Skip to content

Reject unencrypted incoming mail #538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hpk42 merged 23 commits into from
Apr 1, 2025
Merged

Reject unencrypted incoming mail #538

hpk42 merged 23 commits into from
Apr 1, 2025

Conversation

@hpk42
Copy link
Contributor

@hpk42 hpk42 commented Mar 29, 2025
edited
Loading

this PR produces the following changed behaviour

  • new chatmail addresses are created with an enforceE2EE file in the dovecot address dir

  • incoming mails (port 25) are now invoking a second filtermail before-queue handler that enforces E2EE encryption if enforceE2EE exists for recipients

Because the enforceE2EE file is kept in the user mailbox directory, filtermail needs to run with permission to read from it, and this PR makes the two filtermail services (for incoming and outgoing) run as "vmail" user, similar as with "doveauth" which also needs write/read access to the password file in the mailbox directory.

@hpk42 hpk42 changed the title [draft] Reject unencrypted incoming mail Reject unencrypted incoming mail Mar 29, 2025
@hpk42 hpk42 force-pushed the hpk/reject_unencrypted branch from 2de1aa7 to 1a17469 Compare March 29, 2025 19:03
@link2xt link2xt changed the base branch from main to hpk/internal-encrypted March 29, 2025 19:59
link2xt
link2xt reviewed Mar 29, 2025
View reviewed changes
Base automatically changed from hpk/internal-encrypted to main March 29, 2025 20:22
@hpk42 hpk42 force-pushed the hpk/reject_unencrypted branch from 1a17469 to c3d8de1 Compare March 29, 2025 20:26
@hpk42 hpk42 force-pushed the hpk/reject_unencrypted branch from b22f35b to 13c49f8 Compare March 30, 2025 19:14
@hpk42 hpk42 force-pushed the hpk/reject_unencrypted branch from 923e098 to 606c615 Compare March 30, 2025 20:46
link2xt
link2xt reviewed Mar 30, 2025
View reviewed changes
adbenitez
adbenitez reviewed Mar 31, 2025
View reviewed changes
@adbenitez
Copy link
Contributor

adbenitez commented Mar 31, 2025
edited
Loading

it seems to be missing some explanation/docs about how to use the enforceE2EE file to allow unencrypted etc. and there seems to also be an undocumented "inclear" file hack?

@hpk42
Copy link
Contributor Author

hpk42 commented Mar 31, 2025

it seems to be missing some explanation/docs about how to use the enforceE2EE file to allow unencrypted etc. and there seems to also be an undocumented "inclear" file hack?

added a section in the README 4b0d7a0 -- (and removed the wrong "inclear" left-overs in the previous commit)

missytake
missytake approved these changes Mar 31, 2025
View reviewed changes
Copy link
Contributor

@missytake missytake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable, all in all :)

missytake
missytake reviewed Apr 1, 2025
View reviewed changes
link2xt
link2xt reviewed Apr 1, 2025
View reviewed changes
@hpk42 hpk42 force-pushed the hpk/reject_unencrypted branch from 3b974a2 to 918d3e8 Compare April 1, 2025 18:36
@hpk42 hpk42 merged commit c4f0146 into main Apr 1, 2025
6 checks passed
@hpk42 hpk42 deleted the hpk/reject_unencrypted branch April 1, 2025 18:52
@missytake missytake mentioned this pull request Apr 11, 2025
Merged
@r10s r10s mentioned this pull request Aug 5, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@missytake missytake missytake approved these changes

@link2xt link2xt link2xt approved these changes

@adbenitez adbenitez adbenitez approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hpk42 @adbenitez @link2xt @missytake