[Dovecot] Encryption solution for messages at rest
Hi,
We have clients with various security & compliance requirements. Although not required, it would be ideal to have messages encrypted at rest. We already use SSL/TLS to secure the transmission of most email. However, it would be nice to have them encrypted sitting on our server. Is anyone doing this? I think that ideally, rather than full-disk encryption, we should use an encryption that encrypts the actual email messages as they sit on our file system. This way even if we ever had our server breached by an attacker, they wouldn't be able to do anything with the messages. However, this would also mean that if the attacker can't decrypt the files, than dovecot and postfix still would need to. This means that the encryption key would need to be available to the dovecot deamon. We'd either need to have it in a file that is restricted to access only by dovecot (less secure), or use an encryption passphrase for the certificate which would have to be typed in manually each time that dovecot starts or restarts (more secure, but also more work and possibility of disruption because the server can't restart gracefully without a human being having to be present [although I don't think we have issues with unexpected restarts anyway]).
Is anyone doing anything like this with dovecot?
Thanks!!
Doug Mortensen Network Consultant Impala Networks Inc CCNA, MCSA, Security+, A+ Linux+, Network+, Server+ A.A.S. Information Technology . www.impalanetworks.com P: (505) 327-7300 F: (505) 327-7545
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 28.10.2013 17:02, schrieb Douglas Mortensen:
Hi,
We have clients with various security & compliance requirements. Although not required, it would be ideal to have messages encrypted at rest. We already use SSL/TLS to secure the transmission of most email. However, it would be nice to have them encrypted sitting on our server. Is anyone doing this? I think that ideally, rather than full-disk encryption, we should use an encryption that encrypts the actual email messages as they sit on our file system. This way even if we ever had our server breached by an attacker, they wouldn't be able to do anything with the messages. However, this would also mean that if the attacker can't decrypt the files, than dovecot and postfix still would need to. This means that the encryption key would need to be available to the dovecot deamon. We'd either need to have it in a file that is restricted to access only by dovecot (less secure), or use an encryption passphrase for the certificate which would have to be typed in manually each time that dovecot starts or restarts (more secure, but also more work and possibility of disruption because the server can't restart gracefully without a human being having to be present [although I don't think we have issues with unexpected restarts anyway]).
Is anyone doing anything like this with dovecot?
perhaps look at
https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve
Thanks!! - Doug Mortensen Network Consultant Impala Networks Inc CCNA, MCSA, Security+, A+ Linux+, Network+, Server+ A.A.S. Information Technology . www.impalanetworks.com P: (505) 327-7300 F: (505) 327-7545
Best Regards MfG Robert Schetterer
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSbpyxAAoJEP8jBObu0LlEFmUH/0i8vKvqvIC9d3AX/QHpd7G6 +ybdiRsndYnyrOMVoRf/P0L9S2QL/FY/stQ3s4xmIZbZAlh2qQI6PhcZRPDJD1pA 59bJppKwZmm37+uj+gEYgNWdG08Adtr9xsreKvYr97Un/9W/psXYxstswITLXC9Q 8/7n4S/GBUkG36924EvtSr+nrl5HrMKgY9H5XBVz/KAauK6NYy9A3UyiaNaGVgnJ Sd58ZgMKuk84pkSFov+uj5VNz84btyfH3JQowZwN3tN8hxrmqDdkEpO38LB87PMX /sJprTisgS5WetB9GOXcSY2rbpE7I5uL3VycA/46nB1PQHe2zRY9ZQEdTNHOiTQ= =NEp8 -----END PGP SIGNATURE-----
On 29/10/2013 03:19, Robert Schetterer wrote:
https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve
I got worried, laughed, and stopped reading at:
"not only do you not have to edit any Postfix configuration (which by itself is an exercise in patience),"
As you know, postfix can be done in your sleep, if he thinks he needs patience to do postfix, I should introduce him to sendmail configuration (which I also think is easy - but having used it for 15 years before moving to postix, I guess it would want to be easy LOL) :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 29.10.2013 02:17, schrieb Noel Butler:
On 29/10/2013 03:19, Robert Schetterer wrote:
https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve
I got worried, laughed, and stopped reading at:
"not only do you not have to edit any Postfix configuration (which by itself is an exercise in patience),"
As you know, postfix can be done in your sleep, if he thinks he needs patience to do postfix, I should introduce him to sendmail configuration (which I also think is easy - but having used it for 15 years before moving to postix, I guess it would want to be easy LOL) :)
Hi Noel, its not my blog, and the main thing i looked at, is how to connect dove external sieve plugin with gpg, youre right postfix has well done docs and mail list, so i simply rare care about postfix statements written elsewhere.
