HIPAA (still american law) requires health information to be encrypted 'at rest and in motion'. I see we can get postfix to require TLS (if I read it right) and that gets us encrypted mail sessions, taking care of the 'in motion' as data needing to be encrypted can be in the email... but the vmail folders will still have plain text files if I understand right. anyway to encrypt the emails on the server, not just to-and-from the server? or maybe an encrypted replacement for postfix that is compatible with ISPConfig? (asking a lot, aren't I??)
I see discussion about a dovecot Plugin TREES and one other similar. these seem to encrypt the email upon receipt (and decrypt it when its downloaded). but seem to have some serious drawbacks - if its encrypted right after it gets to the server obviously this has to be done AFTER spamassassin (or spamassassin could not read it to see if its spam) - and if its spammed it seems to be put in the spam folder unencrypted? if so a false positive could leave possible sensitive information unencrypted in the spam folder. and if you encrypt it upon receipt at the server, then no SEARCH function is going to work on anything more than headers for obvious reasons. anyone used this? and does it work well? any other solutions? any thoughts? Till - o where art thou?
one thought for Perfect server - if there is a good dovecot encrypting plugin it might be good to include that (or at least the option) in the tutorial. after all, people are getting much more concerned about privacy, no?
I haven't troed that plugin or to store mail data encrypted, so I guess I'm not a big help on this topic. When the plugin that you want to use just changes the way that dovecot stores email, then the spam filtering should not be affected as spam filtering happens before the mail reaches dovecot and when email get's put into the spam folder, then this action is handled by dovecot as well so My guess is that the email is encrypted then as well. In regard to search, I guess it won't work.
