If you are concerned about data being left on a hard drive when it fails and you are returning it to vendor, then I would consider hard drive degaussers. They are effective, but are very costly.
On Wed, Mar 27, 2013 at 12:36 AM, Xin Li <delp...@delphij.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 3/25/13 6:24 AM, Simon Brereton wrote: > > On 25 March 2013 12:30, Robert Schetterer <r...@sys4.de> wrote: > >> Am 25.03.2013 11:03, schrieb Simon Brereton: > >>> Hi > >>> > >>> As I understand it email headers need to be unencrypted > >>> (otherwise DKIM doesn't work). From the MUA to either Postfix, > >>> or Dovecot the connection is (or can/should be) secured with > >>> TLS/SSL. > >>> > >>> What I would like to know is if it is possible to encrypt the > >>> mailstore? Postfix is using Dovecot for delivery so it's only > >>> Dovecot that would need to encrypt/decrypt the mailstore. > >>> > >>> Is this possible? Is there a terrible reason to do it even if > >>> it is possible? > >>> > >>> I realise that from MTA to MTA there's no guarantee of > >>> encryption (and in fact it's very unlikely unless keys have > >>> been exchanged), but my primary goal is supplement the physical > >>> security of the mail store of mails we already have or have > >>> sent. > >>> > >>> Mostly just idle curiosity as to what has been done, or what > >>> could be done. What is worth doing is a separate thread > >>> entirely. > >>> > >>> Thanks. > >>> > >>> Simon > >>> > >> > >> my meaning > >> > >> crypted mailstore makes sense in a mail archive, in germany you > >> have to have a mail archive for some kind of company emails all > >> these solutions have some crypted mailstore , and some more > >> features for data security, but thats a big theme, to big for > >> here > >> > >> crypt storage isnt "the saveness" per default, someone hacking > >> the system and get root may hack your crypt storage too etc, also > >> to big theme for here > > > > Robert, indeed, this is sort of my point. If we encrypt laptop > > harddrives to prevent unauthorised access, that doesn't prevent > > the possiblity of someone who already has admin access to the > > device from decrypting/viewing/moving files. What it does do is > > prevent unauthorised access to the data if there is no admin > > access. > > > > Currently my mail store isn't encrypted and I would like to know if > > it is possible to do that, and if so, maybe get some pointers. > > Let's say you operate a mail server which uses a RAID array (or ZFS > pool) as backend storage and one day one disks goes bad and needs to > be replaced. You don't want information being leak from that bad disk > when returning to vendor for replacement. > > There are a lot of solutions to this issue. One possible way is to > use FreeBSD's full disk encryption, geli(4), to encrypt all hard > drives and have the email server hold the key on its boot partition, > but don't protect it with a password so that the mail server can boot > without any human intervention. > > Encrypting individual user's mail store make little sense as one can > still get your decryption key if they got root privilege, usually by > tracing the login process or just replace it with something that can > do the login but also save login credentials. In short, if root have > been compromised, it's game over already. > > Cheers, > > -----BEGIN PGP SIGNATURE----- > > iQEcBAEBCAAGBQJRUndLAAoJEG80Jeu8UPuzyyMIAJ22uv8U2OlZFFAUWTDL4zu/ > tw6ZhxqQxhHVsg69kQPmIRVnMvlv0bhRqQphaJl5PQJAnfiwvrulx8ruFfTWIM3W > xyxKMQtY/pJouRJwz1SZsfuuBNjU+ACX17IXIi5NDkLm8IT1FLgS9fWaYotACIUe > 5fTXgodDDAGrWoYE4X1WTJiYCEE4UisilExaAJ0quk72NO/TzMnsLktR7mx0eSaP > NqAi8ger9a2rflStgdJlI6pCmzRs4onAs2YWZq4F5Nv/wnnUysMsSjwNW+MuL4WY > jWbX8oF+11kyH14vPLvzLKvMXjC9yKf8G880OPuMmgFQOrYAXzP5yp3w/rRVBCM= > =SMvV > -----END PGP SIGNATURE----- > -- Daniel Reinhardt crypto...@cryptodan.net http://www.cryptodan.net 301-875-7018(c) 410-455-0488(h)
