mail_crypt plugin, few questions
Zbyszek Żółkiewski
zbyszek at onefellow.com
Sat Nov 4 20:52:17 EET 2017
Hi,
I have few questions regarding mail_crypt:
1) Is mail_crypt_global_private_key file read upon dovecot start/restart only or it is/can be read in any other time? I have made few tests by starting dovecot and removing master key for decryption - therefore it is not available on the platform - it only reside in memory, removing one of attack vectors
2) Is there planned any “rollout” for key rotation in the feature ?
3) is there any better way to encrypt mails that were sent before enabling mail_crypt ? I have made some simple script to automate and in-place encryption: https://gist.github.com/kolargol/d551d132949068ce6efce7bc85a317cb but maybe there is better way? If someone want to use it, please read code before as it require updating magic(5) local database
thanks!
_
Zbyszek Żółkiewski
More information about the dovecot
mailing list