Encrypted mailserver setup possible?

evert_ · 2011-12-16 12:06:47

Hi,

Since some time I keep telling myself I should start to host my email myself instead of trusting a (commercial) company like gmail. So I've been thinking a lot about the required setup, but I can't figure out a good way that suits my needs/requirements.

I'm renting a small virtual server, with only 256MB ram, but that should suffice. I'm not sending/receiving thousands of emails a day. I'm sharing this server with a friend, we both have root acces. This complicates the setup somewhat .

Requirements:
- Store email encrypted on the server, a database would be nice but is certainly not a requirement.
- Only acces the encrypted mailstorage when I acces the system. The system should not contain my private key/password, so upon login it should put all the received emails into the encrypted storage.
- Web acces (squirrel/roundcube)
- Be able to search through the email

Known limits:
I'm well aware that with sharing root acces on the server I won't be able to get a system that guarantees me 100% privacy. But there are practical limits and there is some trust. For real privacy I should not trust upon the server, but use pgp. Although pgp is very good, many people i often communicate with don't know it. So please don't point this out, I know about this. The discussion is not about sharing root making it impossible to get this 100% secure, but about storing the mails encrypted and getting the best system possible for this.

The mails will be received unencrypted and should pass an anti-spam system unencrypted. Also will the mail be stored in a queue until I perform a login.

There are 3 reasons for wanting to store the mails encrypted: It will stop my co-root from simply using cat in the maildir/database, it will keep my mails save if there would be an 'intruder' on the server and it keeps the mail private if the hosting company would look into my files (or has to give access to a government/police).

I hope this is possible and some archers can help me to point to the required software . Some personal experiences with a similar setup would be great!

Stebalien · 2011-12-16 16:07:32

There may be a better way to do this, but I would use procmail and have it pipe all inbound email through gpg. However, I have no idea how to actually do this.

Shadin · 2011-12-17 21:20:54

I just started work on the same project, my friends and I would like to have our own email hosting. I don't have any knowledge to add yet since we're just beginning the process, but would love to hear more if anyone has done this and will share what we find on the way.

evert_ · 2011-12-19 18:40:58

Some more digging seems to point out there is not yet any email server supporting what we want. I've found this blog: https://grepular.com/Automatically_Encr … ming_Email. It's going for the gpg option, like Stebalien was suggesting. It seems to be the best way too do it, without to much hassle.

I hope I can find some time somewhere in the upcoming days to fiddle with it. I'll let you know if i'm getting any concrete results .

Last edited by evert_ (2011-12-19 18:41:33)

Arch Linux

#1 2011-12-16 12:06:47

Encrypted mailserver setup possible?

#2 2011-12-16 16:07:32

Re: Encrypted mailserver setup possible?

#3 2011-12-17 21:20:54

Re: Encrypted mailserver setup possible?

#4 2011-12-19 18:40:58

Re: Encrypted mailserver setup possible?

Board footer