postfix filter to encrypt incoming emails with public gpg key

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

postfix filter to encrypt incoming emails with public gpg key

Fourhundred Thecat
Hello,

when new email arrives, and it is not already encrypted, I would like to
run it through a filter, which would encrypt the message with my public
gpg key, as if the original sender has sent the email encrypted.

Why do I want to do this ? Why not ask the sender to send encrypted
messages to start with ?

Lets say my bank sends me emails. I cannot forcer my bank to use gpg
encryption. I am happy they use email at all, instead of paper mail.

My email server is untrusted. It can be hacked into and emails stolen.
Full disk encryption will not help, because the disk must be decrypted
during runtime.

With my scheme, all emails would be stored encrypted on my server, and
decryption key does not exist on the server (emails are decrypted on my
local client)

What would be the best way to implement this ?

Can such filter work, without ever storing plaintext email on disk ?

Any other comments ?

thanks,
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

lists@lazygranch.com
My bank insists I use their website for anything secure. I don't get anything in my email that would be a security problem.

That said, have you inquired if your bank will use pgp? I know that sounds like crazy talk, but some banks have PGP. (OT but note Amazon can do PGP too.)

Wouldn't a private key have to be held on your server to do what you want? If so, that hacker can get the key.

Personally I would harden the server. It sounds like this is a private server. You can use the firewall to vastly limit the countries where your email can be retrieved. That is filter the hell out of all email ports except 25. Besides filtering countries, I have a file of about 30k of ipv4 cidrs from data centers that I block from all email ports except 25 and all the web ports. No eyeballs in datacenters.

Don't use roundcube or squirrelmail. Use email clients. Don't use cpanel or similar. Again keep the attack surface to a minimum. You can maintain a server strictly from command line.

Use SSHGuard or fail2ban.





  Original Message  



From: [hidden email]
Sent: October 26, 2019 8:30 PM
To: [hidden email]
Subject: postfix filter to encrypt incoming emails with public gpg key


Hello,

when new email arrives, and it is not already encrypted, I would like to
run it through a filter, which would encrypt the message with my public
gpg key, as if the original sender has sent the email encrypted.

Why do I want to do this ? Why not ask the sender to send encrypted
messages to start with ?

Lets say my bank sends me emails. I cannot forcer my bank to use gpg
encryption. I am happy they use email at all, instead of paper mail.

My email server is untrusted. It can be hacked into and emails stolen.
Full disk encryption will not help, because the disk must be decrypted
during runtime.

With my scheme, all emails would be stored encrypted on my server, and
decryption key does not exist on the server (emails are decrypted on my
local client)

What would be the best way to implement this ?

Can such filter work, without ever storing plaintext email on disk ?

Any other comments ?

thanks,
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Fourhundred Thecat
On 27/10/2019 06.26, lists wrote:
> My bank insists I use their website for anything secure. I don't get anything in my email that would be a security problem.

I used bank just as an example. Feel free to substitute another
scenario, if you find mine hard to imagine.

> Wouldn't a private key have to be held on your server to do what you want? If so, that hacker can get the key.

No. Definitely not.
Only public key is needed for asymmetric encryption.

> Personally I would harden the server. It sounds like this is a private server. You can use the firewall to vastly limit the countries where your email can be retrieved. That is filter the hell out of all email ports except 25. Besides filtering countries, I have a file of about 30k of ipv4 cidrs from data centers that I block from all email ports except 25 and all the web ports. No eyeballs in datacenters.

Sure, I want to have both:
A secure server, AND encrypted emails. What is wrong with that ?
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

lists@lazygranch.com
Let me try again. So the email comes in. Some programs gets your public key and then encrypts the email on the server. Then when you retrieve your email, it sends it out in what it believes is plain text or for that matter can to TLS on the file, but you get a GPG message that you then decrypt.

So the reason this isn't normally done is a general purpose email server would have to do this on  per client basis, somehow getting the proper public key for each client.

