Hi,
I just setup a mailserver setup isp-style
mta: postfix (antispam, antivirus, ...)
imaps: dovecot with maildir format
backend: ldap users.

problem: I am the administrator on the system and I can thus open all users mailboxes on my system.

I don't want to be able to read other people's mail. Is it possible to make a setup so I cannot read the email? I was thinking that maybe I could encrypt the mails but don't know how to do this.
Another point is that as admin, I can change the passwords of users so even with the ldap password (used to logon to dovecot and to relay with postfix) I should not be able to read the hosted mails.

Is this at all possible?

thanks for any advice.

kind regards.

There are not many solutions here. I found only one discussion about this:
http://www.broadbandreports.com/foru...rypted-Maildir

RMI

That system admins can read people's email is a basic fact. The best solution is don't!

I can tell people that I will not read their mails and I don't, never did in all my years as admin.
But I would like to make it impossible to guarantee that. However, I can understand that it's just not possible.


rgds,
Lieven

Thanks for the read.
Will try to find a solution but it's not something to spend too much time on.

The best solution is the user encrypt their mail before sending it with public key of the receiver.
Use certificat x509 (public/private keys).

1 members found this post helpful.

linux2001 is correct. For example Thunderbird supports this function. All you need is to set up the certificates correctly.
The situation is the next - Till you have the root password you can do anything.

At the beginning I was thinking about the same situation - how can I guarantee to my users that their data will not be abused (even by me). That time I set up the server with the required users and services into final state. I installed webmin with limited rights for a local manager who can manage basic user settings and server management.
After this I told them to change the root password (into something what I don't know). Write it and put it into envelop and into a safe-deposit.
This is usually the way with Security Systems (alarms). You as an installer own an INSTALLER code and the local manager gets a MASTER code. You cannot use the INSTALLER code until the manager do not allow you to use it.

So the scenario should look like this: If there is something what you need to do with super user rights they change the root password for you (they can even sit next to you to see that you do not read their mails). You do the job and after this the root password is changed again. (theoretical world)
Don't ask what was the result.

Of course they lost the root password.

1 members found this post helpful.

hehe, nice story :-) who would have tought they'd loose the root pwd? :-))
Anyway, this kind of solution is not what I'm looking for since I need to work with root rights regularly to test new things on the server and even without root password I'm still able to change / set it anyway so no guarnatees there either.

On the other hand, I can ask the (very few) users to encrypt their mails for a false sense of security. :-) They'll just have to trust to me. (as I do with gmail :P)

That's it. I get to the same conclusion. The best chance for such users is to choose a person or a company to whom they can really trust. I also learned that I need to be careful what do I tell them - such user should know only what they need (or want) to know.
I mean if you tell them that I (as an administrator) can read your emails - they really start to think about why did you tell this. (you won't do it anyway)

Paranoia is powerful muti! :lol:.
But you probably don't want to do that to your better paying customers!

Thanks for all the answers (yes, a bit late indeed) :-)

just on a sidenote: I don't have any paying customers for this. it's a best-effort thing for family and relatives etc.