Best Regards MfG Robert Schetterer
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSb2usAAoJEP8jBObu0LlEFjcIAMtuDU5+0lBdZ+2OUm9NLOIo 8nG/fk7zGzkdR5ULix7/iLeyegZ0ngt5o5FOKJzSKGfZvzdc5yrFHhTEX7ejzhTn 2vnckCJQfTV8mCO1Y0d5PKxKxCUPKOjcRHRdhcRdbT5sVsyxvPaBeKkiaxm8gDr6 +VaWjyTXPghMyOTppKNj8N9v1q8Dcm94Apt987I4pskbTDxLZJWwGbzOxc5m4Ejn wUCLW6ykav/zZL04T8/qDuXQ5YdEICiGAylZaPqjgz4J9uevr/xsKNCWEFgQ+2W3 hmQDJhivi+QZd5YnkhUU7Hy84U1eIOmAFgaFrZk4ZtrK89Q51JqYlfLw9jYpZ3E= =dAXz -----END PGP SIGNATURE-----
On 10/28/2013 12:02 PM, Douglas Mortensen wrote:
Hi,
We have clients with various security & compliance requirements. Although not required, it would be ideal to have messages encrypted at rest.
You can rule out a lot of the crazier options by answering the questions,
(a) What attack scenario do you have in mind?
(b) How will encryption help?
On 28.10.2013, at 18.02, Douglas Mortensen <doug@impalanetworks.com> wrote:
We have clients with various security & compliance requirements. Although not required, it would be ideal to have messages encrypted at rest. We already use SSL/TLS to secure the transmission of most email. However, it would be nice to have them encrypted sitting on our server. Is anyone doing this? I think that ideally, rather than full-disk encryption, we should use an encryption that encrypts the actual email messages as they sit on our file system. This way even if we ever had our server breached by an attacker, they wouldn't be able to do anything with the messages. However, this would also mean that if the attacker can't decrypt the files, than dovecot and postfix still would need to. This means that the encryption key would need to be available to the dovecot deamon. We'd either need to have it in a file that is restricted to access only by dovecot (less secure), or use an encryption passphrase for the certificate which would have to be typed in manually each time that dovecot starts or restarts (more secure, but also more work and possibility of disruption because the server can't restart gracefully without a human being having to be present [although I don't think we have issues with unexpected restarts anyway]).
Is anyone doing anything like this with dovecot?
http://dovecot.org/patches/2.2/mail-filter.tar.gz could be used as the base for this.
On 10/28/2013 9:02 AM, Douglas Mortensen wrote:
Hi,
We have clients with various security & compliance requirements. Although not required, it would be ideal to have messages encrypted at rest. We already use SSL/TLS to secure the transmission of most email. However, it would be nice to have them encrypted sitting on our server. Is anyone doing this? I think that ideally, rather than full-disk encryption, we should use an encryption that encrypts the actual email messages as they sit on our file system. This way even if we ever had our server breached by an attacker, they wouldn't be able to do anything with the messages. However, this would also mean that if the attacker can't decrypt the files, than dovecot and postfix still would need to. This means that the encryption key would need to be available to the dovecot deamon. We'd either need to have it in a file that is restricted to access only by dovecot (less secure), or use an encryption passphrase for the certificate which would have to be typed in manually each time that dovecot starts or restarts (more secure, but also more work and possibility of disruption because the server can't restart gracefully without a human being having to be present [although I don't think we have issues with unexpected restarts anyway]).
Is anyone doing anything like this with dovecot?
Thanks!!
Doug Mortensen Network Consultant Impala Networks Inc CCNA, MCSA, Security+, A+ Linux+, Network+, Server+ A.A.S. Information Technology . www.impalanetworks.com P: (505) 327-7300 F: (505) 327-7545
I use OpenVZ which is a near 0 overhead virtualization for Linux only. So I create a separate virtual machine for web services and email services. So someone hacking the web will never get at the email because it's not there. It also allows me to back them up separately and move/restore them separately on different computers.
participants (6)
-
Douglas Mortensen
-
Marc Perkel
-
Michael Orlitzky
-
Noel Butler
-
Robert Schetterer
-
Timo Sirainen