Am I right? Close?

If not I will shut up and wait for a guru to reply.






          Original Message  



From: [hidden email]
Sent: October 26, 2019 10:46 PM
To: [hidden email]
Subject: Re: postfix filter to encrypt incoming emails with public gpg key


On 27/10/2019 06.26, lists wrote:
> My bank insists I use their website for anything secure. I don't get anything in my email that would be a security problem.

I used bank just as an example. Feel free to substitute another
scenario, if you find mine hard to imagine.

> Wouldn't a private key have to be held on your server to do what you want? If so, that hacker can get the key.

No. Definitely not.
Only public key is needed for asymmetric encryption.

> Personally I would harden the server. It sounds like this is a private server. You can use the firewall to vastly limit the countries where your email can be retrieved. That is filter the hell out of all email ports except 25. Besides filtering countries, I have a file of about 30k of ipv4 cidrs from data centers that I block from all email ports except 25 and all the web ports. No eyeballs in datacenters.

Sure, I want to have both:
A secure server, AND encrypted emails. What is wrong with that ?
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Fourhundred Thecat
On 27/10/2019 07.27, lists wrote:
> Let me try again. So the email comes in. Some programs gets your public key and then encrypts the email on the server.

I imagine, in theory it should work like this:

New email comes in, and as it moves through the Postfix mail delivery
pipeline, at some stage there is a simple filter, which performs an
action. There should be some possibility to define simple rules, such as

if recipeint = [hidden email]
  perform action
else
  continue

Such process would need to have the users public key, obviously. But
that is the least of an issue.

I don't understand Postfix enough, to see how this can be implemented in
practice.

> Then when you retrieve your email, it sends it out in what it believes is plain text or for that matter can to TLS on the file, but you get a GPG message that you then decrypt.

When I retrieve my message over IMAP, it will be retrieved as any other
message, regardless whether it is encrypted or not. Also, TLS is
irrelevant here.

> So the reason this isn't normally done is a general purpose email server would have to do this on  per client basis, somehow getting the proper public key for each client.

I think the reason why this is not normally done, is that my request is
quite exotic. I understand that. I think average mail user does not need
this.

Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

lists@lazygranch.com
TLS makes no difference, but you might as run the server as close to normal as possible.





          Original Message  



From: [hidden email]
Sent: October 26, 2019 11:52 PM
To: [hidden email]
Subject: Re: postfix filter to encrypt incoming emails with public gpg key


On 27/10/2019 07.27, lists wrote:
> Let me try again. So the email comes in. Some programs gets your public key and then encrypts the email on the server.

I imagine, in theory it should work like this:

New email comes in, and as it moves through the Postfix mail delivery
pipeline, at some stage there is a simple filter, which performs an
action. There should be some possibility to define simple rules, such as

if recipeint = [hidden email]
  perform action
else
  continue

Such process would need to have the users public key, obviously. But
that is the least of an issue.

I don't understand Postfix enough, to see how this can be implemented in
practice.

> Then when you retrieve your email, it sends it out in what it believes is plain text or for that matter can to TLS on the file, but you get a GPG message that you then decrypt.

When I retrieve my message over IMAP, it will be retrieved as any other
message, regardless whether it is encrypted or not. Also, TLS is
irrelevant here.

> So the reason this isn't normally done is a general purpose email server would have to do this on  per client basis, somehow getting the proper public key for each client.

I think the reason why this is not normally done, is that my request is
quite exotic. I understand that. I think average mail user does not need
this.

Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Sam Tuke
In reply to this post by lists@lazygranch.com
As well as fetching the public key, it'd need access to a private key too. I think the private key is considered the bigger problem, for various reasons.

There have been a few attempts addressing the needs of this complex use case. AFAICS none have been successful, but I'm out of date.

See the (abandoned?) STEED project and their whitepaper: https://g10code.com/steed.html. That is by g10code - the creator of GPG. Disclaimer: I once worked for them.

Sam.

