On 10/27/19 6:48 AM, Fourhundred Thecat wrote: > On 27/10/2019 13.29, Ansgar Wiechers wrote: >> Several years ago I wrote something like that [1]. However, if your mail >> server is untrusted I don't think there's a point in bothering. > > no server is 100% trusted. By this logic, should I therefore give up?
It depends on what attack you are trying to protect against. You need to think outside the box, though. Have you considered not storing mail for any significant period on your server, and instead unloading new mail into an "inside" system? MTAs are "push" in that outsiders initiate connections to it to send or receive mail. So you have a workstation that connects to the pop3s port to pull down all mail, and do it aggressively, to minimize each mail message's exposure to ne'er-do-wells. > fetchmail is a mail-retrieval and forwarding utility; it fetches mail > from remote mailservers and forwards it to your local (client) > machine's delivery system. You can then handle the retrieved mail > using normal mail user agents such as mutt(1), elm(1) or Mail(1). The > fetchmail utility can be run in a daemon mode to repeatedly poll one or > more systems at a specified interval. This won't stop man-in-the-middle attacks, particularly the techniques used by sysadmins to satisfy LEO search warrants. But it will stop non-persistant wholesale harvesting of your mailstore. Of course, IMAP would not be available because fetchmail with POP3 would remove the mail when it's forwarded to your protected, Internet-isloated mailstore. OP, let me ask this: your proposal appears to be to modify the delivery agent so that, instead of storing e-mail in cleartext, it insteads use the public part of a public/private keypair to encrypt the payload of incoming email. That way, your mail client would need to decrypt the payload when reading the mail, using the private part of the keypair. Further, the client would need to support the decryption of superencrypted mail, once with your private key, then again with the public key of the sender. That dual-decryption capability is not available off-the-shelf to the best of my knowledge.
