Mail-crypt plugin clarification
Joseph Tam
jtam.home at gmail.com
Thu Dec 14 01:07:07 EET 2017
rje writes:
> I'm looking into ways to encrypt the stored email on my server. The idea is
> to make it impossible for my hosting provider (who has access to my VPS) to
> read the mail from the disk.
Just to be clear, if at any point your VPS has access to the plaintext
mail (or keys that decrypt mail), then the VPS provider could access
your decrypted mail.
To make it unfeasible for your VPS to read your mail, it has to arrive
at your VPS pre-encrypted. I can envision a system where you import
encrypted mail into your mail store, then use client IMAP access to
be decrypted locally by your mail reader. However, metadata is still
accessible by your VPS provider.
If your VPS is the MTA that directly handles SMTP from your correspondees
sending you unencrypted messages, you can't lock out a sufficiently
skilled platform admin.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list