[Jtf]

I've posted the question to Gilles and here is what he says (for those of you who want to know):

Quote:

When receiving mail OpenSMTPD will commit it to a queue which guarantees
that by the time the client disconnects we have written the message on a
permanent storage in case the daemon crashes, there's a power outage, or
the admin simply shuts down the daemon.

Mails are then either distributed locally to a user mailbox, or they are
sent to another host which will distribute locally or send to another one
and so on.

The queue encryption ONLY protects the mails while they're in queue, and
as soon as they are moved out of this queue they're no longer encrypted.
So, if you were to build a Lavabit clone, this would only solve one part
of the problem.

Let's dig further into what's needed for a Lavabit clone since it is not
too hard to build one for yourself and it's a fun project.


1- you need the queue to be encrypted.
2- you need mails delivered to the users to be encrypted.
3- you need mails to be decrypted when a user retrieves them.


The 1- part is easy, it's the queue encryption in OpenSMTPD. It protects
the mails while they are waiting to be delivered.

The 2- part is also easy, you need a little script which reads a mail on
its standard input, encrypt it with the user public key and output it to
the user mailbox. I have done something similar, and we're talking about
a 30 lines python script.

The 3- part is harder, you need to modify a pop3/imap4 server or write a
pop3/imap4 proxy so that when the user retrieves mails, the password can
be used to decrypt the private key and decrypt mails as user fetches. It
is not a very very hard task, but it requires a bit of work.


Queue encryption solves 1/3rd of the problem, the two others are outside
the OpenSMTPD scope.