Questions around mailcrypt and LDAP
Aki Tuomi
aki.tuomi at open-xchange.com
Tue Nov 15 08:57:17 UTC 2022
Hi!
You can do it pretty much the same way. Put the key into LDAP, and assign to correct mail crypt parameters userdb.
Aki
> On 15/11/2022 09:47 EET Andre Rodier <andre at rodier.me> wrote:
>
>
> Dear dovecot developers.
>
> When using mailcrypt plugin, how can store the encryption key in LDAP,
> please ?
>
> There is an example with SQL in the doc, but no LDAP.
>
> Thanks,
> André
>
> On Thu, 2022-11-10 at 19:39 +0000, Andre Rodier wrote:
> > Hello, all.
> >
> > I read carefully the messages about mailcrypt on the mailing list,
> > especially this response from Aki:
> >
> > > It's best suited for securing external storage such as NFS or
> > > object storage.
> > > There are possibilities to encrypt the key using user's password,
> > > but this
> > > takes careful planning. The keys can also come from userdb , e.g.
> > > LDAP.
> >
> > I am able to extend the LDAP schema of my OpenLDAP server to store a
> > key
> > into LDAP attribute for each user.
> >
> > In this case, would it be enough for Dovecot to encrypt the messages
> > when they arrive ?
> >
> > Maybe I misunderstand the documentation. Even when using user keys
> > protected by a password, the Dovecot LMTP process should be able to
> > encrypt the emails with user’s public key, without a password, no ?
> >
> > Ideally, I would like to store user's emails encrypted, so each users
> > cannot access other user's emails. I don't need folder sharing.
> >
> > Thanks for your advice.
> >
> > Kind regards,
> > André Rodier
> >
More information about the dovecot
mailing list