Hide user emails from sys admin

Olga

Hello! We want use your “mail cow”, but we have some questions. Can you help us? We need to be sure that no one will read our emails. Even, if we will hire a system administration, we need to hide user emails from him. May be you know how to do this?) Thank you!)

MAGIC

Hello,

As long as the sysadmin have access to the keys for decryption he could read mails. Per default mails are encrypted, nobody can login via the controlpanel to other mail accounts (You need to enable this in mailcow.conf).

Now my own opinion:
A sys admin have most of the time full access to everything (yes in big companies and certain ISO certifications not) and therefore - if he wants - even access to important data.
The best thing is to either enforce certain policies, trust your admin and/or move keys away so he don’t have access to decrypt data

Olga

MAGICHello! Thank you very much for your answer! Can you install a mail cow on our Russian server? with pgp encryption? How much will it cost?

diekuh

Or use PGP. Encrypt important mail.

MAGIC

Olga It costs nothing - except the server, see the docs for installing mailcow
https://mailcow.github.io/mailcow-dockerized-docs/i_u_m_install/

PGP encryption is client side - see google for certain mailclients