I'm looking for a guide, or just a list of tools with some advice. I want to protect the emails stored on the server-side (in a Courier-IMAP server).
A basic flowchart to illustrate the idea.
[Unencrypted mail comes in]
|
[Encryption with public key]
|
[Saved to file]
|
[Client downloads file]
|
[Decryption with private key]
I use Thunderbird. I am sure it can be done, it's a pretty streightforward process. May be an other program should be inseted between the mail client and the server, or an extension has to be used. May be the original message file has to be an attachment to a wrapper message (to be flawlessly handleled by the mail client). May be an add-on can help.
I'm open to any ideas how to solve this.
You are basically asking for a feature where incoming mail bodies have to be effectively re-written to be S/MIME mails, where decryption can be handled by the majority of widely-used mail clients. I am not aware of any mail server suite that comes with this feature out-of-the-box. But you might process the incoming mail using openssl smime or a similar processor.
I think it would be easiest to introduce this in the SMTP server's reception processing chain as this is already implemented for SPAM filter mechanisms in all major server distributions. For postfix, there are implementations doing similar things.
Doing it in Courier-IMAP would require some sort of a hook for the STORE/APPEND actions where you would be able to start the conversion process. I do not know enough of Courier to tell if that is implemented, but I'd guess you will need to mess with the code.
Of course the key management is a challenge - you would need to maintain a database of user keys. And if either the system or the users get it wrong and there is no corresponding private key available to the signing public key, all incoming messages will be effectively lost.