Another mail_crypt question: figure out to password secure using mysql

dovecot at dovecot at
Fri May 26 17:13:31 EEST 2017

Hello Community,

(sorry to be more busy, hence more running questions in parallel :) )

As mentioned in another post, I am testing mail_crypt plugin.

I was wondering how to really secure the process sothat even the admin 
cannot have any access to the other users mail content.

My current config is simple:

- using per-folder keys (hence the per-user spaces are preserved)

- put the public/private global keys in base64 format into the sql DB 
(elliptic algo)

This obviously allows anyone with read access to the table to decrypt 
the mails from the filesystem... which I try to prevent.

Considering of course that all mail users are virtual and do not (and 
may not) have access to the box itself:

- how can I secure the keys? I do not see how to handle a assword for them?

- a solution might be to crypt/decrypt the keys using the user's password?

- other?

Thank you for you help.

More information about the dovecot mailing list