Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

Secure/private encrypted email on Linux Cpanel systems

Preventing even root access to "mbox" files

9:29 pm on Apr 7, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Mar 29, 2003
posts: 226
votes: 0

Hi. I am on a dedicated server. It has domains. Each domain has email addresses. From what I understand the root account can access all the mbox files, i.e., all emails.

Is there a way to prevent even root access to emails? For example some MD5 kind of encryption (or even better) that will allow me to block myself as the root user, to give my customers the satisfaction that I will never see their email?

What are my options? Thanks for any thoughts or pointers!

1:41 pm on Apr 11, 2009 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
votes: 6

Emails are inherently insecure - they are transmitted and stored as plain text. The only way I know of is for your users to use encryption for sending/receiving (PGP or similar), in that way only they will have their private key to decrypt.

As root, I can't think of a way of not having read/write access to the mail.

1:48 pm on Apr 11, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Mar 29, 2003
votes: 0

How can I allow users to encrypt/decrypt email (rather, where can I read up about it?) Google brings up huge number of strange geeky articles. Thanks
11:32 am on Apr 12, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
votes: 12

I think you've already got your answer, you just don't like it. Encrypting requires work on the part of your users, and work on your part to figure out how to tell them how to do it.

Cut to the chase and forget the idea. You're root, you have access. So does their ISP, and the ISP of whoever sends it. Along with the company that handles your server location. And so on.

If they are 'users' and don't want email read, don't send it. If they don't want it read by 'you' then either trust you or don't send it through your systems.

I've never had this asked by my users. If they did, I'd blow them off - I don't read your emails and that's the end of the story. Take it or leave it. And you shouldn't be trying to build this up in their minds either. Tell them you don't read the emails and be done with it. If they complain, tell them that's all you're going to do about it.