On 28.10.2013, at 18.02, Douglas Mortensen <doug@impalanetworks.com> wrote:
We have clients with various security & compliance requirements. Although not required, it would be ideal to have messages encrypted at rest. We already use SSL/TLS to secure the transmission of most email. However, it would be nice to have them encrypted sitting on our server. Is anyone doing this? I think that ideally, rather than full-disk encryption, we should use an encryption that encrypts the actual email messages as they sit on our file system. This way even if we ever had our server breached by an attacker, they wouldn't be able to do anything with the messages. However, this would also mean that if the attacker can't decrypt the files, than dovecot and postfix still would need to. This means that the encryption key would need to be available to the dovecot deamon. We'd either need to have it in a file that is restricted to access only by dovecot (less secure), or use an encryption passphrase for the certificate which would have to be typed in manually each time that dovecot starts or restarts (more secure, but also more work and possibility of disruption because the server can't restart gracefully without a human being having to be present [although I don't think we have issues with unexpected restarts anyway]).
Is anyone doing anything like this with dovecot?
http://dovecot.org/patches/2.2/mail-filter.tar.gz could be used as the base for this.