NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RE: NetBSD/Postfix

Interesting Waitman,
        Thank you for looking into this. I will have our server admin look
this over tomorrow.


-----Original Message-----
From: Waitman Gobble [] 
Sent: March-31-13 4:36 PM
To: Scott.Burns%SeQent.Com@localhost
Subject: Re: NetBSD/Postfix

Scott Burns <Scott.Burns%SeQent.Com@localhost> wrote ..
> Hello list,
> We have an opportunity to provide a hosted solution for a new 
> customer. We would like to use NetBSD for part of this solution. The 
> solution involves the intake and processing of large volumes of email. 
> Due to some customer requirements /gov't regulations the incoming 
> spooled mail files need to be encrypted when on disk. Is it possible 
> to setup postfix, or I guess sendmail, to encrypt it's mail files 
> (like /var/spool/mqueue from my sendmail days) when they are stored on 
> disk before being forwarded to another machine?
> In this case postfix will be forwarding the email off to another 
> machine after receiving/spam filtering occurs on the postfix machine. 
> Once into the other machines custom mailserver we have control of this 
> issue as the messages are dissected and processed.
> Thanks
> Scott.


Here's a quick hack I put together this morning that uses postfix w/
encrypted mail. This example only encrypts the body of the message, but the
headers could be encrypted too. I used libmcrypt because I was in a hurry
this morning but you could pull out the mcrypt code and replace with gpgme
or openssl encryption if you wanted. I convert the binary data to base64
here just to play nice with pgsql. I'm just sticking the IV in the same
table as the body, might want to do a sanity check regarding IV handling,
key, etc. You can run pgsql from a RAM disk if you want, also use the
streaming features to replicate to other servers, cloud, etc. That sort of
thing. regurgitating the mail for re-send is a piece of cake, or you could
hack dovecot or whatever to use a pgsql store instead of mbox if you wanted.

here's a sample mail encryption.

if you want to tinker with it,

That sets up a RAM Disk and runs the pipe-to parser programs from the RAM
disk. the incoming email is stored on the RAM Disk (5 second rule?) for a
moment. The netbsd version of setup 'assumes' you don't have a drive
labelled 'swap' that's not actually a swap drive. (which is possible but
weird IMHO). It might do bad things if you have a real drive labelled
'swap', i haven't tried it.

Anyway, an idea.

Waitman Gobble
San Jose California USA

Home | Main Index | Thread Index | Old Index