Dengler, Gabriel <gabriel.deng...@fau.de> (Do 24 Nov 2022 00:19:42 CET): > > somewhere for later use as encryption/decryption key? > yeah, that's my main idea. For clearness, a "normal" communication profile > would look like this: > * An external sender sends an e-mail to our local Exim Server. > * The Exim Server saves the message, e.g. via Maildir, encrypted with the > password of the receiver.
Ok, but how does Exim know the password of the receiver? You've access to the password hashes only, I suppose. > * When the receiver wants to access the message, e.g., via IMAP, he/she > encrypts the saved message again via its private password. Wouldn't it be better to use asymmetric encryption, then Exim doesn't need to know a shared secret, but only a public key. The mailbox user then can decrypt the message using a private key. Having a shared secret that's known to Exim (except during the verification of a PLAIN or LOGIN auth), creates an unnecessary attack surface. > I think I have to sleep about this concept one more night, but besides: > would the general setup be possible with transport_filter if the passwords > are not hashed (although this is obviously a security issue)? BTW, I *think* I read that Dovecot supports encrypted mailboxes. And in the ideal world Exim doesn't know anything about how to store messages, but simply passes the messages to a MDA (mail delivery agent), e.g. directly via a local pipe (dovecot-deliver, cyrdeliver, …), or via a protocol like LMTP (which is supported by Dovecot and Cyrus too). Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/