RE: NetBSD/Postfix

To: "'Waitman Gobble'" <uzimac%da3m0n8t3r.com@localhost>
Subject: RE: NetBSD/Postfix
From: "Scott Burns" <Scott.Burns%SeQent.Com@localhost>
Date: Sun, 31 Mar 2013 16:50:57 -0400

Interesting Waitman,
        Thank you for looking into this. I will have our server admin look
this over tomorrow.

Scott...

-----Original Message-----
From: Waitman Gobble [mailto:uzimac%da3m0n8t3r.com@localhost] 
Sent: March-31-13 4:36 PM
To: Scott.Burns%SeQent.Com@localhost
Cc: netbsd-users%NetBSD.org@localhost
Subject: Re: NetBSD/Postfix

Scott Burns <Scott.Burns%SeQent.Com@localhost> wrote ..
> Hello list,
> 
>  
> 
> We have an opportunity to provide a hosted solution for a new 
> customer. We would like to use NetBSD for part of this solution. The 
> solution involves the intake and processing of large volumes of email. 
> Due to some customer requirements /gov't regulations the incoming 
> spooled mail files need to be encrypted when on disk. Is it possible 
> to setup postfix, or I guess sendmail, to encrypt it's mail files 
> (like /var/spool/mqueue from my sendmail days) when they are stored on 
> disk before being forwarded to another machine?
> 
>  
> 
> In this case postfix will be forwarding the email off to another 
> machine after receiving/spam filtering occurs on the postfix machine. 
> Once into the other machines custom mailserver we have control of this 
> issue as the messages are dissected and processed.
> 
>  
> 
> Thanks
> 
> Scott.
> 
>  
> 
>  

Scott, 

Here's a quick hack I put together this morning that uses postfix w/
encrypted mail. This example only encrypts the body of the message, but the
headers could be encrypted too. I used libmcrypt because I was in a hurry
this morning but you could pull out the mcrypt code and replace with gpgme
or openssl encryption if you wanted. I convert the binary data to base64
here just to play nice with pgsql. I'm just sticking the IV in the same
table as the body, might want to do a sanity check regarding IV handling,
key, etc. You can run pgsql from a RAM disk if you want, also use the
streaming features to replicate to other servers, cloud, etc. That sort of
thing. regurgitating the mail for re-send is a piece of cake, or you could
hack dovecot or whatever to use a pgsql store instead of mbox if you wanted.

here's a sample mail encryption.

https://dx.burplex.com/ma3l/enc-pmess.c
https://dx.burplex.com/ma3l/README

if you want to tinker with it, https://dx.burplex.com/ma3l.tar.gz

That sets up a RAM Disk and runs the pipe-to parser programs from the RAM
disk. the incoming email is stored on the RAM Disk (5 second rule?) for a
moment. The netbsd version of setup 'assumes' you don't have a drive
labelled 'swap' that's not actually a swap drive. (which is possible but
weird IMHO). It might do bad things if you have a real drive labelled
'swap', i haven't tried it.

Anyway, an idea.

--
Waitman Gobble
San Jose California USA

Follow-Ups:
- RE: NetBSD/Postfix
  - From: Waitman Gobble

References:
- NetBSD/Postfix
  - From: Scott Burns
- Re: NetBSD/Postfix
  - From: Waitman Gobble

Prev by Date: Re: NetBSD/Postfix
Next by Date: RE: NetBSD/Postfix
Previous by Thread: Re: NetBSD/Postfix
Next by Thread: RE: NetBSD/Postfix
Indexes:

Home | Main Index | Thread Index | Old Index