Open sblinch opened 2 years ago
crypto storage module, a wrapper that transparently adds encryption support to any other storage blob module
Note that while it protects full message contents, storage.imapsql saves a lot of metadata in its database directly, therefore leaking information about the message, e.g. subject, sender, date, content-types.
I will go over these in detail this weekend and see how (if) these can integrated into core.
storage.imapsql saves a lot of metadata in its database directly
Right! I should probably better document this. My use-case (which since changed, as I ended up needing to switch back to Dovecot for IMAP) was to host Maddy on a trusted server with full-disk encryption, but to use less-trusted S3 buckets for blob storage. This was just intended to add a crypto layer to Maddy's existing S3 support, but I built it as a module wrapper as it could be useful for other future remote blob storage modules.
I will go over these in detail this weekend and see how (if) these can integrated into core.
Sounds great.
I've made some additions to Maddy that were essential for my own deployment; I'm not sure if any of these would be useful to anyone else, or appropriate for the Maddy core, but I thought I'd offer them up for review just in case. I wouldn't consider them heavily battle-tested, but they've been in production for about 6 months on my own low-volume mail server.
Complete change list is here.
Some highlights:
For documentation, for now, I've included a doc.go for each plugin/module that's formatted similarly to docs/reference/checks/*.md.