So I don't expect a full-fledged guide. However, if you could perhaps give a general overview of what would be needed to achieve this, I would very much appreciate that.
> > 
> > Thank you.
> 
> 
> It will be easiest to do migration to new server, then the data will get encrypted while migrating. It is possible to write a script to do this, but will be much more hassle than migration.
> 
> You might even be able to do it for one user at a time, by doing migration from maildir to maildir and then moving the new maildir over the old one.
> 
> Aki

Thanks for the suggestion. However, migrating sounds like quite the hassle as well.

Now, I have next to no knowledge about the synchronization workings of IMAP, so perhaps this is totally infeasible, but could the following work?

- Preface
I am the only user of the mail server, with one virtual catch-all account for each domain I own. I access these accounts with Thunderbird.

- Solution
I make a backup of all mail in my Thunderbird accounts. Then I either delete all mails from within Thunderbird, or on the server. Then I configure the mail-crypt plugin. And then I import all backup mails and folders into my Thunderbird accounts again?

Could that work? Or would that mess up the synchronization history (message IDs and what not)? And most importantly, if it actually could work, would the messages be properly encrypted then?