Hi Heiko, Hi Andrew,
thanks for your answers! At first, I wasn't aware that Exim has such
fancy concepts for on-the-fly modification of messages.
Mybe I'm missing the point. The on-disk representation of the password
is a hash. That can't be used for symmetric encryption/decryption.
You want to "grab" the real password during user login, and save it
somewhere for later use as encryption/decryption key?
yeah, that's my main idea. For clearness, a "normal" communication
profile would look like this:
* An external sender sends an e-mail to our local Exim Server.
* The Exim Server saves the message, e.g. via Maildir, encrypted with
the password of the receiver.
* When the receiver wants to access the message, e.g., via IMAP, he/she
encrypts the saved message again via its private password.
The goal is therefore that the messages are only encrypt-able when you
have access to the password of the receiver. And of course, a secure and
private password is necessary to prevent easy brute-force attacks.
Which user: the sender or the recipient ?
Intentionally, I wanted to encrypt the file with the password of the
recipient, so that an IMAP server can again decrypt the message. But now
as you ask: I think this is not possible, as you can only "grab" the
password when the "receiver" sends a message him-/herself and needs to
expose the password.
I think I have to sleep about this concept one more night, but besides:
would the general setup be possible with transport_filter if the
passwords are not hashed (although this is obviously a security issue)?
Best regards,
Gabriel
Am 2022-11-23 23:22, schrieb Heiko Schlittermann via Exim-users:
Hi Gabriel,
Dengler, Gabriel via Exim-users <exim-users@exim.org> (Mi 23 Nov 2022
01:16:19 CET):
I want to store the incoming e-mails using the Maildir file format
encrypted
by using some symmetric encryption using the user's password (e.g.,
AES). So
in the end, Exim should write the encrypted files directly on the
disk.
Furthermore, it would be convenient if the actual password is solely
persistent saved as a hash (for checking at authentication), the real
password - and therefore the en-/decryption key - is only temporarily
available during the login session.
Mybe I'm missing the point. The on-disk representation of the password
is a hash. That can't be used for symmetric encryption/decryption.
You want to "grab" the real password during user login, and save it
somewhere for later use as encryption/decryption key?
IMHO no source modification is necessary, $auth2, $auth3 (depending on
the AUTH scheme you use (needs to be PLAIN or LOGIN) contain the
password. You're free to save it whereever you want (using SQL, using
embedded Perl code, using any external command, using readsocket, …)
The encryption I'd do with a "transport_filter", which basically is
can be an "aes-pipe" or similiar.
Therefore, I wanted to modify the Exim source code directly but was
confronted with a large amount of code, e.g., the differentiation
between
the different transport types or the many cases considered in the
appendfile
protocol. So I have some questions, where you might help me in the
"big
picture":
As stated, all transports can use a "transport_filter", which should be
able to processing your message on-the-fly, while writing it to the
mailbox file.
* How to enforce that a user has to authenticate him-/herself with a
password?
Use ACL to check if the user is authenticated. You should find it in
the
example config. Watch out for "authenticated = *".
* Where is a good point of "grabbing out" the password from the user
and how
to "carry" it to the point where the encryption happens?
The authenticators (authenticators section of the config) have the
password, and the server_condition does string expansion, so you can do
whatever you need there.
# example, *unchecked*, just served from memory, likely to be
# wrong
begin authenticators
plain:
driver = plain
server_advertise_condition = ${if def:tls_in_cipher}
server_condition = use $auth2 (user name) and $auth3
(password) in a creative way
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support
-
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3}
-
gnupg encrypted messages are welcome --------------- key ID: F69376CE
-
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
