Re: encryption of emails
hi & thx for your response!
> Hi Jens,
>
> > has, or does anybody know, an email-gateway, that encrypts emails
> > automatically?
>
> how about using TLS between the two MXes of your sites? Doing some
> end-to-end Mixmailer or alike is probably not what you want. ;)
> If you need to gpg-payload-encrypt to random target MXes then doing a
> local loop in your mailserver config might do the trick, but i guess the
> easiest and most robust (if you control both MX) is to do TLS.
mails shoul really be encrypted and we don't have access to all ns
(mx) of all their domains.
> > for example the whole mailexchange between several branches of a
> > company? maybe a kind of "black-/whitelist" - all mails to
> > users/domains on a list will be encrypted - the rest will be sent
> > unencrypted?
> >
> > it is important, that this works automated, serversided and no user has
> > to do (forget ;) something!
> >
> > and: is it possible to store incoming emails encrypted (postfix -
> > Maildir), that f.e. no user with local access can read mails of another
> > user on the server? when polling this encrypted emails, they should be
> > decrypted automatically!
>
> Encrypt the disk partition (lvm crypt or alike), not the email and setup
encrypting the whole partition is not the solution we want / can do!
only the emails in Maildir!
> decent directory permissions. The default should already not allow other
> users than root be allowed to read everyone's email, but if you're paranoid
> beyond that, maybe grsec and SELinux fit your needs. Doing
structure of the "homes ist /home/domain/users" - but the "admin" of
a web/domain has access to all subdirs :(
> end-to-end-encryption should be done entirely by the endpoints themselves
> (i.e. MUA, not MTA), but training your users to do proper GPG is probably
> quite a challenge. :-P
;))) maybe we don't know all the users :) and i think you know that it
is impossible to train all users (we talk about win-users :)))
jens
>
> --
> Best regards,
> Kilian
>
Reply to: