Am 24.11.22 um 09:23 schrieb Andrew C Aitchison via Exim-users:
Perhaps use some sort of GPG wrapper as a transport_filter, and do decryption client-side?Ah. If we use OpenPGP format then the recipient can use any PGP-aware client to read the message.
Tried it.. It's complex and it ended with all sorts of charset issues within the pgp mails.
But, yes, it's the only imaginable way to make it secure for all local/remote attack scenarios,
after it got encrypted. Everything else, like the dovecot mailcrypt plugin, has loopholes:- no protection of physical theft, except password for keys is used and database for password was not stolen too.
- no protection against rogue admins - no protection against system breaches - no protection against stolen/bruteforced credentials --> imap login - only working scenario:Attacker with none-root privileges on system side, with read access to mailbox files. Access should be only valid for exim and dovecot itself anyway, so encryption is obsolete, if access rights are restricted correctly.
Of course, these are only my opinions on the topic. best regards, Marius
OpenPGP_0x048770A738345DD3.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
