Encrypted emails?

Obviously emails from a different server can’t be encrypted during transport. but,
Can Mail in a Box allow for emails to be encrypted at rest sitting on the server?

Also can 2 emails within the same Mail in a box server be encrypted during transport?

I haven’t used the Mailvelope plugin that is available in Roundcube. It has to be installed on all clients and browsers used to access the mail. I’m not sure how it works with other users.

Generally speaking, email is the wrong protocol for encrypted communications. You should use a completely different tool for this due to how complex it actually is to attempt to have email messages be encrypted.

Also note that messages from MiaB users to MiaB users on the same server do not leave the server.

Well once an email is sitting on your MiaB server, isn’t the harddrive of the VPS or the database itself encrypted?

No, messages are stored in plain text using maildir format in /home/user-data/mail/mailboxes/example.com/username/.

Although not used by MiaB, encryption on a storage device is unencrypted in memory, which retains the keys entered during the boot process. Anyone at the ISP with access to the underlying storage hardware most certainly has access to the server’s memory, plus there are introduced other complexities related to how modern virtualization functions that I’m not familiar with, but as I understand it “snapshots” of a running system can be used to completely restore on different machines.

When it comes to ISPs, you are either trusting them with everything or you run your own hardware.

What are you wanting to do? As openletter says, anyone who has access to the server will have access to everything on it, so you can’t magically protect against malicious administrators.

But, if you just want to be able to say “it’s encrypted”, you could easily put /home/user-data-mail on an encrypted volume. Plenty of modern file systems do encryption, perhaps consider ZFS. (Volume encryption only protects against someone taking the disk out of the box and trying to read it elsewhere.) Using an encrypted volume won’t affect MIAB at all, it doesn’t care how the storage is provided.

BUT BUT if you loose the keys or break the encrypted volume, you loose everything, so make sure you know what you’re doing. Have a good play around and rehearse everything on a test machine, before you break your server!

I’m looking to setup an email server that the VPS provider can’t access the emails.

If it’s like you say and the ISP can peek memory, then how do things with Zero-Knowledge access work? Like Protonmail claims to not have access to the email body. Or cTemplar before they shut down was encrypted email

If you want the messages to be opaque to the VPS provider (and so also opaque to the system admin - that’s you) you’ll be looking at full end-to-end encryption. That is not something provided by MIAB, or by any normal email system.

It is possible to send encrypted text in normal email (e.g. as an attachment to an empty email), but:

  • The existing systems are clumsy and not widely used (eg. PGP)
  • The non-encrypted part of the email (to/from/subject/headers) are still visible.
  • Key management is a problem

A couple of caveats:

  • As with any system, you’ll need to trust the software (or verify the system and every update yourself) - various types of backdoors are possible (dishonest or legal).
  • “Zero knowledge” - it’s a great phrase but has very specific meaning and applies to very limited situations. If someone says “zero knowledge”, I treat it like them saying “we’ll fix it with blockchain” - just walk away!!
  • A good goto for privacy and security is Bruce Schneier (www.schneier.com) … but this is complex and difficult, not something easily added to existing protocols.
1 Like

Proton Mail uses client side encryption and decryption. That’s why you can only read and send emails through their web client, their apps or the Proton Mail Bridge.

But even with that you only won half the battle, depending on who you want to communicate with, because email is not something that you usually do with yourself. :wink: If you receive emails from another provider, these emails are probably stored unencrypted on the sending mail server. Same thing goes the other way arround. If you are sending emails to other providers than Proton Mail, your emails will most likely be stored unencrypted in the inboxes of the receiving users.

This is not possible. You have to use your own hardware installed in your own secure facility. What the security experts regularly state is that if an adversary has access to the hardware, it’s game over, and in your model the ISP is an adversary.

Usually, they don’t. Whoever is managing the service typically doesn’t understand what they are talking about or they are lying.

They have their own hardware, but based on their posts I’m not clear it is a facility owned by them (it appears to be co-location). It is also debatable that they are offering email services, because their service is generally incompatible with most email standards. All I can see that they appear to be following is the SMTP standard for sending messages to and receiving messages from other mail servers. Also, there is no way for end users to audit someone’s running server, so it is required for end users to “trust” Proton with messages communicated between their servers and other mail servers, because messages have to be communicated in plain text.

(Also, just to mention, as these E2EE tools become adopted, I believe users are going to become aware of how valuable it actually is to have an administrator doing stuff to reduce spam. Once spammers figure out how to spam E2EE addresses successfully, there will be no way for an administrator to differentiate between spam and legitimate messages, and independent Bayesian filters will not be enough.)

Email is the wrong tool for secure communications. You should look at XMPP, Matrix, or even more closed systems including Signal and Session, and even they have their issues.

So let me see if I understand this correctly,

First the PAST…
You can encrypt the hard-drive and this prevents the PAST emails from being read by the VPS provider while they sit there. But the minute you decrypt it, the private key is in memory and they could snapshot the VPS in real time and it’s game over.

Then the FUTURE…
Also you’re telling me that IMAP emails from a random person who doesn’t agree to some kind of end-to-end encryption like PGP, that as these come in to the VPS server, there is NO WAY to prevent the VPS from maliciously accessing these. Not on mail in a box. Not on iRedMail or dovecot’s encryption. That the TLS breaks the moment it hits the server, and the VPS provider can access the physical memory of that decryption, game over.

IMAP emails from random people are not end to end, no matter what. BUT if you own the physical hardware, then you got the TLS

Wait a minute. timeout

What prevents you from keeping the PAST emails encrypted on the VPS server. And not decrypting it until you download the file on to your hardware.

It wouldn’t stop future incoming emails, but cover the past?

You can, but the server needs the data to operate, and has the keys to get the data. As anything available on the server is available to those that have access, you or your VPS provider/administrator could get the keys.

Nothing prevents that, but it’s not how normal email works, and not how MIAB works.

You could start an open source project to do what you want … sounds like you want a central store of opaque data which is only decrypted on each users’ own machine. A project like that might be fun!

Or you could run MIAB on your own hardware. Using your own hardware is perfectly do-able with MIAB (I do it); the main consideration is that your server must have a fixed IP address and full access to the internet (ability to open any/all ports).

Thanks for your reply. Would POP3 emails on MIAB be downloaded to the user’s machine and thus the PAST would no longer be visible to the VPS provider?

No, because the VPS provider can save everything ever saved on its systems.

Please consider more carefully this summary of the sage advice from nearly every security person I’ve ever read:

When the adversary has access to the hardware, it’s game over.

You’re assuming the adversary is always the adversary. Let’s say it’s a VPS provider that now gets a government court order to now get your emails. Previously, they didn’t give a shit. Now they need to.

If it’s POP3, the past is gone

What you seem to be doing in this thread is a very off-topic discussion for MiaB.

From the project’s home page:

The “but what about” game can be played forever, so I’m closing the topic.

1 Like