On 27 March 2013 05:36, Xin Li delphij@delphij.net wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 3/25/13 6:24 AM, Simon Brereton wrote:
On 25 March 2013 12:30, Robert Schetterer rs@sys4.de wrote:
Am 25.03.2013 11:03, schrieb Simon Brereton:
Hi
As I understand it email headers need to be unencrypted (otherwise DKIM doesn't work). From the MUA to either Postfix, or Dovecot the connection is (or can/should be) secured with TLS/SSL.
What I would like to know is if it is possible to encrypt the mailstore? Postfix is using Dovecot for delivery so it's only Dovecot that would need to encrypt/decrypt the mailstore.
Is this possible? Is there a terrible reason to do it even if it is possible?
I realise that from MTA to MTA there's no guarantee of encryption (and in fact it's very unlikely unless keys have been exchanged), but my primary goal is supplement the physical security of the mail store of mails we already have or have sent.
Mostly just idle curiosity as to what has been done, or what could be done. What is worth doing is a separate thread entirely.
Thanks.
Simon
my meaning
crypted mailstore makes sense in a mail archive, in germany you have to have a mail archive for some kind of company emails all these solutions have some crypted mailstore , and some more features for data security, but thats a big theme, to big for here
crypt storage isnt "the saveness" per default, someone hacking the system and get root may hack your crypt storage too etc, also to big theme for here
Robert, indeed, this is sort of my point. If we encrypt laptop harddrives to prevent unauthorised access, that doesn't prevent the possiblity of someone who already has admin access to the device from decrypting/viewing/moving files. What it does do is prevent unauthorised access to the data if there is no admin access.
Currently my mail store isn't encrypted and I would like to know if it is possible to do that, and if so, maybe get some pointers.
Let's say you operate a mail server which uses a RAID array (or ZFS pool) as backend storage and one day one disks goes bad and needs to be replaced. You don't want information being leak from that bad disk when returning to vendor for replacement.
There are a lot of solutions to this issue. One possible way is to use FreeBSD's full disk encryption, geli(4), to encrypt all hard drives and have the email server hold the key on its boot partition, but don't protect it with a password so that the mail server can boot without any human intervention.
Thanks. I think I will investigate this option. I use Debian, and I think the same approach is possible.
My concern with this approach is that if the drive is booted from then the information is freely available - but as you say, only if the root password is known. If the drive is simply mounted in different system, then the passphrase would be need (this is what I understand).
Alternatively, I could encrypt /var/mail/ and mount it as a LUKS volume to achieve the same effect. But I need a test plan and equipment.
Thanks for all the pointers.
Simon