Let me try again. So the email comes in. Some programs gets your public key and
then encrypts the email on the server. Then when you retrieve your email, it
sends it out in what it believes is plain text or for that matter can to TLS on
the file, but you get a GPG message that you then decrypt.
So the reason this isn't normally done is a general purpose email server would
have to do this on per client basis, somehow getting the proper public key for
each client.
Am I right? Close?
If not I will shut up and wait for a guru to reply.
Original Message
From: 400the...@gmx.ch
Sent: October 26, 2019 10:46 PM
To: postfix-users@postfix.org
Subject: Re: postfix filter to encrypt incoming emails with public gpg key
On 27/10/2019 06.26, lists wrote:
> My bank insists I use their website for anything secure. I don't get anything
> in my email that would be a security problem.
I used bank just as an example. Feel free to substitute another
scenario, if you find mine hard to imagine.
> Wouldn't a private key have to be held on your server to do what you want? If
> so, that hacker can get the key.
No. Definitely not.
Only public key is needed for asymmetric encryption.
> Personally I would harden the server. It sounds like this is a private
> server. You can use the firewall to vastly limit the countries where your
> email can be retrieved. That is filter the hell out of all email ports except
> 25. Besides filtering countries, I have a file of about 30k of ipv4 cidrs
> from data centers that I block from all email ports except 25 and all the web
> ports. No eyeballs in datacenters.
Sure, I want to have both:
A secure server, AND encrypted emails. What is wrong with that ?
