On Thu, 2006-02-23 at 17:33 +0100, Marcus Rueckert wrote:
Anyway, the reason I'm asking this is because I was asked to add mail encryption/decryption capabilities to Dovecot's IMAP proxy, but I'm not sure what would be the best way to handle this. In any case it would be a plugin or a new binary which is executed instead of imap binary, but can I do it in a way that would actually be useful for Dovecot project in general?
hmm i have heard about signing proxies at the MTA layer where the mta signs every mail of a user with a special signing only mail. i dont see how dovecot should be able to decrypt mails unless the passphrase of the private key and the password are the same. but that would mean storing the password during the session in memory. hmm i dont like that idea much. do you have more details on the general design they have in mind?
Dovecot wouldn't here do any of the encryption/decryption. Instead it would just talk to some external process which does it, knows the keys, etc. So there would probably be plugins for the Dovecot proxy which actually hook into the mail input/output handlers, or maybe the proxy itself would be able to execute binaries or talk to some UNIX socket.