[Dovecot] secure email server

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 23 Oct 2013, Robert Schetterer wrote:

> Am 23.10.2013 13:16, schrieb BONNET, Frank:
>> my first question is : does postfix and dovecot are able to use an
>> encrypted filesystem such as Encfs ?
>
> i am not an expert with crypto filesystems, but from my few, depend to
> "mail" this would be a feature "on top" ( additional to i.e vpn, ssl,
> tls, gpg ) , the main problem may be ever, you have to mount the
> mailbox partition read/writable to dovecot, so you might not get what

With PAM you can mount AFS and EncFS user volumes with the user password 
transparently. (Well, I did not used EncFS in production, but in theory). 
So, each Dovecot process would run with special user privilegues to access 
the user's mails.

That however imposes the problem, how mails are delivered into the mail 
storage without some sort of master user, because the MDA does not gain 
the user privilegues without the user's password. Maybe, for that a 
"pending INBOX" had to be created, from where the user slurps the new 
mails on login with the snarf plugin.

> youre hoping to get from the security sight

Yes, I agree.

>> And yes STARTTLS will be used for both SMTP & IMAP access

With Dovecot you can use the "secure" variable, dunno if this works with 
PMA though.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUmftwl3r2wJMiz2NAQIPpQgAt3O3fZ68L2XyAOvTE9vmaiAQfuRIqoIK
6L5kBogZ+l8cESdlX5L/sotsOaMTWd4UisapvtsAurLavOQgB7rOBK7+/RVWX9Mj
n5pPHNBK7T0V8n6p1NI74jpsEkNuWRk4D7UGP0wa1Jypul50rF/icZHjJfeP011p
tQsgfziSZRZSi9cwSFFYUMPAqagljyQyr8nQ5D7DtrUd9rcbvfAkXACIPx8jjAUz
g1sr0vprv44poLSjh7djBgDFSN4hbViynj86i8YMf10RYq8s9eNnEhHrzeVpVdj+
BlwvafT+TMl7NdFPnqYZHj1difp70YH00LM/INZfZWfRxCENjGo/TQ==
=AHnD
-----END PGP SIGNATURE-----