Plugin for the SMTP MTA qpsmtpd which encrypts every incoming eMail, which is not already PGP encrypted, with the recipients pgp public key.
Go to file
Dominik Meyer a9f3d8cf07 ADD: added GPLv2 as License 2016-03-01 22:09:51 +01:00
src RM/ADD: removed old method added qpsmtpd smtp queueing module with encryption 2013-08-13 22:44:17 +02:00
License.txt ADD: added GPLv2 as License 2016-03-01 22:09:51 +01:00
README initial commit of the GPG QPSMTPD Plugin 2013-08-11 21:49:44 +02:00

README

---------------------------------------------------------------------------------
-                                                                               -
-                   qptsmtpd-plugin-gpg                                         -
-                                                                               -
---------------------------------------------------------------------------------

Author      : Dominik Meyer <dmeyer@federationhq.de>
Initial Date: 2013-08-12


Description:
------------

This plugin for the SMTP MTA qpsmtpd will encrypt every incoming eMail, which
is not already PGP encrypted, with the recipients pgp public key.

I got the idea for this project, while reading: https://grepular.com/Automatically_Encrypting_all_Incoming_Email
A lot of code is inspired from the above project.


The pgp encryption ensures, that the eMail body is stored encrypted in the backend storage, for
example an IMAP server. A lot of current eMail clients support pgp/gpg encrypted emails and ask
for the pgp passphrase, if you select an encrypted email.




Problems/Security Considerations:
---------------------------------

    - The eMails are encrypted while getting into the mailserver. The eMails can be read in plain
      from the network line by your backend provider, if the connection is not SSL/TLS encrypted 
    
    - The eMail lies unencrypted for some time into the spool directory of qpstmpd. This can not be
      secured. But to reduce recovery attempts by an attacker you can use an encrypted spool directory 
      or a RAM Disk. Perhaps an encfs encrypted spool directory only readable by the qpstmpd user, created
      manually at every boot may help, if you are paranoid.