Hi,

I am just finishing my first personal email server build so I would really appreciate it if the response to my question can be spelled out in enough detail since I am struggling to fill in the gaps to get this working. I have scoured Google and the archives but I am not fully understanding the implementation for my setup.

I am looking for a solution to encrypt email using a mechanism that increases the difficulty of decrypting my email. For example, having a plain-text decryption key on disk would not be suitable. From what I understand mail-crypt supports using the user password supplied via IMAP to decrypt email. Can someone explain how this technically works? i.e. is the private key encrypted in disk and then unlocked using the supplied password?

Can someone also please step me through

1. how I would ammen the configuration below in order to set this up.
2. the command required to generate keys
3. Any help in understanding the limitations such as password changes or caveats around generating keys securely

I am happy to take my notes and update the wiki to help others.

Thanks, Adam

# 2.3.8 (9df20d2db): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.8 (b7b03ba2) # OS: Linux 4.18.0-240.1.1.el8_3.x86_64 x86_64 Red Hat Enterprise Linux release 8.3 (Ootpa) # Hostname: mailserver.example.com debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log lda_mailbox_autocreate = yes log_path = /var/log/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " mail_home = /var/mail/%d/%n/ mail_location = maildir:~/mail/ mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Archive { auto = create special_use = \Archive } mailbox Drafts { auto = create special_use = \Drafts } mailbox Junk { auto = create special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = create special_use = \Trash } prefix = } passdb { args = scheme=CRYPT username_format=%n@%d /etc/dovecot/passdb driver = passwd-file } plugin { recipient_delimiter = - sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /etc/sieve/global/ } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } } service imap-login { inet_listener imap { address = * port = 143 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl_cert =