Mail-crypt plugin clarification
Aki Tuomi
aki.tuomi at dovecot.fi
Thu Dec 14 10:06:17 EET 2017
On 14.12.2017 01:07, Joseph Tam wrote:
> rje writes:
>
>> I'm looking into ways to encrypt the stored email on my server. The
>> idea is
>> to make it impossible for my hosting provider (who has access to my
>> VPS) to
>> read the mail from the disk.
>
> Just to be clear, if at any point your VPS has access to the plaintext
> mail (or keys that decrypt mail), then the VPS provider could access
> your decrypted mail.
>
> To make it unfeasible for your VPS to read your mail, it has to arrive
> at your VPS pre-encrypted. I can envision a system where you import
> encrypted mail into your mail store, then use client IMAP access to
> be decrypted locally by your mail reader. However, metadata is still
> accessible by your VPS provider.
>
> If your VPS is the MTA that directly handles SMTP from your correspondees
> sending you unencrypted messages, you can't lock out a sufficiently
> skilled platform admin.
>
> Joseph Tam <jtam.home at gmail.com>
Hi!
Dovecot does support making it difficult to prevent access to the stored
mail. You can, with suitable workflows, ensure that the user's emails
are not readable by anyone but the user. This can be done by encrypting
the user's private key using user's password (or it's derivate, such as
sha256 sum of it).
Of course the only way to be fully sure is to use end-to-end encryption,
like PGP or S/MIME, but this does go a long way to prevent admin access
to user's email.
Downside of course is that if the user ever forgets his password, then
those emails are lost as well. We have plans to add DR support for this,
but it's still WIP.
Aki
More information about the dovecot
mailing list