Hi Jens, > has, or does anybody know, an email-gateway, that encrypts emails > automatically? how about using TLS between the two MXes of your sites? Doing some end-to-end Mixmailer or alike is probably not what you want. ;) If you need to gpg-payload-encrypt to random target MXes then doing a local loop in your mailserver config might do the trick, but i guess the easiest and most robust (if you control both MX) is to do TLS. > for example the whole mailexchange between several branches of a > company? maybe a kind of "black-/whitelist" - all mails to > users/domains on a list will be encrypted - the rest will be sent > unencrypted? > > it is important, that this works automated, serversided and no user > has to do (forget ;) something! > > and: is it possible to store incoming emails encrypted (postfix - > Maildir), that f.e. no user with local access can read mails of another > user on the server? when polling this encrypted emails, they should > be decrypted automatically! Encrypt the disk partition (lvm crypt or alike), not the email and setup decent directory permissions. The default should already not allow other users than root be allowed to read everyone's email, but if you're paranoid beyond that, maybe grsec and SELinux fit your needs. Doing end-to-end-encryption should be done entirely by the endpoints themselves (i.e. MUA, not MTA), but training your users to do proper GPG is probably quite a challenge. :-P -- Best regards, Kilian
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil