Questions around mailcrypt and LDAP
Andre Rodier
andre at rodier.me
Tue Nov 15 07:47:19 UTC 2022
Dear dovecot developers.
When using mailcrypt plugin, how can store the encryption key in LDAP,
please ?
There is an example with SQL in the doc, but no LDAP.
Thanks,
André
On Thu, 2022-11-10 at 19:39 +0000, Andre Rodier wrote:
> Hello, all.
>
> I read carefully the messages about mailcrypt on the mailing list,
> especially this response from Aki:
>
> > It's best suited for securing external storage such as NFS or
> > object storage.
> > There are possibilities to encrypt the key using user's password,
> > but this
> > takes careful planning. The keys can also come from userdb , e.g.
> > LDAP.
>
> I am able to extend the LDAP schema of my OpenLDAP server to store a
> key
> into LDAP attribute for each user.
>
> In this case, would it be enough for Dovecot to encrypt the messages
> when they arrive ?
>
> Maybe I misunderstand the documentation. Even when using user keys
> protected by a password, the Dovecot LMTP process should be able to
> encrypt the emails with user’s public key, without a password, no ?
>
> Ideally, I would like to store user's emails encrypted, so each users
> cannot access other user's emails. I don't need folder sharing.
>
> Thanks for your advice.
>
> Kind regards,
> André Rodier
>
More information about the dovecot
mailing list