Consider Zeyple (auto-GPG inbound mail traffic)

[savchenko]

Project homepage: https://infertux.com/labs/zeyple/
GitHub: https://github.com/infertux/zeyple

Is this something that can be integrated with the current setup?

[mhekeler]

GPG encryption on the email server server?
I thought gpg encrypt/decrypt should be used end-to-end, no?

[horia]

This is about GPG encrypting (unencrypted) inbound messages, before they touch the disk, to achieve privacy from the hosting provider and the postmaster. A very important feature, and perhaps the main reason for self-hosting email.

Inbound auto-GPG has been discussed, and the following was considered:

• Dovecot MailCrypt Plugin
  https://wiki2.dovecot.org/Plugins/MailCrypt
  [smtpd encrypted queue] → [dovecot crypt → rspamd → lda]
  The private key is kept on the server
• Dovecot Mail Filter Plugin
  https://wiki.dovecot.org/Plugins/MailFilter
  [smtpd encrypted queue] → [dovecot mail filter → rspamd → lda]
  The private key is kept on the server, but encrypted and protected with the IMAP password
• gpgit Dovecot Pigeonhole Sieve
  https://github.com/EtiennePerot/gpgit
  [smtpd encrypted queue] → [dovecot gpgit → rspamd → lda]
  Only the public key is kept on the server

I didn't know about Zeyple, thank you for suggesting it. Zeyple is in line with an ideal solution (using WKD): [smtpd encrypted queue → filter-gpg → filter-rspamd] → [dovecot lmtp]

OpenSMTPD filters are around the corner: https://poolp.org/posts/2018-11-03/opensmtpd-released-and-upcoming-filters-preview/

edit: Zeyple typo