NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD/Postfix

Scott Burns <Scott.Burns%SeQent.Com@localhost> wrote ..
> Hello list,
> We have an opportunity to provide a hosted solution for a new customer. We
> would like to use NetBSD for part of this solution. The solution involves
> the intake and processing of large volumes of email. Due to some customer
> requirements /gov't regulations the incoming spooled mail files need to be
> encrypted when on disk. Is it possible to setup postfix, or I guess
> sendmail, to encrypt it's mail files (like /var/spool/mqueue from my
> sendmail days) when they are stored on disk before being forwarded to
> another machine?
> In this case postfix will be forwarding the email off to another machine
> after receiving/spam filtering occurs on the postfix machine. Once into the
> other machines custom mailserver we have control of this issue as the
> messages are dissected and processed.
> Thanks
> Scott.


Here's a quick hack I put together this morning that uses postfix w/ encrypted 
mail. This example only encrypts the body of the message, but the headers could 
be encrypted too. I used libmcrypt because I was in a hurry this morning but 
you could pull out the mcrypt code and replace with gpgme or openssl encryption 
if you wanted. I convert the binary data to base64 here just to play nice with 
pgsql. I'm just sticking the IV in the same table as the body, might want to do 
a sanity check regarding IV handling, key, etc. You can run pgsql from a RAM 
disk if you want, also use the streaming features to replicate to other 
servers, cloud, etc. That sort of thing. regurgitating the mail for re-send is 
a piece of cake, or you could hack dovecot or whatever to use a pgsql store 
instead of mbox if you wanted.

here's a sample mail encryption.

if you want to tinker with it,

That sets up a RAM Disk and runs the pipe-to parser programs from the RAM disk. 
the incoming email is stored on the RAM Disk (5 second rule?) for a moment. The 
netbsd version of setup 'assumes' you don't have a drive labelled 'swap' that's 
not actually a swap drive. (which is possible but weird IMHO). It might do bad 
things if you have a real drive labelled 'swap', i haven't tried it.

Anyway, an idea.

Waitman Gobble
San Jose California USA

Home | Main Index | Thread Index | Old Index