I was trying to determine if my hosting provider can see my e-mails. I know with cPanel web hosting, my provider could go login to my cPanel account and access my e-mails at any time.
I went to this path and I saw a ton of files within the cur folder with random letters and numbers in the file name ending in ,Sab
I downloaded some of these files and opened them with my text edit. While I can see the e-mail head like, who it’s from, sent to, etc., the body of the text (which I’m thinking is the e-mail message) is all encrypted. It looks almost like the text in a private key file.
No, nothing has changed. There is no encryption “at rest,” meaning the files and hard drive are not encrypted. The particular file you looked at could have been maybe just a binary file attached to an email. Other files are emails in plain text.
There’s no way to prevent someone with physical access to your server from accessing its contents (in any normal hosting environment), so I have felt that there is no reason for Mail-in-a-Box to address that hypothetical.
I am investigating again today. I believe your statement is incorrect. I have a couple of mailboxes now with thousands of emails. I do not see the emails stored ANYWHERE in /home/user-data/mail/mailboxes/domain.com/user
I see folders I have created within my email client like “Receipts,” “Archive,” “Travel,” etc.
When I go into any of these folders, the only folder within that has data is the cur folder that I mentioned above in my first post. There’s thousands of them (as expected, since I believe they are the emails, but encrypted.)
If someone can say otherwise, please, I would like to know. Thank you!
Trust @JoshData on this one (he put it all together).
The emails are not encrypted on the disk - not on my box.
But what you see depends on the content of the email. It’s very likely that your email contains html text which is sent & saved in “base64”. Base64 looks like a block of hex but is trivial to decode - encoded but not encrypted.
I am not sure if anyone on this forum has implemeted EncFS but there is a way to encrypt the messages with the EncFs and mount /decrypted-mail to read the messages.
These things are possible, but I would be skeptical that they provide any meaningful security. If your needs require encryption at rest, you probably should be considering hosting your server at a physical location under your own control.
The mailbox storage methodology in use on your MiaB is called Maildir and yes, you’ll see most of your emails in the cur directory inside each mail ‘folder.’ The new directory is for delivered mail which hasn’t been processed by a mail user agent (MUA) and the tmp directory is used only briefly for mail which is being delivered.
Everything after the colon (:) character are Maildir flags which confer information about the mail to the MUA.
Absent an encryption scheme at the OS level, maildirs are inherently unencrypted. In order to encrypt something, you need a key/password. I assume you haven’t been entering a password each time you boot your system or start up postfix?
Your MUA uuencodes any non-plaintext data so that SMTP can transmit it. (I’m not 100% certain, but I think anything non-ASCII gets encoded). This means that any email with a binary file attachment (or even with UTF-8 characters!) will contain a bunch of ASCII characters that could look like encryption.
If you’re still convinced your mail files are encrypted, by all means, post the top lines of a few of the files and we’ll take a look.