On 27 October 2019 07:27:53 CET, lists <[hidden email]> wrote:
Let me try again. So the email comes in. Some programs gets your public key and then encrypts the email on the server. Then when you retrieve your email, it sends it out in what it believes is plain text or for that matter can to TLS on the file, but you get a GPG message that you then decrypt. 

So the reason this isn't normally done is a general purpose email server would have to do this on per client basis, somehow getting the proper public key for each client.

Am I right? Close?

If not I will shut up and wait for a guru to reply.






  Original Message  



From: [hidden email]
Sent: October 26, 2019 10:46 PM
To: [hidden email]
Subject: Re: postfix filter to encrypt incoming emails with public gpg key


On 27/10/2019 06.26, lists wrote:
My bank insists I use their website for anything secure. I don't get anything in my email that would be a security problem.

I used bank just as an example. Feel free to substitute another
scenario, if you find mine hard to imagine.

Wouldn't a private key have to be held on your server to do what you want? If so, that hacker can get the key.

No. Definitely not.
Only public key is needed for asymmetric encryption.

Personally I would harden the server. It sounds like this is a private server. You can use the firewall to vastly limit the countries where your email can be retrieved. That is filter the hell out of all email ports except 25. Besides filtering countries, I have a file of about 30k of ipv4 cidrs from data centers that I block from all email ports except 25 and all the web ports. No eyeballs in datacenters.

Sure, I want to have both:
A secure server, AND encrypted emails. What is wrong with that ?

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Fourhundred Thecat
On 27/10/2019 10.25, Sam Tuke wrote:
> As well as fetching the public key, it'd need access to a private key too. I think the private key is considered the bigger problem, for various reasons.

The scheme that I am describing needs only public key on the server.
Not sure why you would think otherwise.

> There have been a few attempts addressing the needs of this complex use case. AFAICS none have been successful, but I'm out of date.
> See the (abandoned?) STEED project and their whitepaper: https://g10code.com/steed.html. That is by g10code - the creator of GPG. Disclaimer: I once worked for them.

quick look at the link suggests that this is not the problem I am trying
to solve.

but thanks anyway for your input.
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Matus UHLAR - fantomas
>On 27/10/2019 10.25, Sam Tuke wrote:
>> As well as fetching the public key, it'd need access to a private key
>> too.  I think the private key is considered the bigger problem, for
>> various reasons.

On 27.10.19 10:40, Fourhundred Thecat wrote:
>The scheme that I am describing needs only public key on the server.
>Not sure why you would think otherwise.

encrypting mail at postfix level could create false sense of security.
How do you know that nobody can read it on the server bore it becomes
encrypted?

And what's the poing of encrypting mail to you, when it came through the
world non-encrypted?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Viktor Dukhovni
> On Oct 27, 2019, at 12:20 PM, Matus UHLAR - fantomas <[hidden email]> wrote:
>
> Encrypting mail at postfix level could create false sense of security.
> How do you know that nobody can read it on the server bore it becomes
> encrypted?
>
> And what's the poing of encrypting mail to you, when it came through the
> world non-encrypted?

Data at rest needs to be protected for a long time, it makes sense
in some cases to encrypt stored messages.  Retaining usability of
an an encrypted mailstore is challenging, and I'd personally opt
for an encrypted file-system so that the messages can be indexed
and searched, others may have different priorities.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Damian Lukowski
In reply to this post by Fourhundred Thecat
Some while ago, I had a Perl script around Mail::GPG as mailbox_command,
or inside a procmailrc, I'm not sure. I had it trigger only for a
certain address extension, e.g. [hidden email]. It worked quite
alright.

