1 Topic by blonde (edited by blonde 2021-03-14 21:24:28)

  • blonde
  • Member
  • Offline
  • Registered: 2021-03-12
  • Posts: 19

Topic: I want End to End encrypted, everything on server run as encrypted?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2 (MARIADB edition)
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: CentOS-7-x64-minimal +headless
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
OS: CentOS-7-x64-minimal +headless



Hiya,



I'm a Journalist and looking for privacy and journalist protection, thus I want my own mail server. Also, I'm hoping to be able to make this end-to-end encrypted, is there any solution for this, please? How to store all the contacts, emails, and attachments, and titles of emails in encrypted form on the server. Thus if the server gets hacked, nothing will be accessible to the hacker. I want the highest possible encryption implementation and my threat model is making this three-letter agency proof, please?


Tnx and best of luck

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,785

Re: I want End to End encrypted, everything on server run as encrypted?

Dovecot (the IMAP server) has plugin to encrypt stored messages.
FYI: https://doc.dovecot.org/configuration_m … pt_plugin/

3 Reply by blonde

  • blonde
  • Member
  • Offline
  • Registered: 2021-03-12
  • Posts: 19

Re: I want End to End encrypted, everything on server run as encrypted?

ZhangHuangbin wrote:

Dovecot (the IMAP server) has plugin to encrypt stored messages.
FYI: https://doc.dovecot.org/configuration_m … pt_plugin/


Hiya @ZhangHuangbin



Thanks. May please confirm if this only encrypts all the email protocols of IMAP, POP3, SMTP and HTTP or just emails that send and received by IMAP can be encrypted by this? Shall I close/disable all the other protocols to achieve full stored email encryption, please?

What about my other posts, may please reply to my other five posts?


Tnx and best of luck

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,785

Re: I want End to End encrypted, everything on server run as encrypted?

Mail traffics via IMAP/POP3/SMTP/HTTPS are secured with a ssl cert/key, Dovecot crypt plugin encrypts the STORED message on disk.

5 Reply by blonde

  • blonde
  • Member
  • Offline
  • Registered: 2021-03-12
  • Posts: 19

Re: I want End to End encrypted, everything on server run as encrypted?

ZhangHuangbin wrote:

Mail traffics via IMAP/POP3/SMTP/HTTPS are secured with a ssl cert/key, Dovecot crypt plugin encrypts the STORED message on disk.


Hiya @ZhangHuangbin


Many thanks. If you may provide a custom installation guide that matches your iRedMail Setup that would be great as I'm stressed if I install it by a general guide, I may end up messing the iRedMail setup that you tailored, and then I will never be able to run the encryption on messages? As this is not just normal Dovecot+PostFix+Roundcube for the mail-server that will follow the general guide. Your custom and tailor-made iRedMail is something that you only know how to install this Encryption on dovecot stored messages only, please help?


May please check out all my topics? As I do install everything on CentOS-7-x64-minimal and it's not working? Maybe if you kindly send me CentOS-7-x64 installation tips, I can install this again with your instructions if you think it may help reduce the level of error I'm facing. Then CentOS-8 is not going to be updated and CentOS-Stream is not stable, thus your installation guide needed for CentOS-7-x64-minimal that is supported up to 2024 as a better option than CentOS-8(out-dated in few months) and CentOS-stream(Buggy and unstable), please help?


Tnx and best of luck

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,785

Re: I want End to End encrypted, everything on server run as encrypted?

blonde wrote:

If you may provide a custom installation guide that matches your iRedMail Setup that would be great as I'm stressed if I install it by a general guide, I may end up messing the iRedMail setup that you tailored, and then I will never be able to run the encryption on messages?

Feel free to test it, it won't mess up.

blonde wrote:

Then CentOS-8 is not going to be updated and CentOS-Stream is not stable, thus your installation guide needed for CentOS-7-x64-minimal that is supported up to 2024 as a better option than CentOS-8(out-dated in few months) and CentOS-stream(Buggy and unstable), please help?

Upcoming iRedMail release will support CentOS Stream 8, it's already implemented in development edition.

7 Reply by blonde

  • blonde
  • Member
  • Offline
  • Registered: 2021-03-12
  • Posts: 19

Re: I want End to End encrypted, everything on server run as encrypted?

ZhangHuangbin wrote:
blonde wrote:

If you may provide a custom installation guide that matches your iRedMail Setup that would be great as I'm stressed if I install it by a general guide, I may end up messing the iRedMail setup that you tailored, and then I will never be able to run the encryption on messages?

Feel free to test it, it won't mess up.

blonde wrote:

Then CentOS-8 is not going to be updated and CentOS-Stream is not stable, thus your installation guide needed for CentOS-7-x64-minimal that is supported up to 2024 as a better option than CentOS-8(out-dated in few months) and CentOS-stream(Buggy and unstable), please help?

Upcoming iRedMail release will support CentOS Stream 8, it's already implemented in development edition.


Hiya @ZhangHuangbin



Thanks. I wanted to say I need this for CentOS-7-x74-minimal (+headless) please? The CentOS-8-Stream will be discontinued at end of this year, while CentOS-7-x74-minimal (+headless) will be updated until 2024, thus it's more reasonable if your iRedMail project support CentOS-7-x74-minimal (+headless) please?

I'm stuck in CentOS-7-x64-minimal as the error that appears in my pots will not solve? I can't send or receive any emails, please help?


Tnx and best of luck

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,785

Re: I want End to End encrypted, everything on server run as encrypted?

- I'm not sure what "headless" is here. sorry.
- CentOS 7 is fine.
- CentOS 8 is fine too, it's easy to switch to CentOS 8 Stream.
- Latest iRedMail development edition supports CentOS 8 Stream, it will be available in upcoming iRedMail release. And we plan to support CentOS 9 Stream.