[Dovecot] E-Mail Encryption

Tapani Tarvainen dovecotlist at tapanitarvainen.fi
Sun Jul 19 18:03:28 EEST 2009

On Sun, Jul 19, 2009 at 03:48:25PM +0100, Frank Leonhardt (t200907 at fjl.co.uk) wrote:

> Encrypting the whole disk is good if the server gets pinched. My servers are
> behind several layers of hi-tech locks with permanent security guards on the
> door. I'm not too worried about them.

How much good do your locks do when police comes and wants to
confiscate your servers because they suspect one of your users
has done something criminal? Do you trust they take as good care
of the machines as you do?

> What experience has shown me is that there's a good chance that a running
> server will compromised eventually.

Agreed on that.

> I'm not in favour of whole disk encryption for data recovery and forensic
> reasons.

Some people favour it for the very same reasons...

> Another advantage of doing your own encryption is the possibility of only
> encrypting the message bodies. Having the message headers in clear text has
> obvious advantages. I'm sure we're all used to skipping through mail files
> to find out what's gone wrong - you never want to read the message anyway.

Agreed again.

> Protection against a rogue admin by encryption is a red herring. Such a
> person would simply not enable the encryption in the first place.

Here I beg to differ. You are right in the simple situation where
there's just one admin who's a crook to begin with, but often enough
there're several and only one (or few) unreliable ones among them,
and even if they're all good they can be forced by their bosses
or blackmailers or even untrustworthy authorities.
This is not purely theoretical, I can assure you.

> Having said all this, I'm fairly relaxed about not having mail files
> encrypted. I've frequently told everyone to assume that their email is
> insecure, and if they've got a problem with it they need to use PGP or some
> other end-to-end encryption on their mail clients. Not my problem!

I think the far majority of cases are like that, and I'd guess
most dovecot admins wouldn't bother with encryption even if it
were available. But for some it would be a real boon.

Tapani Tarvainen

More information about the dovecot mailing list