On 7.1.2011, at 10.16, to...@tuxteam.de wrote: > But the other techniques discussed here (e.g. having a Dovecot plugin > decrypt the mails before serving) seem to me nearly useless (at least > not worth the bother). Because at some point, this very plugin must have > the key available in some unprotected form, and then whoever compromises > the server can capture the key. So it wouldn't reduce signifcantly the > area of vulnerability.
There is also the possibility of doing the decryption on a more trusted Dovecot proxy.
