[Dovecot] E-Mail Encryption

Timo Sirainen tss at iki.fi
Wed Jul 15 22:50:06 EEST 2009


On Wed, 2009-07-15 at 21:42 +0200, Christian Felsing wrote:
> So I have to inspect zlib plugin (and Dovecot) code ;-) If plugin
> "knows" username, it needs a way to get user password in clear text and
> of course his username to find and decrypt users private key. 

Username is known. There are several ways to get it, but with v1.2
easiest is just getenv("USER"). To get the password you'll need to
configure your passdb and userdb specially, but it's possible (as long
as user logged in using plaintext authentication).

> These
> items have to be saved in a secure way, while user is logged in.

They'll be in environment variables.

> Obviously there are several differences to zlib plugin. If plugin API
> supports these extra requirements, it should be possible to write such a
> plugin which will stay compatible to future Dovecot versions.

Plugins can do pretty much anything.

> Encryption should be done in deliver tool, so there is no requirement to
> touch MTA (e.g. Postfix) code. Deliver tool must know dest. mail adress,

Destination mail address would be the same as the username, still in
getenv("USER").

> so it can ask LDAP for the right public key. Does deliver also support
> plugins ?

Yes. You'll need to hook into mail-storage API's mailbox_save_*() and
mail_get_stream() functions. zlib plugin shows how to hook into
mail_get_stream(). For saving .. I just described it recently on this
list: http://www.dovecot.org/list/dovecot/2009-June/040181.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090715/31d61c3e/attachment.bin 


More information about the dovecot mailing list