Author: Cyborg Date: To: exim-users Subject: Re: [exim] Storing messages in Maildir format with symmetric
encryption
Am 24.11.22 um 09:23 schrieb Andrew C Aitchison via Exim-users: >
>> Perhaps use some sort of GPG wrapper as a transport_filter,
>> and do decryption client-side?
>
> Ah.
> If we use OpenPGP format then the recipient can use any
> PGP-aware client to read the message.
>
Tried it.. It's complex and it ended with all sorts of charset issues
within the pgp mails.
But, yes, it's the only imaginable way to make it secure for all
local/remote attack scenarios,
after it got encrypted.
Everything else, like the dovecot mailcrypt plugin, has loopholes:
- no protection of physical theft, except password for keys is used and
database for password was not stolen too.
- no protection against rogue admins
- no protection against system breaches
- no protection against stolen/bruteforced credentials --> imap login
- only working scenario:
Attacker with none-root privileges on system side, with read access
to mailbox files.
Access should be only valid for exim and dovecot itself anyway, so
encryption is obsolete, if access rights are restricted correctly.
Of course, these are only my opinions on the topic.
