On Sun, Feb 08, 2015 at 12:33:15PM +1100, junying wrote: > Hi Gilles, >
Hi, > Sorry for my ignorance but I noticed that in smtpd.conf(5) that there is > queue encryption which encrypts envelopes and messages. Can this be similar > in anyway to what Lavabit used to do with end to end encryption with emails? > Jason is partly right in his answer, queue encryption is not enough. When receiving mail OpenSMTPD will commit it to a queue which guarantees that by the time the client disconnects we have written the message on a permanent storage in case the daemon crashes, there's a power outage, or the admin simply shuts down the daemon. Mails are then either distributed locally to a user mailbox, or they are sent to another host which will distribue locally or send to another one and so on. The queue encryption ONLY protects the mails while they're in queue, and as soon as they are moved out of this queue they're no longer encrypted. So, if you were to build a Lavabit clone, this would only solve one part of the problem. Let's dig further into what's needed for a Lavabit clone since it is not too hard to build one for yourself and it's a fun project. 1- you need the queue to be encrypted. 2- you need mails delivered to the users to be encrypted. 3- you need mails to be decrypted when a user retrieves them. The 1- part is easy, it's the queue encryption in OpenSMTPD. It protects the mails while they are waiting to be delivered. The 2- part is also easy, you need a little script which reads a mail on its standard input, encrypt it with the user public key and output it to the user mailbox. I have done something similar, and we're talking about a 30 lines python script. The 3- part is harder, you need to modify a pop3/imap4 server or write a pop3/imap4 proxy so that when the user retrieves mails, the password can be used to decrypt the private key and decrypt mails as user fetches. It is not a very very hard task, but it requires a bit of work. Queue encryption solves 1/3rd of the problem, the two others are outside the OpenSMTPD scope. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