> Can such filter work, without ever storing plaintext email on disk ?
>
> Any other comments ?
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Ansgar Wiechers
In reply to this post by Fourhundred Thecat
On 2019-10-27 Fourhundred Thecat wrote:

> when new email arrives, and it is not already encrypted, I would like to
> run it through a filter, which would encrypt the message with my public
> gpg key, as if the original sender has sent the email encrypted.
>
> Why do I want to do this ? Why not ask the sender to send encrypted
> messages to start with ?
>
> Lets say my bank sends me emails. I cannot forcer my bank to use gpg
> encryption. I am happy they use email at all, instead of paper mail.
>
> My email server is untrusted. It can be hacked into and emails stolen.
> Full disk encryption will not help, because the disk must be decrypted
> during runtime.
>
> With my scheme, all emails would be stored encrypted on my server, and
> decryption key does not exist on the server (emails are decrypted on my
> local client)
>
> What would be the best way to implement this ?
>
> Can such filter work, without ever storing plaintext email on disk ?

Several years ago I wrote something like that [1]. However, if your mail
server is untrusted I don't think there's a point in bothering. Even if
you pass the mail through an encrypted transport channel and never store
it on disk, an attacker who has gained control of the server can still
intercept the message.

 [1]: https://www.planetcobalt.net/sdb/crypter.shtml

Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Fourhundred Thecat
On 27/10/2019 13.29, Ansgar Wiechers wrote:
> Several years ago I wrote something like that [1]. However, if your mail
> server is untrusted I don't think there's a point in bothering.

no server is 100% trusted. By this logic, should I therefore give up?

> Even if
> you pass the mail through an encrypted transport channel and never store
> it on disk, an attacker who has gained control of the server can still
> intercept the message.

an attacker listening on the server could intercept new message before
it is encrypted. But he could not read messages from the past, now
stored encrypted on the disk.

>  [1]: https://www.planetcobalt.net/sdb/crypter.shtml

shouldn't this be implemented as a SMTP-Only Milter ?
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Stephen Satchell
On 10/27/19 6:48 AM, Fourhundred Thecat wrote:
> On 27/10/2019 13.29, Ansgar Wiechers wrote:
>> Several years ago I wrote something like that [1]. However, if your mail
>> server is untrusted I don't think there's a point in bothering.
>
> no server is 100% trusted. By this logic, should I therefore give up?

It depends on what attack you are trying to protect against.  You need
to think outside the box, though.  Have you considered not storing mail
for any significant period on your server, and instead unloading new
mail into an "inside" system?

MTAs are "push" in that outsiders initiate connections to it to send or
receive mail.  So you have a workstation that connects to the pop3s port
to pull down all mail, and do it aggressively, to minimize each mail
message's exposure to ne'er-do-wells.

> fetchmail  is  a mail-retrieval and forwarding utility; it fetches mail
> from  remote  mailservers  and  forwards  it  to  your  local  (client)
> machine's  delivery  system.   You  can  then handle the retrieved mail
> using normal mail user agents such as mutt(1), elm(1) or Mail(1).   The
> fetchmail utility can be run in a daemon mode to repeatedly poll one or
> more systems at a specified interval.

This won't stop man-in-the-middle attacks, particularly the techniques
used by sysadmins to satisfy LEO search warrants.  But it will stop
non-persistant wholesale harvesting of your mailstore.  Of course, IMAP
would not be available because fetchmail with POP3 would remove the mail
when it's forwarded to your protected, Internet-isloated mailstore.

OP, let me ask this:  your proposal appears to be to modify the delivery
agent so that, instead of storing e-mail in cleartext, it insteads use
the public part of a public/private keypair to encrypt the payload of
incoming email.  That way, your mail client would need to decrypt the
payload when reading the mail, using the private part of the keypair.
Further, the client would need to support the decryption of
superencrypted mail, once with your private key, then again with the
public key of the sender.

That dual-decryption capability is not available off-the-shelf to the
best of my knowledge.
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Fourhundred Thecat
On 27/10/2019 15.23, Stephen Satchell wrote:
> OP, let me ask this:  your proposal appears to be to modify the delivery
> agent so that, instead of storing e-mail in cleartext, it insteads use
> the public part of a public/private keypair to encrypt the payload of
> incoming email.

