I searched a bit in this forum, but was not able to find an appropriate topic.
If there is one please let me know the link.
I like very much the idea to have my own e-mail box and I feel like I’m a bit more free.
But of course my e-mail box is installed on a VPS. So I’m asking myself whether my VPS provider is able to see the e-mails stored on my virtual disc he/she is providing to me.
Maybe there is a way to keep them encrypted there?
Yes, that is possible, but not at all practical. Mail is stored in the maildir format which would need to be unencrypted whenever new mail arrives, mail is accessed via IMAP, etc.
A friend runs an ESP and he told me one day something bascially along the lines of “Sure, I could read my users mail, but that only opens me up to a world of liability, so it would not make any sense to do so”.
VPS providers do not care about your mail and are not interested in reading it. For extra security though I would host your VPS in a country with strong privacy laws.
AFAIK, MiaB is using Dovecot, which in turn is using standard (maildir, I’m guessing here) file format. Yes, your VPS provider can read your emails.
This is a problem with email and why Ladar Levison, who runs lavabit (the service Edward Snowden chose in his journey to become a whistleblower) which he chose to shut down instead of handing his keys to the feds, has been working on an open standard he calls DIME.
MiaB is likely out of scope for your needs, unless your host on your own hardware in your own building, possibly colo with cages.
I tend to think the admins likely have better things to do than snoop through contents of each instance, unless the instance appears to be causing a problem and the source of the problem seems to be the contents (as opposed to configuration). The business model of the VPS ISP is providing a reliable VPS.
However, as to nation privacy laws, I find this is murky. Proton advertises how Switzerland has the best information privacy laws. Switzerland also has the best banking privacy laws, but that didn’t stop the IRS from bribing bank employees to get deposit information on U.S. citizens. Also, everything outside the U.S. is open game for the CIA and other alphabet-soup U.S. “security” agencies, whereas inside the U.S. there is at least a simulacrum of legal requirements for them to meet.
Maybe a KVM VPS is not accessible to providers. Once a provider asked me for a password to see whether the issue was inside of VPS.
Maybe a docker-box could be a solution as well?
Or maybe a dedicated server or even more bare metal?
I don’t have any particular issue to solve right now, I’m just trying to understand to what degree the e-mail box solution is better than just a gmail account.
I’ve read in postfix documentation another idea that may be appropriate here. They wrote that they access everything on their own server using chroot, but I don’t know whether just for security or also in order to protect their e-mails from prying eyes.
@xobaniliam if in your opinion your mail content is by default highly sensitive to be keept into a normal BOX VPS server …
Consider to forget MIAB for that and check if Protonmail meets your security spectations needs (but no doubt you will need to pay for).
I hadn’t come across this before, but quickly scanning the article I fear it is best to run through the configuration on a test server many times before putting it into production. Key stuff is tricky and breaks things.
A question on MailCrypt just popped up on the Dovecot list[1]:
On 14/09/2019 16:08 Daniel Niewerth via dovecot < [1]dove…@dovecot.org>
wrote:
Hi everybody,
I have a question about the Dovecot Mailcrypt Plugin.
I’m trying to understand what the security of this plugin is based on.
The encryption with private and public key and elliptic curves is basically
a good thing. But the keys are in the file system together with the
encrypted mails. The passwords for the private keys are in the user
database.
I guess the passwords have to be in plaintext for it to work.
Is that true, or did I misunderstand something?
Then the encryption would make no sense at all, right?
For what purpose was the plugin developed?
Can anyone explain this to me?
Best regards
Daniel
It’s best suited for securing external storage such as NFS or object storage.
There are possibilities to encrypt the key using user’s password, but this
takes careful planning. The keys can also come from userdb , e.g. LDAP.