Re: [Dovecot] E-Mail Encryption
On Fri, Jul 24, 2009 at 09:39:25PM +0100, Frank Leonhardt (t200...@fjl.co.uk) wrote: How much good do your locks do when police comes and wants to confiscate your servers because they suspect one of your users has done something criminal? Do you trust they take as good care of the machines as you do? How do you know I'm *not* the Police? I don't. But I do know dovecot is being used by people who are not, and probably also some who have a reason to distrust the police. We're in very interesting territory here, and it's going to depend on your local laws. In England the police are pretty okay Sure. Ditto in Finland. But not everywhere. In England, if you can't decrypt the data it can be a bit awkward (RIPA) In some places it could save many people from torture and death. (There are situations where the *good* option is having just yourself tortured to death because you *can't* decrypt the data.) OK, that's a bit extreme, but it's not hard to imagine more common scenarios where being able to just delay the decryption could be useful. [...] the rogue administrator ought to be able to circumvent encryption anyway - if it's whole disk it's effectively not encrypted. Whole-disk encryption is ineffective against rogue admins, yes - only application-level encryption (decrypting in client) helps there. But whole-disk encryption is useful against untrustworthy police and burglars, even when application encryption is also being used in the way being discussed, where only message content is encrypted: logs and header information and the like can be critical, too. The main reason I'd be in favour of application-based file encryption is to get around the fact that whole-disk encryption is meaningless as protection from the operator - if the operator is dodgy (or someone's bypassed security) then they can read the mail files just as easily as everything else. If the files themselves are encrypted then access to the running system won't reveal their contents (although it would help). I'm in favour of both whole-disk and application-based encryption. They complement each other, neither makes the other useless. -- Tapani Tarvainen
Re: [Dovecot] E-Mail Encryption
On Thu, Jul 16, 2009 at 09:06:19AM +0200, Arkadiusz Miskiewicz (ar...@maven.pl) wrote: On Wednesday 15 of July 2009, Patrick Domack wrote: The only benefit this would being, is email being saved on the server would be encrypted. Otherwise it offers no protection. I guess if you paranoid that the system admin might read your emails, but then, he can just as easily read them as they come in or out of the system. Actually such encryption is interesting as a protection in case when someone steals server hardware/disks. Or when the regular, trustworthy sysadmin is temporarily replaced by a crook or is blackmailed or is overridden by a pointy-haired boss. Indeed it might be valuable protection for the sysadmin who doesn't want to compromise other people's mail: no need to refuse orders when you *can't* read them. (New mails can of course still be intercepted as noted, but that doesn't mean protecting old stuff isn't useful.) Anyway, this can be done with procmail as well, but a dovecot plugin might be more convenient. -- Tapani Tarvainen
[Dovecot] multiple authentication mechanisms/passwords for same account
This may be trivial but reading the documentation I can't find a clear answer: If multiple authentication mechanisms (or multiple databases for one) are defined, does it allow one user account to have several (at least two) alternative passwords (so that any of them would work)? Or does it first map an account to a fixed authentication mechanism/password and if it fails, others won't be tried? -- Tapani Tarvainen
Re: [Dovecot] multiple authentication mechanisms/passwords for same account
On Wed, Jul 15, 2009 at 02:14:46PM +0200, Steffen Kaiser (skdove...@smail.inf.fh-brs.de) wrote: Or does it first map an account to a fixed authentication mechanism/password and if it fails, others won't be tried? Did you tried? No (still trying to decide if I should install dovecot). On Wed, Jul 15, 2009 at 02:16:47PM +0200, Steffen Kaiser (skdove...@smail.inf.fh-brs.de) wrote: http://wiki.dovecot.org/PasswordDatabase/ You can use multiple databases, so if the password doesn't match in the first database, Dovecot checks the next one. How did I miss that. Thank you! http://wiki.dovecot.org/Authentication/MultipleDatabases Right. One caveat remains: Currently the fallback works only with the PLAIN authentication mechanism. Guess I can live with that. Thanks again, and apologies for careless reading of the docs, -- Tapani Tarvainen
