On 27 March 2013 05:36, Xin Li <delp...@delphij.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 3/25/13 6:24 AM, Simon Brereton wrote: >> On 25 March 2013 12:30, Robert Schetterer <r...@sys4.de> wrote: >>> Am 25.03.2013 11:03, schrieb Simon Brereton: >>>> Hi >>>> >>>> As I understand it email headers need to be unencrypted >>>> (otherwise DKIM doesn't work). From the MUA to either Postfix, >>>> or Dovecot the connection is (or can/should be) secured with >>>> TLS/SSL. >>>> >>>> What I would like to know is if it is possible to encrypt the >>>> mailstore? Postfix is using Dovecot for delivery so it's only >>>> Dovecot that would need to encrypt/decrypt the mailstore. >>>> >>>> Is this possible? Is there a terrible reason to do it even if >>>> it is possible? >>>> >>>> I realise that from MTA to MTA there's no guarantee of >>>> encryption (and in fact it's very unlikely unless keys have >>>> been exchanged), but my primary goal is supplement the physical >>>> security of the mail store of mails we already have or have >>>> sent. >>>> >>>> Mostly just idle curiosity as to what has been done, or what >>>> could be done. What is worth doing is a separate thread >>>> entirely. >>>> >>>> Thanks. >>>> >>>> Simon >>>> >>> >>> my meaning >>> >>> crypted mailstore makes sense in a mail archive, in germany you >>> have to have a mail archive for some kind of company emails all >>> these solutions have some crypted mailstore , and some more >>> features for data security, but thats a big theme, to big for >>> here >>> >>> crypt storage isnt "the saveness" per default, someone hacking >>> the system and get root may hack your crypt storage too etc, also >>> to big theme for here >> >> Robert, indeed, this is sort of my point. If we encrypt laptop >> harddrives to prevent unauthorised access, that doesn't prevent >> the possiblity of someone who already has admin access to the >> device from decrypting/viewing/moving files. What it does do is >> prevent unauthorised access to the data if there is no admin >> access. >> >> Currently my mail store isn't encrypted and I would like to know if >> it is possible to do that, and if so, maybe get some pointers. > > Let's say you operate a mail server which uses a RAID array (or ZFS > pool) as backend storage and one day one disks goes bad and needs to > be replaced. You don't want information being leak from that bad disk > when returning to vendor for replacement. > > There are a lot of solutions to this issue. One possible way is to > use FreeBSD's full disk encryption, geli(4), to encrypt all hard > drives and have the email server hold the key on its boot partition, > but don't protect it with a password so that the mail server can boot > without any human intervention.
Thanks. I think I will investigate this option. I use Debian, and I think the same approach is possible. My concern with this approach is that if the drive is booted from then the information is freely available - but as you say, only if the root password is known. If the drive is simply mounted in different system, then the passphrase would be need (this is what I understand). Alternatively, I could encrypt /var/mail/ and mount it as a LUKS volume to achieve the same effect. But I need a test plan and equipment. Thanks for all the pointers. Simon
