[Dovecot] Dovecot as a smart IMAP proxy

Timo Sirainen tss at iki.fi
Thu Feb 23 18:38:08 EET 2006


On Thu, 2006-02-23 at 17:33 +0100, Marcus Rueckert wrote:
> > Anyway, the reason I'm asking this is because I was asked to add mail
> > encryption/decryption capabilities to Dovecot's IMAP proxy, but I'm not
> > sure what would be the best way to handle this. In any case it would be
> > a plugin or a new binary which is executed instead of imap binary, but
> > can I do it in a way that would actually be useful for Dovecot project
> > in general?
> 
> hmm i have heard about signing proxies at the MTA layer where the mta
> signs every mail of a user with a special signing only mail. i dont see
> how dovecot should be able to decrypt mails unless the passphrase of the
> private key and the password are the same. but that would mean storing
> the password during the session in memory. hmm i dont like that idea
> much. do you have more details on the general design they have in mind?

Dovecot wouldn't here do any of the encryption/decryption. Instead it
would just talk to some external process which does it, knows the keys,
etc. So there would probably be plugins for the Dovecot proxy which
actually hook into the mail input/output handlers, or maybe the proxy
itself would be able to execute binaries or talk to some UNIX socket.




More information about the dovecot mailing list