Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default mail encryption in dovecot #144

Open
chrhartung opened this issue May 30, 2019 · 11 comments
Open

Default mail encryption in dovecot #144

chrhartung opened this issue May 30, 2019 · 11 comments
Labels
enhancement

Comments

@chrhartung
Copy link

Would be nice to be able to use mailcrypt plugin (folder keys) of dovecot out of the box: https://wiki.dovecot.org/Plugins/MailCrypt
To have encrypted mails stored in dovecot beside the disk encryption for higher security reasons
@arodier
Copy link
Collaborator

arodier commented Jun 2, 2019

I know about this a little bit, I reckon this is a good idea, especially if your main drive is not encrypted.
If you main drive is encrypted, this is another protection against unauthorised access.
I will consider this, with the time I have.

@sorcer1122
Copy link
Collaborator

I wonder if creating an encrypted volume and moving all dovecot storage there will work

https://lowendbox.com/blog/setting-up-an-encrypted-volume-on-your-ubuvps/

@arodier
Copy link
Collaborator

arodier commented Jun 10, 2019

The other possible option is to use ecryptfs for the whole home partition. Still, this is less safe than using LUKS, and sometimes confuses AppArmor logs. I will put this aside for now.

@arodier
Copy link
Collaborator

arodier commented Jun 10, 2019

Finally, some VPS providers allows you to use a remote ISO image, for instance Vultr. However, as long as you are using a VPS, your data is not safe at all. The LUKS headers are in the memory of the virtual machine, and easily accessible to the host.
I am not planning to support VPS hosting for now, this is why this project is called "homebox".
But I have another solution in mind, that could fit your needs. I will explain more details later, after deep tests.

@sorcer1122
Copy link
Collaborator

Would be interesting to know what is the solution. Unfortunately, self-hosting at home is not great for various reasons, this is why VPS is a good solution.

@arodier
Copy link
Collaborator

arodier commented May 30, 2020

From what I have seen, and my email exchanges with Aki, this is not exactly what I would implement, even for a cloud hosted environment.
The root account is still able to decrypt the emails.
There is, however, another solution, that can be implemented, and is elegant.
This solution applies GPG encryption on received emails, with the GPG public key.
This is nice, because:

  • It does not allow the root user to decrypt the key
  • It is compatible with mail clients supporting GPG
  • It relies on a standardised solution

I created the issue #335 to supersed this one.

@arodier arodier closed this as completed May 30, 2020
@besendorf
Copy link
Collaborator

besendorf commented Oct 26, 2020
edited
Loading

From what I have seen, and my email exchanges with Aki, this is not exactly what I would implement, even for a cloud hosted environment.
The root account is still able to decrypt the emails.
There is, however, another solution, that can be implemented, and is elegant.
This solution applies GPG encryption on received emails, with the GPG public key.
This is nice, because:

* It does not allow the root user to decrypt the key

* It is compatible with mail clients supporting GPG

* It relies on a standardised solution

I created the issue #335 to supersed this one.

This is not entirely correct. MailCrypt supports two modes. Global keys and folder keys. See here What you described is the global keys option. This of course is not necessary if you use LUKS encryption and the admin of the mail server can still read the mails.
However the folder keys mode creats one key per user and prevents the admin from reading user email. This is a huge privacy gain.

I would really like to use homebox with this plugin. Please consider supporting it. Also do you think it would be suitable to enable this plugin after installing homebox or do you think it would break with updates for example?

thank you very much for your work

@arodier
Copy link
Collaborator

arodier commented Oct 27, 2020

Thanks, I read carefully the link, and I will implement this in the next version.

@besendorf
Copy link
Collaborator

Thank you very much. Could you reopen this issue? Using gpg and MailCrypt at the same time should also be possible. Of course gpg is more secure as for example you cant log the gpg private key but the IMAP password used for mailcrypt. But there are still scenarios where MailCrypt helps to protect data. For example when an attacker briefly gains access to the server and copys the mailboxes or to prevent state surveilance, when email providers are asked to copy the mailbox of a user.
Also MailCrypt encrypt all folders in the mailbox including the Sent folder. Most GPG solutions only encrypt incoming mail.

Heres a thesis discussing gpg mail encryption and different mailbox encryption solutions and also their impact on performance. Unfortunatly its in German.
https://gitlab.com/bifi/mailboxencryption_thesis/-/blob/master/thesis.pdf

@arodier
Copy link
Collaborator

arodier commented Oct 28, 2020

Thanks, I am reopening the issue.

@arodier arodier reopened this Oct 28, 2020
@arodier
Copy link
Collaborator

arodier commented Mar 12, 2021

Working on it...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@arodier @chrhartung @sorcer1122 @besendorf