Aki Tuomi writes:
Dovecot does support making it difficult to prevent access to the stored mail.
Those who have had problems understanding the documentation might find this unintended double-negative ironically funny.
You can, with suitable workflows, ensure that the user's emails are not readable by anyone but the user. Of course the only way to be fully sure is to use end-to-end encryption, ...
"Ensure" (or OP: "impossible") are very high standards of privacy. If the OP really means it, then since a third party has control over the (virtual or real) hardware, the server should never have access to private keys or decrypted data. (We're in agreement I think.)
If the OP lowers their standards to "inconvenient" to gain access, then the plugin is enough. It will keep the honest admin honest.
... like PGP or S/MIME, but this does go a long way to prevent admin access to user's email.
Don't ignore metadata; who/when/where (and headers?) could reveal much information.
Joseph Tam <jtam.home@gmail.com>