Spool directories on ext4 with encryption

[Christian Rößner]

Hi,

today I tried to use ext4 encryption for /var/spool/postfix*

1. Create static salt with:
head -c 16 /dev/urandom | xxd -p >~/tmp-salt.txt
echo 0x`cat ~/tmp-salt.txt` >~/.cryptoSalt

2. Adding key:
/usr/sbin/e4crypt add_key -S f:/root/.cryptoSalt

3. Stopping postfix
4. Create /var/spool/old
5. mv /var/spool/postfix* /var/spool/old/
6. mkdir -p /var/spool/postfix /var/spool/postfix-relay 
/var/spool/postfix-submission

7. Set policies:
e4crypt set_policy XXXXX /var/spool/postfix
e4crypt set_policy XXXXX /var/spool/postfix-relay
e4crypt set_policy XXXXX /var/spool/postfix-submission

8. Copy back stuff:
cp -a /var/spool/old/postfix/* /var/spool/postfix/
cp -a /var/spool/old/postfix-relay/* /var/spool/postfix-relay/
cp -a /var/spool/old/postfix-submission/* /var/spool/postfix-submission

9. Starting postfix

Result:

Aug 20 15:02:34 mx postfix/submission/cleanup[28091]: warning: 
mail_queue_enter: create file incoming/648259.28091: Required
key not available
Aug 20 15:02:35 mx postfix/submission/cleanup[28035]: warning: 
mail_queue_enter: create file incoming/167770.28035: Required
key not available
Aug 20 15:02:35 mx postfix/submission/cleanup[27787]: warning: 
mail_queue_enter: create file incoming/765542.27787: Required
key not available
Aug 20 15:02:44 mx postfix/submission/cleanup[28091]: warning: 
mail_queue_enter: create file incoming/648610.28091: Required
key not available
Aug 20 15:02:45 mx postfix/submission/cleanup[28035]: warning: 
mail_queue_enter: create file incoming/168137.28035: Required
key not available
Aug 20 15:02:45 mx postfix/submission/cleanup[27787]: warning: 
mail_queue_enter: create file incoming/765920.27787: Required
key not available

Moving back to unencrypted, everything works again. Any ideas, what I can do? 
Am I missing something?

postconf mail_version
mail_version = 3.3.1

Kind regards

Christian
-- 
Rößner-Network-Solutions
Karl-Bröger-Str. 10, 36304 Alsfeld
T: +49 6631 9110725, F: +49 6631 78823409, M: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner-network-solutions.com

smime.p7s
Description: S/MIME cryptographic signature