Secure Email Storage 1/9 Typical Email System with Secure Storage

typical eMail System

TLS

unencrypted SMTP postfix exim TLS eMail Client

IMAP/POP3 PC Mobile Storage Tablet Laptop courier cyrus perdition mysql filesystem TLS berkleydb cyrus

Mailserver my setup some alternatives

byterazor Secure eMail Storage 1/9 typical eMail System with secure storage

TLS

SMTP postfix exim encrypted using TLS single symmetric key eMail Client IMAP/POP3 PC Mobile Storage Tablet Laptop courier cyrus perdition mysql filesystem TLS berkleydb cyrus

Mailserver my setup some alternatives

byterazor Secure eMail Storage 2/9 qpsmtpd

TLS

qpsmtpd

SMTP unencrypted SMTP postfix exim TLS eMail Client

IMAP/POP3 PC Mobile Storage Tablet Laptop courier cyrus perdition mysql filesystem TLS berkleydb cyrus

Mailserver my setup some alternatives

byterazor Secure eMail Storage 3/9 qpsmtpd Overview

• easily extensible smtp server • written in Perl + Plugin System in Perl • good protection against spam + virusses • Backends: qmail, postﬁx, exim, smtp

byterazor Secure eMail Storage 4/9 qpsmtp GPG Plugin

TLS

qpsmtpd encrypted with recipients pub SMTP + gpg encrypt key SMTP postfix exim TLS eMail Client

IMAP/POP3 PC Mobile Storage Tablet Laptop courier cyrus perdition mysql filesystem TLS berkleydb cyrus

Mailserver my setup some alternatives

byterazor Secure eMail Storage 5/9 qpsmtp GPG Plugin Overview

• written in Perl • uses GnuPG to encrypt non encrypted incoming eMails • PGP Mime standard • uses recipients PGP key if locally available + trusted

byterazor Secure eMail Storage 6/9 Advantages

• can be used with standard eMail clients with PGP support • linux: evolution, claws-mail, . . . • android: r2mail2 • even if eMail password is sniffed, emails can not be read • decryption key is only available to recipient • security not dependend on third party

byterazor Secure eMail Storage 7/9 Drawbacks

• Server side searches in body doesn’t work anymore • attacker can add additional keys to keyring if server is not secure • emails not readable if client doesn’t support PGP • emails can be read before encryption • recipients + subjects visible

byterazor Secure eMail Storage 8/9 Summary

• qpsmtpd + GPG Plugin ⇒ secure eMail storage • http://byterazor.federationhq.de/blog/ qpsmtpd-gpg.shtml • inspired by: https://grepular.com/ Automatically_Encrypting_all_Incoming_Email • want to help improve plugin: mail me [email protected]

byterazor Secure eMail Storage 9/9