[GH-ISSUE #620] Add support for mail signing and encryption (S/MIME and PGP) #582

New issue

Closed

opened 2026-02-27 11:12:29 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 11:12:29 +03:00

Owner

Originally created by @SomeGeek on GitHub (Oct 16, 2014).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/620

Quoted from Antoine's roadmap issue:

Create a digital signing gateway (maybe a milter) to automatically sign outgoing messages at a per-user level. We could use S/MIME, PGP or both.

Modoboa would allow a simple administration of such a tool (easy PKI management, allow users to choose if they want to sign all messages, just the most important, etc.)

I don't know if such a solution exists but it could be one that companies would accept to buy.

We should also add documentation for Mailvelope.

Originally created by @SomeGeek on GitHub (Oct 16, 2014). Original GitHub issue: https://github.com/modoboa/modoboa/issues/620 Quoted from Antoine's roadmap issue: Create a digital signing gateway (maybe a milter) to automatically sign outgoing messages at a per-user level. We could use S/MIME, PGP or both. Modoboa would allow a simple administration of such a tool (easy PKI management, allow users to choose if they want to sign all messages, just the most important, etc.) I don't know if such a solution exists but it could be one that companies would accept to buy. We should also add documentation for Mailvelope.

kerem

2026-02-27 11:12:29 +03:00

closed this issue
added the
security
label

kerem commented

2026-02-27 11:12:30 +03:00

Author

Owner

@Bluebugs commented on GitHub (Jan 27, 2016):

automatically signing outgoing message require the user private key on the server which wouldn't be a good idea in my opinion. Or you have something different in mind.

Storing the user gpg public key would authorize the ciphering of all incoming mail automatically leaving them in the clear for a very short amount of time with no way to read them without the private key later on.

@Bluebugs commented on GitHub (Jan 27, 2016): automatically signing outgoing message require the user private key on the server which wouldn't be a good idea in my opinion. Or you have something different in mind. Storing the user gpg public key would authorize the ciphering of all incoming mail automatically leaving them in the clear for a very short amount of time with no way to read them without the private key later on.

kerem commented

2026-02-27 11:12:30 +03:00

Author

Owner

@tonioo commented on GitHub (Oct 16, 2016):

The signing gateway is indeed a bad idea in terms of security. I'll close this issue for now and open a new one into the webmail repository about Mailvelope.

@tonioo commented on GitHub (Oct 16, 2016): The signing gateway is indeed a bad idea in terms of security. I'll close this issue for now and open a new one into the webmail repository about Mailvelope.