Comments (20)
Then close the issue as "out of scope", and be clear about that to your community so they can find solutions that meet their needs. "no one will get around to this" is a poor explanation that you do not view this as an important feature and are removing it from the list of things other contributors can do for you.
As for the context of the issue itself, deploying a mail server without end-to-end encryption is irresponsible in the post-Snowden era. You would be doing a serious disservice to your users by even allowing unencrypted configurations, let alone explicitly removing them from your product backlog.
from mailinabox.
@martindale are you sure you're not mixing up TLS and PGP? No other mailserver supports PGP in a "stable" way. Lavabit did, and some scripts exist that may work. PGP End-to-End is encryption at rest and in transit, but the other user needs to have a PGP key (few people do, mostly developers on the higher end of that spectrum)
TLS on the other hand is server-to-server encryption that is widely deployed and already supported by MiaB.
from mailinabox.
as it remains a requirement for the project
I don't know what that even means. If it's a requirement you have for a mail server, then this project won't meet your needs.
from mailinabox.
To necrobump this issue, I think detecting PGP and encrypting incoming mail with PGP/MIME should be a thing so all your mail is encrypted at rest. Unfortunately I'm no mailserver wizard.
from mailinabox.
Closing because it was a fun idea but it seems like no one will get around to this any time soon.
from mailinabox.
You think I should shut this project down?
from mailinabox.
@JoshData Can this be re-opened?
Roundcube 1.2.0 has server-side PGP support, so it shouldn't take too much work to support now! https://roundcube.net/news/2016/05/22/roundcube-webmail-1.2.0-released
Edit: merely updating Roundcube will support client-side PGP though Mailenvelope. Maybe that's enough for now. 😉
from mailinabox.
@JoshData Thanks! 👍
Just found out Roundcube is already up-to-date so that the client-side browser plugin works. 😄
from mailinabox.
What is the normal toolkit you'd use to do something like this manually? Are there a set of programs that you stitch together with some shell scripting?
from mailinabox.
Dunno!
from mailinabox.
I know this was done with Exim, maybe the script for that could be modified for MIAB.
https://github.com/mikecardwell/gpgit
from mailinabox.
Neat. Thanks for posting the link.
from mailinabox.
I started hacking on an encryption mail filter on a branch:
This creates a new SMTP server listening on port 10587 that PGP-encrypts mail to recipients and refuses to accept mail if it cannot encrypt it. This makes it hard to accidentally send something in the clear.
Recipients' PGP keys are looked up from Keybase.io by inserting their Keybase username into their email address. E.g. If my email address were [email protected]
, you would address the email to me using [email protected]
.
I probably won't have time to finish this (or start a decryption side) any time soon. Maybe someone else can continue the work.
from mailinabox.
+1 on this, this would be fantastic.
from mailinabox.
I like the idea of this, but it does make me a little nervous to have keying material stored on the server. I suppose you could store the private keys in an encrypted format and use a key derived from the user's login password.
I haven't dug into the details in dovecot -- would it make this accessible? Or did you have some other idea for protecting these data?
from mailinabox.
The idea is that since you control the box, you might as well put a private key on it ---- rather than a copy of your private key on your laptop, on your phone(s), needing some awkward integration with webmail, etc. I'm not actively working on this now, though.
from mailinabox.
I understand that, in theory, but what if I'm sharing my box with others. For example, I host my own email on one of these, but I decide to offer the same to friends and family... At that point, I think it gets a little more sketchy. Honestly I think the automatic encrypting / signing is a pretty clever solution, in general, for outgoing.
On the incoming side, however, I'd like to figure out a way to accomplish this without potentially exposing my private key. I suppose one mechanism would be to fallback to using Thunderbird+EnigMail for reading, and not worry about those messages that can't be read on mobile. Hrm.
Thanks for the comments. Cheers.
from mailinabox.
Please re-open this issue, as it remains a requirement for the project. Move it to another milestone if you must (propose: "Backlog"), but definitely do not close it just because someone isn't getting to it soon.
from mailinabox.
from mailinabox.
yes, mailvelope.com works conveniently in MiaB. even in conjunction with enigma.
from mailinabox.
Related Issues (20)
- Weird output (from Roundcube?) during install HOT 2
- Update to SpamAssassin 4 HOT 2
- hostname example.host.tld does not resolve to address xxx.xxx.xxx.xxx HOT 4
- Fail2ban - miab-munin.conf filter not cathing HTTP/2.0
- Add an edit button on DNS entries
- LetsEncrypt certificate renewal fails
- Systemd service not working
- how make a file copy of incoming email?
- Backup Error happening with mailinabox command I think HOT 1
- Break System Status Checks up into smaller checks HOT 2
- Root Domain configs in nginx
- owncloud-unlockadmin.sh has incorrect path for mail.py HOT 4
- Backup: File size can't be validated, because of missing capabilities of the backend HOT 4
- freebsd support HOT 2
- active-sync is with imap, or with mapi
- Multiple Domain why change NS ?? HOT 3
- Feature request: Add the ability for parked domain email user to edit it's own DNS records in the control panel HOT 1
- Mailinabox V68 when connecting with /mail or /cloud receiving 502 Bad Gateway and Android clients force to verify email address again.
- SSH System Status Check Error HOT 1
- remove unecessary subdomains
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mailinabox.