On 14/11/16 15:51, Noel Jones wrote: >> 3) Keeps mail encrypted throughout, including only writing >> encrypted blobs. >> >> and is there a way to setup an IMAP server to read that encrypted >> mail and, again, only serve/accept encrypted mail. > > For this you can use whatever encrypted filesystem is provided by > your OS. Postfix has no built-in support for encrypted files. > >> I assume there is some metadata that must be unencrypted (to and >> From_, I’d guess), can the rest of the metadata be encrypted (Data, >> received, any other headers). > > With SMTP, the initial server connection, EHLO and STARTTLS commands > are sent cleartext. After that, everything is encrypted.
Postfix, by necessity has to decrypt the data for internal use. Even if you point your mailstore and mailqueue at encrypted filesystems, you will still, at some stages, have clear-text messages passing through RAM. Further more, it is possible (though unlikely) for this to be paged out to swap. I would: 1. Make sure you have a hardened build of postfix. 2. Make sure you're running selinux, apparmour or something similar. 3. Make sure you have plenty of RAM, and disable swap if you want to make absolutely certain that plain text won't get swapped out to disk. 4. Realize that even if you do all of this and more you can't control what other servers do with your mail. They can store it unencrypted, and transmit it in plain text onto the next hop and you won't be able to stop them or do anything about it. 5. Use end-to-end encryption such as PGP (or GPG). This will fully encrypt the contents of your messages, but it can't help with the metadata such as the envelope sender and recipient(s). Peter
