Encrypt emails in storage on a per user basis

[gderber]

Evaluating the options.

Dovecot: mail-crypt-plugin

Advantages:

1. It's built into dovecot
2. Allows for spam training via .

Disadvantages:

1. It stores user secret keys on the server.
2. Email not encrypted until it reaches dovecot.

GPGit

Selective encryption

• Encrypt specific incoming emails using Dovecot and Sieve
• Encrypted Email Storage, or DIY ProtonMail
• FWIW, I am currently using gpgit.pl with Postfix+Dovecot rather than with Exim

Encrypt Everything

• Automatically Encrypting all Incoming Email
• https://gitlab.com/mikecardwell/gpgit
• Encrypting Stored Email with Postfix

S/MIME

• https://github.com/jobisoft/encrypt-smime

[gderber]

Two conflicting needs:

1. Spamassassin training through moving email into and out of the spam folder.
2. Ensuring emails are kept private

Decrypting and encrypting emails as they move in and out of the spam folder won't work because that would require user private keys to be stored on the email server.

[gderber]

Methods for encrypting:

1. Use pgp public keys
2. Use user public cert.