[Dovecot] E-Mail Encryption

Justin Krejci jkrejci at usinternet.com
Thu Jul 16 17:36:30 EEST 2009


Some companies and governments in the United States at least have very
strict policy requirements regarding various aspects of security and
encryption. Transit encryption (ssl/tls from MTA to MTA) and local
encryption of messages sometimes is a requirement if you want to be able to
bid on government contracts.


https://www.bidsync.com/DPX?ac=view&auc=158380
This example is not for hosting mail but for an anti-spam/anti-virus service
(they refer to it as email hygiene) that required message encryption on the
transit MTA servers disk as well as tls/ssl for MTA to MTA encryption. 

So this example does not apply directly to Dovecot but it does show there
are needs for this level of encryption in general for various customers.


-----Original Message-----
From: dovecot-bounces+jkrejci=usinternet.com at dovecot.org
[mailto:dovecot-bounces+jkrejci=usinternet.com at dovecot.org] On Behalf Of Tom
Hendrikx
Sent: Thursday, July 16, 2009 2:47 AM
To: Thomas
Cc: dovecot at dovecot.org
Subject: Re: [Dovecot] E-Mail Encryption

Thomas schreef:
> Arkadiusz Miskiewicz wrote:
>> On Wednesday 15 of July 2009, Patrick Domack wrote:
>>> The only benefit this would being, is email being saved on the server
>>> would be encrypted. Otherwise it offers no protection.
>>>
>>> I guess if you paranoid that the system admin might read your emails,
>>> but then, he can just as easily read them as they come in or out of
>>> the system.
>>
>> Actually such encryption is interesting as a protection in case when
>> someone steals server hardware/disks.
> 
> It could be a feature. Why not.
> But I'd say that's might be a better idea to encrypt the filesystem.
> But... why not if you have time to code it :)
> 
> Cheers,
> Thomas

When you have to worry about unauthorized persons having physical access
to your hardware, you're solving the wrong problem. Encryption would add
only false security because the person could also pop some sniffer
device onto your NIC connection that reads wire traffic...

The "de/encryption in deliver" concept is interesting, but imho not much
use in real life. hard disk encryptoin would be much easier though (i.e.
off-the-shelve). But I think these tin foil hat ideas get a little
off-topic:)

--
Tom




More information about the dovecot mailing list