Let’s say we want emails on our mail server to be encrypted at rest, such that only the user has the key. Luckily, there already exists a popular solution for encrypting emails such that only the recipient can read them: OpenPGP.

Using Dovecot Sieve scripts, we can easily PGP-encrypt all incoming email for a user.

A lot of people have done this before, and I didn’t come up with the idea. Please see the Further reading section for some recommended articles I referred to.