keep all email stores encrypted

[stevens]

I have a client who would really like to take advantage of a hosted email server, but refuses let outside administrators have access to their emails.

Are then any plans to encrypt stored emails on the server, so that only the owner of the email account or an authorised administrator, seperate from the standard administrator who can administer the box, can view the emails.

Thanks
Steven

[dijichi2]

ultimately, a company has to trust it's admins, even if contracted. in general (don't think this is currently the case with zimbra) it's possible to encrypt datastores, but if non-admins are the onyl keyholders and if there is no admin override (like root access), it's a very dangerous situation to be in - if the keyholders lose the keys then the data is locked forever. i can't think of a single system I work on where I don't eventually have unrestricted access, or access to unrestricted access!

outside of encrypted filesystems, is there any other product that encrypts the datastores where the admin doesn't have access to the keys?

[stevens]

For certain companies certain information is extremely private, and do not necesarly wish the general server administrator to have access to this information, expecially if the server is hosted at a external location, by an external supplier/partner.

How does Zimbra store the emails on the server? I would assume any sort of encryption would affect any searching ficilty in Zimbra or is there a seperate search index kept by zimbra for emails? If no search index was kept you could just encrypt the email body and not the subject to allow you to search by header info, and subject.

There are a few companies who offer the service, at a very hefty price, some are only encrypting email stores that have been archived, so staff will have a small amount of live emails which get archived and encrypted on a regular basis. www.cryptomail.org is an example of a linux implementation of encrypted emails, where only the email holder can access the emails.

I would be happy for a specific admin user to have overide access to the emails but this needs to be a seperate admin from the normal root admin.

I realy think this would be a valuable feature!
Steven

[dkarp]

Quote:

Originally Posted by stevens

How does Zimbra store the emails on the server? I would assume any sort of encryption would affect any searching ficilty in Zimbra or is there a seperate search index kept by zimbra for emails? If no search index was kept you could just encrypt the email body and not the subject to allow you to search by header info, and subject.

Zimbra stores message bodies in the file store, one file per message. There is also a separate Lucene index used for searching.

[stevens]

Are there any plans for the official Zimbra guys, to implement encryption on the stored emails for privacy reasons, or any specific reason why you are not going to?

secondally I would like some feedback ot thoughts from any of the Zimbra guru's If I took the plunge and decided to try to implement encryption on my own system, I have the following thoughts:

Encrypting plain text files should be very easy, simply need to run a small encryption/decryption on the file to view or hide the email contents. The way I understant it if I encrypted the whole text file including the email header information that would effect how zimbra works in terms of odering emails in say date/subject order etc. However if I just encrypt the actual email content excluding the header info, then it should not affect how Zimbra works at all.

All I would need to do in run a small app when an email arrives or is created/saved, and encrypt the email body, and then run a small decryption app to display the email.

Any thoughts/comments would be appreciated.

Steven

[dkarp]

I Am Not A Project Manager, but I don't believe that encrypted mail stores are in the offing for the near future, mainly because we've seen very little demand for such a thing.

If you were to try to implement this on your own, we'd be delighted to see your submission! You can feel free to encrypt the entire message body; the header information necessary to display search results is stored in the database.

Remember that the occasional reindexing of a user's mailbox will have to be able to view every message body in the mailbox. And you'll have to decide on how to manage key storage, etc.

[illscientific]

Why not just use pgp or smime? I'm sure someone must have requested pgp support in Zimbra by now... I know many .mil .gov sites (perfect places for zimbra to be sold) that require email smime/pgp integration with hspd12/cac cards...

You can even keep it open source with the muscle card project... It works with most java cards...