[Dovecot] Encryption solution for messages at rest

Reindl Harald h.reindl at thelounge.net
Mon Oct 28 21:23:20 EET 2013



Am 28.10.2013 20:14, schrieb Douglas Mortensen:
> So.... given that type of scenario, if filesystem permissions weren't correct, or some new exploit surfaced that allowed someone bypass or elevate to root, then they could theoretically have access to the entire fileystem including where emails are stored.
> I hope to never have this sort of thing happen. We patch our systems regularly and have other security measures we follow to prevent this. We also are managing most of the PHP scripts customers use ourselves now and are updating those for the CMS' and other systems proactively.

how would enryption help here?

> However, it would be nice to know that even if we were breached, the emails on the server were encrypted and would be completely useless to an attacker.
> This type of encryption is ideal and some regulations prefer (although don't require) it

impossible and useless
if someone comes that far he can also read whatever configuration containing the keys

encryption is nice in case of disks got stolen but not for
protection against intrusion on the running machine

> -----Original Message-----
> From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Michael Orlitzky
> Sent: Monday, October 28, 2013 11:52 AM
> To: dovecot
> Subject: Re: [Dovecot] Encryption solution for messages at rest
> 
> On 10/28/2013 12:02 PM, Douglas Mortensen wrote:
>> Hi,
>>
>> We have clients with various security & compliance requirements.
>> Although not required, it would be ideal to have messages encrypted at 
>> rest.
> 
> You can rule out a lot of the crazier options by answering the questions,
> 
> (a) What attack scenario do you have in mind?
> 
> (b) How will encryption help?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20131028/e3554349/attachment.bin>


More information about the dovecot mailing list