In part 1 we set up the very most basic dovecot install we could get away with. In this part we will try to redeem it a bit by improving the security of the the authentication mechanism and the storage of passwords on the server. In other words we will make it much harder to snoop on our communications with the imap server and decrease the overall likelihood of somebody learning our password, including anybody with access – legitimate or otherwise – to our server.
Encrypted USB drives are fairly easy to use on most linux desktops. Whatever automount supplier you’re running with will pop up a dialogue window asking for the password to decrypt. But what if you want to use the terminal?
The use case for this is my server/HTPC which has a backup drive permanently attached to it. In order to have some offline backup as well, I want to plug in an encrypted USB pen drive and sync the contents of the backup drive to it. Having physical access but not a very good means of interacting with the desktop (I have bluetooth keyboard in a drawer but at hand the only thing is a controller…) is somewhat unusual so it took me some time to figure this out.
“Greetings from Let’s Encrypt, firstname.lastname@example.org.”
Greetings to you too. It’s been quite a wait so I guess a bit of formality is in order. Now, can we please stop saying “Let’s” and just encrypt already?