[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Thank you for looking into this. I will have our server admin look
this over tomorrow.
From: Waitman Gobble [mailto:uzimac%da3m0n8t3r.com@localhost]
Sent: March-31-13 4:36 PM
Subject: Re: NetBSD/Postfix
Scott Burns <Scott.Burns%SeQent.Com@localhost> wrote ..
> Hello list,
> We have an opportunity to provide a hosted solution for a new
> customer. We would like to use NetBSD for part of this solution. The
> solution involves the intake and processing of large volumes of email.
> Due to some customer requirements /gov't regulations the incoming
> spooled mail files need to be encrypted when on disk. Is it possible
> to setup postfix, or I guess sendmail, to encrypt it's mail files
> (like /var/spool/mqueue from my sendmail days) when they are stored on
> disk before being forwarded to another machine?
> In this case postfix will be forwarding the email off to another
> machine after receiving/spam filtering occurs on the postfix machine.
> Once into the other machines custom mailserver we have control of this
> issue as the messages are dissected and processed.
Here's a quick hack I put together this morning that uses postfix w/
encrypted mail. This example only encrypts the body of the message, but the
headers could be encrypted too. I used libmcrypt because I was in a hurry
this morning but you could pull out the mcrypt code and replace with gpgme
or openssl encryption if you wanted. I convert the binary data to base64
here just to play nice with pgsql. I'm just sticking the IV in the same
table as the body, might want to do a sanity check regarding IV handling,
key, etc. You can run pgsql from a RAM disk if you want, also use the
streaming features to replicate to other servers, cloud, etc. That sort of
thing. regurgitating the mail for re-send is a piece of cake, or you could
hack dovecot or whatever to use a pgsql store instead of mbox if you wanted.
here's a sample mail encryption.
if you want to tinker with it, https://dx.burplex.com/ma3l.tar.gz
That sets up a RAM Disk and runs the pipe-to parser programs from the RAM
disk. the incoming email is stored on the RAM Disk (5 second rule?) for a
moment. The netbsd version of setup 'assumes' you don't have a drive
labelled 'swap' that's not actually a swap drive. (which is possible but
weird IMHO). It might do bad things if you have a real drive labelled
'swap', i haven't tried it.
Anyway, an idea.
San Jose California USA
Main Index |
Thread Index |