Greetings,
I'm thinking to setup a new mail server, but I have few concern hope community can help me in this.
1- Email must be encrypted
2- Email-Server must be secure and if it is possible to have encrypted inbox.
In case of cpanel etc once your server is compromised attacker may read any one email etc. To avoid such situation any suggestion would be appreciated .
Regards
New setup but with encryption
Re: New setup but with encryption
E-mail has many links in a chain.
What are the actual threats you are trying to protect against? Be as specific as you can.
What are the actual threats you are trying to protect against? Be as specific as you can.
Re: New setup but with encryption
Thank you for your prompt response. users inbox may have client sensitive information , such his payment info etc. I want to secure that in case of server compromise threat actor may not be able to jump into other users inbox. I would appreciate your response in this regards , to make sure email send / receive encrypted using zimbra.
Regards
Regards
Re: New setup but with encryption
All mail blobs are unencrypted as are backups. Very much like physical access, if the server is compromised all bets are off. Even if they were encrypted, the key would need to be easily available to allow the server to work with the data.
You could run the Zimbra instance in a virtual machine with the backing store encrypted, so they'd have to compromise the host, then the Zimbra VM to get access, but it's just another layer that can still be compromised.
You could encrypt E-mail using a third party product, but then both sender and recipient need the software and keys. Simplest solution would be to find another method of transporting and storing sensitive information, because E-mail isn't secure.
You could run the Zimbra instance in a virtual machine with the backing store encrypted, so they'd have to compromise the host, then the Zimbra VM to get access, but it's just another layer that can still be compromised.
You could encrypt E-mail using a third party product, but then both sender and recipient need the software and keys. Simplest solution would be to find another method of transporting and storing sensitive information, because E-mail isn't secure.