Dengler, Gabriel <gabriel.dengler@???> (Do 24 Nov 2022 00:19:42 CET):
> > somewhere for later use as encryption/decryption key?
> yeah, that's my main idea. For clearness, a "normal" communication profile
> would look like this:
> * An external sender sends an e-mail to our local Exim Server.
> * The Exim Server saves the message, e.g. via Maildir, encrypted with the
> password of the receiver.
Ok, but how does Exim know the password of the receiver? You've access
to the password hashes only, I suppose.
> * When the receiver wants to access the message, e.g., via IMAP, he/she
> encrypts the saved message again via its private password.
Wouldn't it be better to use asymmetric encryption, then Exim doesn't
need to know a shared secret, but only a public key. The mailbox user
then can decrypt the message using a private key.
Having a shared secret that's known to Exim (except during the
verification of a PLAIN or LOGIN auth), creates an unnecessary attack
surface.
> I think I have to sleep about this concept one more night, but besides:
> would the general setup be possible with transport_filter if the passwords
> are not hashed (although this is obviously a security issue)?
BTW, I *think* I read that Dovecot supports encrypted mailboxes. And in
the ideal world Exim doesn't know anything about how to store messages,
but simply passes the messages to a MDA (mail delivery agent), e.g.
directly via a local pipe (dovecot-deliver, cyrdeliver, …), or via a protocol like LMTP
(which is supported by Dovecot and Cyrus too).
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
