Solved

How to send signed email using the roundcube, dovecot, and postfix

Posted on 2014-12-23
4
287 Views
Last Modified: 2014-12-30
I have Postfix, Dovecot, Roundcube, and mysql based on Centos 6.3 how can I set it up to send signed email?
0
Comment
Question by:Ashraf Hassanein
  • 2
  • 2
4 Comments
 
LVL 39

Accepted Solution

by:
noci earned 500 total points
ID: 40517527
Web-based mail + the secret part of a certificate in general are not a happy combination.
The primary use of Web-Based mail (i.e. Roundcube) is that in can be used from a generic webserver (f.e. a hosted one) where you have no control over the underlying OS , hardware etc.

Those are bad places to leave the private part of certificates lying around. As you can loose them without knowing it.
And because the software needs a readable version of the pass-phrase that is available in the server too.
So basicly there is no valid use case to develop software for this, that is also secure.. (The basic premise why you would want mail encryption anyway.)

Signed & Encrypted email are safe because the underlying premise is that the passphrase never leaves the application that it is entered into.
0
 

Author Comment

by:Ashraf Hassanein
ID: 40517897
I believe I mixed alot of stuff together,  but to be more specific I want to be able to signed email only from rounscube (not encrypted ).
It more a small business email so I own the server and have a full control on it.
I that  possible.
0
 
LVL 39

Expert Comment

by:noci
ID: 40523516
Please define signing...:
The cryptographic variant is encrypting portion of the header that you "encrypt"/"hash" using a private/ public key pair so other ca verify you sent the mail. This needs the same pretext as encryption. (only you private key on the server) ... so see above.

Signing as in -- on a line with something beneath it...
That is easy. Go to settings, identity, and fill out the textbox for it. And mark it as html if that is needed.

Be aware to not send your autograph in a picture, otherwise anybody can photoshop that into any letter.
0
 

Author Comment

by:Ashraf Hassanein
ID: 40524755
Thank you for your clarifications in both posts, the first one explaind a lot
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now