[Dovecot] Disk Encryption

Robert Schetterer rs at sys4.de
Mon Mar 25 13:30:36 EET 2013

Am 25.03.2013 11:03, schrieb Simon Brereton:
> Hi
> As I understand it email headers need to be unencrypted (otherwise
> DKIM doesn't work).  From the MUA to either Postfix, or Dovecot the
> connection is (or can/should be) secured with TLS/SSL.
> What I would like to know is if it is possible to encrypt the
> mailstore?  Postfix is using Dovecot for delivery so it's only Dovecot
> that would need to encrypt/decrypt the mailstore.
> Is this possible?  Is there a terrible reason to do it even if it is possible?
> I realise that from MTA to MTA there's no guarantee of encryption (and
> in fact it's very unlikely unless keys have been exchanged), but my
> primary goal is supplement the physical security of the mail store of
> mails we already have or have sent.
> Mostly just idle curiosity as to what has been done, or what could be
> done.  What is worth doing is a separate thread entirely.
> Thanks.
> Simon

my meaning

crypted mailstore makes sense in a mail archive, in germany
you have to have a mail archive for some kind of company emails
all these solutions have some crypted mailstore , and some
more features for data security, but thats a big theme, to big for here

crypt storage isnt "the saveness" per default, someone hacking the system
and get root may hack your crypt storage too etc, also to big theme for here

in working mailservers end to end encryption is/should be state of the art
with smime/gpg etc

Best Regards
MfG Robert Schetterer

[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

More information about the dovecot mailing list