[Dovecot] Encryption solution for messages at rest
Robert Schetterer
rs at sys4.de
Mon Oct 28 19:19:51 EET 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 28.10.2013 17:02, schrieb Douglas Mortensen:
> Hi,
>
> We have clients with various security & compliance requirements.
> Although not required, it would be ideal to have messages encrypted
> at rest. We already use SSL/TLS to secure the transmission of most
> email. However, it would be nice to have them encrypted sitting on
> our server. Is anyone doing this? I think that ideally, rather than
> full-disk encryption, we should use an encryption that encrypts the
> actual email messages as they sit on our file system. This way even
> if we ever had our server breached by an attacker, they wouldn't be
> able to do anything with the messages. However, this would also
> mean that if the attacker can't decrypt the files, than dovecot and
> postfix still would need to. This means that the encryption key
> would need to be available to the dovecot deamon. We'd either need
> to have it in a file that is restricted to access only by dovecot
> (less secure), or use an encryption passphrase for the certificate
> which would have to be typed in manually each time that dovecot
> starts or restarts (more secure, but also more work and possibility
> of disruption because the server can't restart gracefully without a
> human being having to be present [although I don't think we have
> issues with unexpected restarts anyway]).
>
> Is anyone doing anything like this with dovecot?
perhaps
look at
https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve
>
> Thanks!! - Doug Mortensen Network Consultant Impala Networks Inc
> CCNA, MCSA, Security+, A+ Linux+, Network+, Server+ A.A.S.
> Information Technology . www.impalanetworks.com P: (505) 327-7300
> F: (505) 327-7545
>
Best Regards
MfG Robert Schetterer
- --
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSbpyxAAoJEP8jBObu0LlEFmUH/0i8vKvqvIC9d3AX/QHpd7G6
+ybdiRsndYnyrOMVoRf/P0L9S2QL/FY/stQ3s4xmIZbZAlh2qQI6PhcZRPDJD1pA
59bJppKwZmm37+uj+gEYgNWdG08Adtr9xsreKvYr97Un/9W/psXYxstswITLXC9Q
8/7n4S/GBUkG36924EvtSr+nrl5HrMKgY9H5XBVz/KAauK6NYy9A3UyiaNaGVgnJ
Sd58ZgMKuk84pkSFov+uj5VNz84btyfH3JQowZwN3tN8hxrmqDdkEpO38LB87PMX
/sJprTisgS5WetB9GOXcSY2rbpE7I5uL3VycA/46nB1PQHe2zRY9ZQEdTNHOiTQ=
=NEp8
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list