[Dovecot] Disk Encryption

Daniel Reinhardt cryptodan at gmail.com
Wed Mar 27 06:47:52 EET 2013


If you are concerned about data being left on a hard drive when it fails
and you are returning it to vendor, then I would consider hard drive
degaussers.  They are effective, but are very costly.


On Wed, Mar 27, 2013 at 12:36 AM, Xin Li <delphij at delphij.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 3/25/13 6:24 AM, Simon Brereton wrote:
> > On 25 March 2013 12:30, Robert Schetterer <rs at sys4.de> wrote:
> >> Am 25.03.2013 11:03, schrieb Simon Brereton:
> >>> Hi
> >>>
> >>> As I understand it email headers need to be unencrypted
> >>> (otherwise DKIM doesn't work).  From the MUA to either Postfix,
> >>> or Dovecot the connection is (or can/should be) secured with
> >>> TLS/SSL.
> >>>
> >>> What I would like to know is if it is possible to encrypt the
> >>> mailstore?  Postfix is using Dovecot for delivery so it's only
> >>> Dovecot that would need to encrypt/decrypt the mailstore.
> >>>
> >>> Is this possible?  Is there a terrible reason to do it even if
> >>> it is possible?
> >>>
> >>> I realise that from MTA to MTA there's no guarantee of
> >>> encryption (and in fact it's very unlikely unless keys have
> >>> been exchanged), but my primary goal is supplement the physical
> >>> security of the mail store of mails we already have or have
> >>> sent.
> >>>
> >>> Mostly just idle curiosity as to what has been done, or what
> >>> could be done.  What is worth doing is a separate thread
> >>> entirely.
> >>>
> >>> Thanks.
> >>>
> >>> Simon
> >>>
> >>
> >> my meaning
> >>
> >> crypted mailstore makes sense in a mail archive, in germany you
> >> have to have a mail archive for some kind of company emails all
> >> these solutions have some crypted mailstore , and some more
> >> features for data security, but thats a big theme, to big for
> >> here
> >>
> >> crypt storage isnt "the saveness" per default, someone hacking
> >> the system and get root may hack your crypt storage too etc, also
> >> to big theme for here
> >
> > Robert, indeed, this is sort of my point.  If we encrypt laptop
> > harddrives to prevent unauthorised access, that doesn't prevent
> > the possiblity of someone who already has admin access to the
> > device from decrypting/viewing/moving files.  What it does do is
> > prevent unauthorised access to the data if there is no admin
> > access.
> >
> > Currently my mail store isn't encrypted and I would like to know if
> > it is possible to do that, and if so, maybe get some pointers.
>
> Let's say you operate a mail server which uses a RAID array (or ZFS
> pool) as backend storage and one day one disks goes bad and needs to
> be replaced.  You don't want information being leak from that bad disk
> when returning to vendor for replacement.
>
> There are a lot of solutions to this issue.  One possible way is to
> use FreeBSD's full disk encryption, geli(4), to encrypt all hard
> drives and have the email server hold the key on its boot partition,
> but don't protect it with a password so that the mail server can boot
> without any human intervention.
>
> Encrypting individual user's mail store make little sense as one can
> still get your decryption key if they got root privilege, usually by
> tracing the login process or just replace it with something that can
> do the login but also save login credentials.  In short, if root have
> been compromised, it's game over already.
>
> Cheers,
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEcBAEBCAAGBQJRUndLAAoJEG80Jeu8UPuzyyMIAJ22uv8U2OlZFFAUWTDL4zu/
> tw6ZhxqQxhHVsg69kQPmIRVnMvlv0bhRqQphaJl5PQJAnfiwvrulx8ruFfTWIM3W
> xyxKMQtY/pJouRJwz1SZsfuuBNjU+ACX17IXIi5NDkLm8IT1FLgS9fWaYotACIUe
> 5fTXgodDDAGrWoYE4X1WTJiYCEE4UisilExaAJ0quk72NO/TzMnsLktR7mx0eSaP
> NqAi8ger9a2rflStgdJlI6pCmzRs4onAs2YWZq4F5Nv/wnnUysMsSjwNW+MuL4WY
> jWbX8oF+11kyH14vPLvzLKvMXjC9yKf8G880OPuMmgFQOrYAXzP5yp3w/rRVBCM=
> =SMvV
> -----END PGP SIGNATURE-----
>



-- 
Daniel Reinhardt
cryptodan at cryptodan.net
http://www.cryptodan.net
301-875-7018(c)
410-455-0488(h)


More information about the dovecot mailing list