I was interested in hosting my own mail server that provides a similar level of privacy for users as Protonmail, ie the server admin cannot read any emails, even those which are not E2EE with PGP. Is there a self-hostable solution to this?
I’m aware the server admin can’t read emails that were sent encrypted using the user’s PGP key, but most emails I get are automated emails from companies/services/etc without the option to upload a public key to send the user encrypted email. If you’re with a service like Protonmail, the server admin still cannot read even these emails.
If the mail is sent unencrypted the admin can read it. What I have is a script that encrypt incoming e-mail with the users key, so that they are stored encrypted on the harddrive. That at least protect against an intruder reading past e-mails. I use a Perl script written by Mike Cardwell for that.
Another service you might like to have for your users is WKD/WKS, so that senders clients can automatically fetch the public key for your users.
As someone who used to maintain an email setup for a small company, I would stay far away from self-hosting Email.
That can easily be achieved with dovecot and a sieve script.
but then the admin can still read the mail while it arrives ;-)
That’s true of protonmail too
There’s no such thing E2EE email. The protocol doesn’t support it.
That’s not really true, S/MIME is a thing