Re: NetBSD/Postfix

To: <Scott.Burns%SeQent.Com@localhost>
Subject: Re: NetBSD/Postfix
From: "Waitman Gobble" <uzimac%da3m0n8t3r.com@localhost>
Date: Sun, 31 Mar 2013 13:35:57 -0700 (PDT)

Scott Burns <Scott.Burns%SeQent.Com@localhost> wrote ..
> Hello list,
> 
>  
> 
> We have an opportunity to provide a hosted solution for a new customer. We
> would like to use NetBSD for part of this solution. The solution involves
> the intake and processing of large volumes of email. Due to some customer
> requirements /gov't regulations the incoming spooled mail files need to be
> encrypted when on disk. Is it possible to setup postfix, or I guess
> sendmail, to encrypt it's mail files (like /var/spool/mqueue from my
> sendmail days) when they are stored on disk before being forwarded to
> another machine?
> 
>  
> 
> In this case postfix will be forwarding the email off to another machine
> after receiving/spam filtering occurs on the postfix machine. Once into the
> other machines custom mailserver we have control of this issue as the
> messages are dissected and processed.
> 
>  
> 
> Thanks
> 
> Scott.
> 
>  
> 
>  

Scott, 

Here's a quick hack I put together this morning that uses postfix w/ encrypted 
mail. This example only encrypts the body of the message, but the headers could 
be encrypted too. I used libmcrypt because I was in a hurry this morning but 
you could pull out the mcrypt code and replace with gpgme or openssl encryption 
if you wanted. I convert the binary data to base64 here just to play nice with 
pgsql. I'm just sticking the IV in the same table as the body, might want to do 
a sanity check regarding IV handling, key, etc. You can run pgsql from a RAM 
disk if you want, also use the streaming features to replicate to other 
servers, cloud, etc. That sort of thing. regurgitating the mail for re-send is 
a piece of cake, or you could hack dovecot or whatever to use a pgsql store 
instead of mbox if you wanted.

here's a sample mail encryption.

https://dx.burplex.com/ma3l/enc-pmess.c
https://dx.burplex.com/ma3l/README


if you want to tinker with it, https://dx.burplex.com/ma3l.tar.gz

That sets up a RAM Disk and runs the pipe-to parser programs from the RAM disk. 
the incoming email is stored on the RAM Disk (5 second rule?) for a moment. The 
netbsd version of setup 'assumes' you don't have a drive labelled 'swap' that's 
not actually a swap drive. (which is possible but weird IMHO). It might do bad 
things if you have a real drive labelled 'swap', i haven't tried it.

Anyway, an idea.


-- 
Waitman Gobble
San Jose California USA

Follow-Ups:
- RE: NetBSD/Postfix
  - From: Scott Burns

References:
- NetBSD/Postfix
  - From: Scott Burns

Prev by Date: Re: Build of NetBSD-6.1RC2/amd64 fails
Next by Date: RE: NetBSD/Postfix
Previous by Thread: Re: NetBSD/Postfix
Next by Thread: RE: NetBSD/Postfix
Indexes:

Home | Main Index | Thread Index | Old Index