On Wed, 2009-07-15 at 21:42 +0200, Christian Felsing wrote:
So I have to inspect zlib plugin (and Dovecot) code ;-) If plugin "knows" username, it needs a way to get user password in clear text and of course his username to find and decrypt users private key.
Username is known. There are several ways to get it, but with v1.2 easiest is just getenv("USER"). To get the password you'll need to configure your passdb and userdb specially, but it's possible (as long as user logged in using plaintext authentication).
These items have to be saved in a secure way, while user is logged in.
They'll be in environment variables.
Obviously there are several differences to zlib plugin. If plugin API supports these extra requirements, it should be possible to write such a plugin which will stay compatible to future Dovecot versions.
Plugins can do pretty much anything.
Encryption should be done in deliver tool, so there is no requirement to touch MTA (e.g. Postfix) code. Deliver tool must know dest. mail adress,
Destination mail address would be the same as the username, still in getenv("USER").
so it can ask LDAP for the right public key. Does deliver also support plugins ?
Yes. You'll need to hook into mail-storage API's mailbox_save_*() and mail_get_stream() functions. zlib plugin shows how to hook into mail_get_stream(). For saving .. I just described it recently on this list: http://www.dovecot.org/list/dovecot/2009-June/040181.html