encrypt incoming emails with public gpg key before they are stored to maildir

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

encrypt incoming emails with public gpg key before they are stored to maildir

Dovecot mailing list
Hello,

I have asked on the postfix mailing list for a solution, how to encrypt
incoming emails with public gpg key

My original idea was to use a smtpd-milter, which would encrypt all
incoming plaintext messages of given user, using the users public gpg
key. This way, it would look as if the original sender has sent the
message encrypted.

Somebody suggested this might be better done in Dovecot, as it is
Dovecot who stores the emails in Maildir.

Does anybody have any suggestions how to implement this scheme in Dovecot ?

I am including the original email below:

> when new email arrives, and it is not already encrypted, I would like to
> run it through a filter, which would encrypt the message with my public
> gpg key, as if the original sender has sent the email encrypted.
>
> Why do I want to do this ? Why not ask the sender to send encrypted
> messages to start with ?
>
> Lets say my bank sends me emails. I cannot force my bank to use gpg
> encryption. I am happy they use email at all, instead of paper mail.
>
> My email server is untrusted. It can be hacked into and emails stolen.
> Full disk encryption will not help, because the disk must be decrypted
> during runtime.
>
> With my scheme, all emails would be stored encrypted on my server, and
> decryption key does not exist on the server (emails are decrypted on my
> local client)
>
> What would be the best way to implement this ?
>
> Can such filter work, without ever storing plaintext email on disk ?

thanks,
Reply | Threaded
Open this post in threaded view
|

Re: encrypt incoming emails with public gpg key before they are stored to maildir

Dovecot mailing list


On 30/10/2019 15:29, Fourhundred Thecat via dovecot wrote:

> Hello,
>
> I have asked on the postfix mailing list for a solution, how to encrypt
> incoming emails with public gpg key
>
> My original idea was to use a smtpd-milter, which would encrypt all
> incoming plaintext messages of given user, using the users public gpg
> key. This way, it would look as if the original sender has sent the
> message encrypted.
>
> Somebody suggested this might be better done in Dovecot, as it is
> Dovecot who stores the emails in Maildir.
>
> Does anybody have any suggestions how to implement this scheme in Dovecot ?

Something like this?

https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve

Regards,

Stephan.

> I am including the original email below:
>
>> when new email arrives, and it is not already encrypted, I would like to
>> run it through a filter, which would encrypt the message with my public
>> gpg key, as if the original sender has sent the email encrypted.
>>
>> Why do I want to do this ? Why not ask the sender to send encrypted
>> messages to start with ?
>>
>> Lets say my bank sends me emails. I cannot force my bank to use gpg
>> encryption. I am happy they use email at all, instead of paper mail.
>>
>> My email server is untrusted. It can be hacked into and emails stolen.
>> Full disk encryption will not help, because the disk must be decrypted
>> during runtime.
>>
>> With my scheme, all emails would be stored encrypted on my server, and
>> decryption key does not exist on the server (emails are decrypted on my
>> local client)
>>
>> What would be the best way to implement this ?
>>
>> Can such filter work, without ever storing plaintext email on disk ?
> thanks,

Reply | Threaded
Open this post in threaded view
|

Re: encrypt incoming emails with public gpg key before they are stored to maildir

Dovecot mailing list
In reply to this post by Dovecot mailing list
On 10/30/2019 03:29 PM, Fourhundred Thecat wrote:
> I have asked on the postfix mailing list for a solution, how to encrypt
> incoming emails with public gpg key

I'm using the following to PGP encrypt all *outgoing* e-mail addressed
to *us* on the SMTP-out server of certain older remote platforms (the
newer ones using only S/MIME instead). Note, however, that it's all
*automated* e-mails that I just *know* not to be encrypted beforehand.
AFAIK "PGP encrypted content" is not as tightly bound to MIME types and
the multipart/* hierarchy as S/MIME is, which complicates detection of
"it *already is* encrypted".

>> Can such filter work, without ever storing plaintext email on disk ?

postfix is an MTA, and does queueing as appropriate for such a beast.
You *will not* get a guarantee that the unencrypted mail will not
*temporarily* be written to disk (and deleted thereof without outright
wiping). Well, short of putting the spool directory on a ramdisk or
somesuch.

main.cf:

smtpd_recipient_restrictions = [...], check_recipient_access
hash:/etc/postfix/encrypt, [...]

master.cf:

gpgit     unix  -       n       n       -       10      pipe
  flags=Rq user=gpgit null_sender=
  argv=/home/gpgit/from-postfix.sh -f "${sender}" --target:${nexthop} --
${recipient}

encrypt(.db):

[hidden email]                   FILTER gpgit:dummy
binect.de                               WARN Zieladresse fehlt in
encrypt Map
subdomain.binect.de FILTER gpgit:catchall-MnemonicName
[... etc.]

~gpgit/.gnupg/gpg.conf:

trust-model always
[... various group definitions a la:]
group [hidden email] = 0xSomeKeyID 0xYetAnother 0xSoManyPeople
group @subdomain.binect.de = 0xMoreOfThis 0xOhTheHumanity

I found gpgit on the web, but had to improve it a bit (and find working
SELinux contexts on my own), so I'm attaching my version and:

> # ls -Zal ~gpgit
> total 84
> drwx------. 3 unconfined_u:object_r:user_home_dir_t:s0 gpgit gpgit  4096 Oct 30 00:09 .
> drwxr-xr-x. 8 system_u:object_r:home_root_t:s0 root  root   4096 May 23  2013 ..
> -rwx------. 1 unconfined_u:object_r:postfix_pipe_exec_t:s0 gpgit gpgit  1676 May 21  2013 from-postfix.sh
> drwx------. 2 unconfined_u:object_r:gpg_secret_t:s0 gpgit gpgit  4096 Oct 30 00:15 .gnupg
> -rwx------. 1 unconfined_u:object_r:postfix_pipe_exec_t:s0 gpgit gpgit 12141 May 11  2015 gpgit.pl

Needless to say, you'll have to "su - gpgit" and "gpg --import ..." the
various(?) recipients' public keys, too. And *monitor* them there, if
there are any with a limited lifetime ...

Kind regards,
--
Jochen Bern
Systemingenieur

E  [hidden email]
W  www.binect.de

gpgit.tgz (6K) Download Attachment
smime.p7s (5K) Download Attachment