Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th February 2015
Jtf Jtf is offline
Port Guard
Join Date: Nov 2013
Posts: 17
Default Lavabit like encryption with OpenSMTPD

Hi all,

Sorry for my ignorance but I noticed that in smtpd.conf(5) that there is queue encryption which encrypts envelopes and messages. Can this be similar to what Lavabit used to do with encrypting emails?

Reply With Quote
  #2   (View Single Post)  
Old 4th February 2015
gpatrick gpatrick is offline
Spam Deminer
Join Date: Nov 2009
Posts: 226

Your best answer will come from misc@opensmtpd.org by Gilles himself.
Reply With Quote
  #3   (View Single Post)  
Old 8th February 2015
Jtf Jtf is offline
Port Guard
Join Date: Nov 2013
Posts: 17


I'll do that.
Reply With Quote
  #4   (View Single Post)  
Old 8th February 2015
Jtf Jtf is offline
Port Guard
Join Date: Nov 2013
Posts: 17

I've posted the question to Gilles and here is what he says (for those of you who want to know):

When receiving mail OpenSMTPD will commit it to a queue which guarantees
that by the time the client disconnects we have written the message on a
permanent storage in case the daemon crashes, there's a power outage, or
the admin simply shuts down the daemon.

Mails are then either distributed locally to a user mailbox, or they are
sent to another host which will distribute locally or send to another one
and so on.

The queue encryption ONLY protects the mails while they're in queue, and
as soon as they are moved out of this queue they're no longer encrypted.
So, if you were to build a Lavabit clone, this would only solve one part
of the problem.

Let's dig further into what's needed for a Lavabit clone since it is not
too hard to build one for yourself and it's a fun project.

1- you need the queue to be encrypted.
2- you need mails delivered to the users to be encrypted.
3- you need mails to be decrypted when a user retrieves them.

The 1- part is easy, it's the queue encryption in OpenSMTPD. It protects
the mails while they are waiting to be delivered.

The 2- part is also easy, you need a little script which reads a mail on
its standard input, encrypt it with the user public key and output it to
the user mailbox. I have done something similar, and we're talking about
a 30 lines python script.

The 3- part is harder, you need to modify a pop3/imap4 server or write a
pop3/imap4 proxy so that when the user retrieves mails, the password can
be used to decrypt the private key and decrypt mails as user fetches. It
is not a very very hard task, but it requires a bit of work.

Queue encryption solves 1/3rd of the problem, the two others are outside
the OpenSMTPD scope.

Last edited by Jtf; 8th February 2015 at 11:28 AM. Reason: comments from other people have to be in quote tags not code tags
Reply With Quote

mail encryption, opensmtpd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Secrets, lies and Snowden's email: why I was forced to shut down Lavabit J65nko News 1 22nd May 2014 01:08 AM
Lavabit, Snowden’s E-Mail Service, in a Legal Tug of War shep News 1 3rd October 2013 07:07 PM
OpenSMTPD gpatrick OpenBSD General 2 18th August 2011 10:01 PM
OpenSMTPD gpatrick OpenBSD General 1 23rd February 2011 01:01 AM
Security: Encryption: Disk Encryption eurovive Other BSD and UNIX/UNIX-like 17 6th March 2010 04:09 AM

All times are GMT. The time now is 11:42 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick