encrypted IMAP storage?
September 28, 2006 6:05 AM Subscribe
Almost all my incoming mail messages are unencrypted. I use IMAP and access my mail from multiple macintoshes (using Mail.app). I want to store all my mail on my IMAP server encrypted so that my admins can't read it.
So, is there a simple plugin to mail.app that will store each mail encrypted and decrypt on the fly and show the original attachments? I can program well, but haven't written a bundle for mail.app.
Other FYIs: I have an account on the IMAP server which is unix. I don't have root on that computer, but there is a procmail hook on it. I have root on another machine that has IMAP running on it, but there are other users of that IMAP server.
A long time ago i used to encrypt all incoming messages with a PGP key in my procmail script. But this made receiving attachments impossible since you can't do attachments recursively (i.e., pic inside the s/mime encryption); can you? In any case, I wasn't using Mail.app at the time, and I don't believe mail.app will unencrypt and then look for attachments inside what it decrypted.
One solution is that I could set up all my mail to be IMAPed to an encrypted disk on my always on mac desktop. ButcCan you think of something where I don't have to set up and manage my own IMAP server? I'm hoping for something that allows me to use the admin support I have on my existing IMAP server --- I don't have a lot of time at my job to adminstrate my own services.
One last clarification: I don't think the admins are reading my mail. More precisely, i don't like my old mail appearing on backups for eternity, and I worry about recent hacks/breakins on our IMAP server. So I'm ok with a solution that leaves new mail in plaintext for short periods of time (say 12 hours).
So, is there a simple plugin to mail.app that will store each mail encrypted and decrypt on the fly and show the original attachments? I can program well, but haven't written a bundle for mail.app.
Other FYIs: I have an account on the IMAP server which is unix. I don't have root on that computer, but there is a procmail hook on it. I have root on another machine that has IMAP running on it, but there are other users of that IMAP server.
A long time ago i used to encrypt all incoming messages with a PGP key in my procmail script. But this made receiving attachments impossible since you can't do attachments recursively (i.e., pic inside the s/mime encryption); can you? In any case, I wasn't using Mail.app at the time, and I don't believe mail.app will unencrypt and then look for attachments inside what it decrypted.
One solution is that I could set up all my mail to be IMAPed to an encrypted disk on my always on mac desktop. ButcCan you think of something where I don't have to set up and manage my own IMAP server? I'm hoping for something that allows me to use the admin support I have on my existing IMAP server --- I don't have a lot of time at my job to adminstrate my own services.
One last clarification: I don't think the admins are reading my mail. More precisely, i don't like my old mail appearing on backups for eternity, and I worry about recent hacks/breakins on our IMAP server. So I'm ok with a solution that leaves new mail in plaintext for short periods of time (say 12 hours).
Physical security is the best security. Use POP3 instead of IMAP, and keep all the downloaded mails on a USB key you carry around.
posted by flabdablet at 6:37 AM on September 28, 2006
posted by flabdablet at 6:37 AM on September 28, 2006
Well, if you keep all your mail on a USB dongle, I would suggest making sure you back it up regularly as those things are very prone to dying.
posted by chrisroberts at 7:46 AM on September 28, 2006
posted by chrisroberts at 7:46 AM on September 28, 2006
Response by poster: Um, thanks, but I don't think any of you read my full question.
posted by about_time at 1:38 PM on September 28, 2006
posted by about_time at 1:38 PM on September 28, 2006
Response by poster: No he didn't.
I want a way to save unenrypted messages that contain attachments to disk. Yes, i could encrypt messages after they arrive using a procmail script, and then decrypt them with gpg mail. BUT this doesn't work for messages that arrive with attachments.
posted by about_time at 6:45 PM on September 28, 2006
I want a way to save unenrypted messages that contain attachments to disk. Yes, i could encrypt messages after they arrive using a procmail script, and then decrypt them with gpg mail. BUT this doesn't work for messages that arrive with attachments.
posted by about_time at 6:45 PM on September 28, 2006
This thread is closed to new comments.
But never mind your admins: Unless the email is encrypted before being sent to you, it jumps through various points in our worldwide Internets as plaintext. To wit, copies and chunks of your message are sitting in routers between the sender and you. You'll gain little security from encrypting your message on your server, since the damage is already pretty much done.
posted by Blazecock Pileon at 6:19 AM on September 28, 2006