[Dovecot] Pointers for developing a proper encryption plugin?
dovecot at moorooboorai.com
dovecot at moorooboorai.com
Mon Jan 3 20:05:18 EET 2011
Hi all,
One thing that's always itching when I think about mail-servers, is the storage of e-mail messages in (rather) plain-text.
Meaning, any administrator with sufficient privileges would be able to read messages not meant for them.
Of course, PGP alike solutions exist, but that's not for the masses.
In my opinion I would like to have e-mail messages stored encrypted using a (strong) user-supplied password.
That password would ideally be the same as the one the user logs in with.
So for me it's okay to place and enforce that requirement on any of the users.
Having this in place would for sure reassure external auditors/accountants of any kind.
Having Google'd from here to 'yonder and consulting experts on Experts Exhange, I have come up with only this pointer: http://dovecot.markmail.org/search/?q=dovecot+encrypt#query:dovecot%20encrypt+page:1+mid:khhe646k675x3yfd+state:results
It mention the same issue, and also mentions the non-existence of a solution (back in May 2010).
But, beforing diving into developing solutions myself, I have to be absolutely sure that there isn't any solution yet.
And, in consequence of non-existence: what would allow me to fasttrack any development efforts on this? Is there an overview available where I could learn the best approach for plugin development? Tutorials maybe?
Kind regards,
Jeroen Zuijderhoudt.
More information about the dovecot
mailing list