I did more research in the meantime, and I think the only reasonable way
to implement my idea would be via a SMTP-Only Milter.

> That way, your mail client would need to decrypt the
> payload when reading the mail, using the private part of the keypair.

yes.
As it does now with messages that have been encrypted by the sender.

> Further, the client would need to support the decryption of
> superencrypted mail,

there will be no "superencrypted" emails. As I explained in the first
sentence of my original description, I want to process only emails which
are not already encrypted.

> once with your private key, then again with the
> public key of the sender.

are you perhaps confusing decryption with verifying the senders signature ?

Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Wietse Venema
In reply to this post by Fourhundred Thecat
Fourhundred Thecat:
[encryption at rest, but not whole-disk encryption]
> With my scheme, all emails would be stored encrypted on my server, and
> decryption key does not exist on the server (emails are decrypted on my
> local client)
>
> What would be the best way to implement this ?

Use the local(8) delivery agent. In your $HOME/.forward file, pipe
the mail into a program that encrypts it with your public key, then
writes the result to maildir.

Postfix content filter is not suitable, as it is designed to
handle multi-recipient email, whereas $HOME/.forward is guaranteed
to handle only one recipient.

> Can such filter work, without ever storing plaintext email on disk ?

Postfix (like other MTAs) persists email in the queue before it is
delivered. If that is a problem, don't use an MTA. Instead, use a
proxy.

> Any other comments ?
>
> thanks,
>
Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Fourhundred Thecat
On 27/10/2019 17.10, Wietse Venema wrote:
> Use the local(8) delivery agent. In your $HOME/.forward file, pipe
> the mail into a program that encrypts it with your public key, then
> writes the result to maildir.

I am using Postfix with Dovecot. I believe it is Dovecot who saves
messages to maildir. How would that fit in ?

> Postfix content filter is not suitable, as it is designed to
> handle multi-recipient email, whereas $HOME/.forward is guaranteed
> to handle only one recipient.

I see. But, on the other hand, if I used a SMTMD-milter, it would be
processed before the queue, and would not interfere with the normal flow
through the pipeline.

Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

@lbutlr
On 27 Oct 2019, at 10:52, Fourhundred Thecat <[hidden email]> wrote:
> On 27/10/2019 17.10, Wietse Venema wrote:
>> Use the local(8) delivery agent. In your $HOME/.forward file, pipe
>> the mail into a program that encrypts it with your public key, then
>> writes the result to maildir.
>
> I am using Postfix with Dovecot. I believe it is Dovecot who saves
> messages to maildir. How would that fit in ?

Then look at dovecot, it has options to store encrypted mail IIRC.

(But that is OT for this list).



--
I is for IDA who drowned in a lake
J is for JAMES who took lye by mistake

Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Stephen Satchell
In reply to this post by Fourhundred Thecat
On 10/27/19 7:38 AM, Fourhundred Thecat wrote:
>> Further, the client would need to support the decryption of
>> superencrypted mail,
> there will be no "superencrypted" emails. As I explained in the first
> sentence of my original description, I want to process only emails which
> are not already encrypted.

OK, that's sensible.

>> once with your private key, then again with the
>> public key of the sender.
> are you perhaps confusing decryption with verifying the senders signature ?

No.  Signature verification and decrypting are two separate operations.
 You will have to investigate how your mail client handles mail that has
been encrypted with one key, and signed by another.


Reply | Threaded
Open this post in threaded view
|

Re: postfix filter to encrypt incoming emails with public gpg key

Fourhundred Thecat
On 27/10/2019 18.20, Stephen Satchell wrote:
>> are you perhaps confusing decryption with verifying the senders signature ?
>
> No.  Signature verification and decrypting are two separate operations.
>  You will have to investigate how your mail client handles mail that has
> been encrypted with one key, and signed by another.

email is always encrypted with different key, than the one it is signed
with.

For signing, senders private key is used.

For encryption, my my public key is used.
12