My bank insists I use their website for anything secure. I don't get anything in my email that would be a security problem.
That said, have you inquired if your bank will use pgp? I know that sounds like crazy talk, but some banks have PGP. (OT but note Amazon can do PGP too.) Wouldn't a private key have to be held on your server to do what you want? If so, that hacker can get the key. Personally I would harden the server. It sounds like this is a private server. You can use the firewall to vastly limit the countries where your email can be retrieved. That is filter the hell out of all email ports except 25. Besides filtering countries, I have a file of about 30k of ipv4 cidrs from data centers that I block from all email ports except 25 and all the web ports. No eyeballs in datacenters. Don't use roundcube or squirrelmail. Use email clients. Don't use cpanel or similar. Again keep the attack surface to a minimum. You can maintain a server strictly from command line. Use SSHGuard or fail2ban. Original Message From: 400the...@gmx.ch Sent: October 26, 2019 8:30 PM To: postfix-users@postfix.org Subject: postfix filter to encrypt incoming emails with public gpg key Hello, when new email arrives, and it is not already encrypted, I would like to run it through a filter, which would encrypt the message with my public gpg key, as if the original sender has sent the email encrypted. Why do I want to do this ? Why not ask the sender to send encrypted messages to start with ? Lets say my bank sends me emails. I cannot forcer my bank to use gpg encryption. I am happy they use email at all, instead of paper mail. My email server is untrusted. It can be hacked into and emails stolen. Full disk encryption will not help, because the disk must be decrypted during runtime. With my scheme, all emails would be stored encrypted on my server, and decryption key does not exist on the server (emails are decrypted on my local client) What would be the best way to implement this ? Can such filter work, without ever storing plaintext email on disk ? Any other comments ? thanks,
