To avoid casual mailbox snooping for an IMAP server I am thinking of "transparent encryption" setup that would:
- Public key encrypt incoming messages at local delivery time
- Private key decrypt said messages at read time. (Here, the private key password would be one and the same as the mail account password)
(see the rationale at bottom).
Point (1) should be easy enough given procmail and some filtering script. I am unable to find prior art for (2) which involves tampering with the IMAP server (dovecot, in my case: that probably means a special purpose plugin).
Ideas, anybody?
Rationale:
With this setup, messages would sit encrypted on the server but the users would not have to to install unwieldy (for the un-initiated) GnuPG plugins on their MUAs. And a cracker that got all the public/private key pairs and the mailbox would still have to crack the password before she can access the content
Best Answer
By default the %w variable isn't available, but you can add it.
I've slightly extended the example given in the Dovecot wiki to show one way you could handle the key management. This passes some low intensity tests (I can deliver, read, move mail around).
There's obviously plenty of room to improve on this - adding error checking, not buffering the message on disk in plaintext, invoking GPG properly with colon delimited output, detecting non-encrypted mail on disk and so on.