Encrypt e-mail server side?

Hi ! :wave:
I’ve been looking around about e-mail security, how does Proton or RiseUp works, especially server side.
From what I see, Yunohost setup doesn’t encrypt e-mail server side which expose users e-mail to less confidentiality.
I saw TREES a dovecot plugin for encryption really interesting because only the user has the ability to decrypt emails (instead of dovecot’s mail-crypt-plugin which do have the keys).
Has anyone already tried to add TREES to YNH ?
Do anyone know if this may be possible especially regarding LDAP and the actual dovecot configuration (passdb, prefetch, zlib, indexes) or can point me where to look at to start experimenting ?
Kindly,

1 Like

I will be off-subject, but I’ll still explain my case.
I wanted my server to be safe if someone come and take it, so I encrypted the whole disk.
Bad part is that the server can not reboot on it’s own and need an input to be able do read it’s own disk.

The good part is that I can use default systems, without having to think about a way to secure each tool.
The bad part is that the admin (me) can still have access to the data of everybody (but a burglar will not).

Second note : 100% of my users do not care at all about security, and absolutely none of them will install anything, or care to have a special tool to be able to use anything (they want things to work without having to think even a little bit), I even had to remove encryption of all the Matrix rooms recently because sometime it could cause delays :cry:

So my way is OK for them (they do nothing and do not care at all), and OK for me (if someone come and steal the drives, they will not read a thing).

2 Likes

Thanks for this answer.
Indeed I may encrypt whole disk, it would be a starting point.
But it doesn’t prevent me or someone who gain physical access to the server while running to reach the e-mails content.
I think that in self hosting direct access to the server is really often a weakness that may be considered.
I also understand that a lot of people which need our types of services doesn’t know and so, doesn’t care, about security. But as it is our role to acknowledge about data that matters, data security is really related.
I’ll give a try to TREES this winter.

1 Like