Fourhundred Thecat: [encryption at rest, but not whole-disk encryption] > With my scheme, all emails would be stored encrypted on my server, and > decryption key does not exist on the server (emails are decrypted on my > local client) > > What would be the best way to implement this ?
Use the local(8) delivery agent. In your $HOME/.forward file, pipe the mail into a program that encrypts it with your public key, then writes the result to maildir. Postfix content filter is not suitable, as it is designed to handle multi-recipient email, whereas $HOME/.forward is guaranteed to handle only one recipient. > Can such filter work, without ever storing plaintext email on disk ? Postfix (like other MTAs) persists email in the queue before it is delivered. If that is a problem, don't use an MTA. Instead, use a proxy. > Any other comments ? > > thanks, >
