On Fri, 20 Jun 2008, Johannes Berg wrote:
I don't think it does be default. The only what I know is to establish a compressed SSH tunnel to your server and then access the server over the tunnel. It will compress and give you an extra layer of encryption.
Umm, no. It will not compress. Think about it, encrypted data is fundamentally not compressible, that's the whole point.
x = length(compress(encrypt(data))) y = length(encrypt(compress(data))) z = length(encrypt(data))
Then, usually, x > y and z > y, but x is approximately the same as z. (That's speaking very generally; there may be optimizations in some case or another given your data.)
That is: encrypted data is less compressible than the original data, but if you compress first, then encrypt, it should be a win.
If I recall correctly, a "compressed SSH tunnel" would do 'y' (compress then encrypt). i.e., dovecot would see a non-SSL connection which gets compressed-then-encrypted, or decrypted-then-uncompressed by the endpoints of the tunnel.
Best, Ben