On 28.10.2013, at 18.02, Douglas Mortensen <d...@impalanetworks.com> wrote:
> We have clients with various security & compliance requirements. Although not > required, it would be ideal to have messages encrypted at rest. We already > use SSL/TLS to secure the transmission of most email. However, it would be > nice to have them encrypted sitting on our server. Is anyone doing this? I > think that ideally, rather than full-disk encryption, we should use an > encryption that encrypts the actual email messages as they sit on our file > system. This way even if we ever had our server breached by an attacker, they > wouldn't be able to do anything with the messages. However, this would also > mean that if the attacker can't decrypt the files, than dovecot and postfix > still would need to. This means that the encryption key would need to be > available to the dovecot deamon. We'd either need to have it in a file that > is restricted to access only by dovecot (less secure), or use an encryption > passphrase for the certificate which would have to be typed in manually each > time that dovecot starts or restarts (more secure, but also more work and > possibility of disruption because the server can't restart gracefully without > a human being having to be present [although I don't think we have issues > with unexpected restarts anyway]). > > Is anyone doing anything like this with dovecot? http://dovecot.org/patches/2.2/mail-filter.tar.gz could be used as the base for this.
