I would not recommend using PGP/SMIME for internal<->internal communication.
In that case, I would rather recommend firewalling your POP3 and IMAP server, while also configuring your SMTP to only allow relaying from internal hosts, and then use a secure VPN for those users. So users that want to send or receive mail, has to connect with VPN to your server. To prevent your mails from getting exposed while users might attempt to send mail without VPN on, you configure the SMTP server in those mail clients to be internal (192.168.x.x or 10.x.x.x), so no communication would be setup unless they are on VPN. The good of that is that the complete communication channel, inclusive subject, from, to, and also password to the SMTP/POP3/IMAP server and everything, get encrypted, and also, it protects your IMAP/POP3 server from compromise by bruteforce/dictionary attacking. Thats a lot easier to set up aswell. Another good idea is to use TLS encryption on your mail server, both for SMTP and IMAP/POP3. However, Ciphermail is great for: Automatically decrypting mail that arrives to your destination. The good with that, is that no sensitive key material is left on user's devices or computers, so if a device or computer is lost, access can be easily revoked without having to replace any user keys or user certificates. This means decryption is handled by your MTA, and thus key material can be stored safely there, for example inside a HSM. Automatically encrypting external mail to users that either have an encryption key programmed into Ciphermail (for example contractors), or to "random users" (with the webmail/PDF functionality). Automatically signing outgoing mail, and verifying incoming signatures, is also a great idea. -----Ursprungligt meddelande----- Från: users-boun...@lists.djigzo.com [mailto:users-boun...@lists.djigzo.com] För Assaf Dahary Skickat: den 1 augusti 2016 11:31 Till: users@lists.djigzo.com Ämne: [Djigzo users] CipherMail GW anywhere Hi, I've read the CipherMail gateway documents and got impressed from all the capabilities that can be used to encrypt end-to-end users' emails. I need to provide for 50 none-tech users: 1. end-2-end encrypted emails for managed users registered with the same email domain (internal users). From the docs I understand that either PGP or S/MIME is used. 2. For the internal users to send secure email to any other external email address (other domains). From the docs I understand that WebMail or PDF is used. 3. Simple remote installation/setup and users' usage (people with 0 tech capabilities). Both, Internal and External, users can be anywhere connected over the open Internet (not in secure LAN/Intranet). I've already install the CipherMail gateway and looked into it, but I'm missing the overall picture for how to start with the system setup. I would appreciate any advice/tip/direction to. Regards Assaf _______________________________________________ Users mailing list Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users
