Hijacked thread, now about queue encyption

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Hijacked thread, now about queue encyption

Wietse Venema
Tessa Plum:
> Hi Wietse,
>
> As an incoming MTA, after Postfix receive messages, which part takes the
> duty of saving messages to disk?

The cleanup(8) daemon writes incoming mail to a queue file.

There are about a dozen other daemons that read from a queue file.

> Is this possible that messages were stored into disk by encrypted?

One solution is to use full-disk encyption i.e. there are no keys
stored as plaintexxt on the disk, the disk is unreadable when the
server is shut down, and Postfix does not manage encryption keys.

Otherwise, Postfix would need to manage encryption keys to store
messages and decryption keys to deliver messages. The big question
is The big question is where would Postfix get the keys from? They
should not be stored as plaintext on the disk.

If you want encryption only, then you will need an external milter
or external content filter that replaces plaintext content with
encrypted content. See http://www.postfix.org/CONTENT_FILTER_READ+ME.html
for an overview of the options.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Hijacked thread, now about queue encyption

Viktor Dukhovni
On Fri, Apr 03, 2020 at 02:10:22PM -0400, Wietse Venema wrote:

> >
> > As an incoming MTA, after Postfix receive messages, which part takes the
> > duty of saving messages to disk?
>
> The cleanup(8) daemon writes incoming mail to a queue file.
>
> There are about a dozen other daemons that read from a queue file.

Is the OP looking to encrypt queue files, or to encrypt message bodies
using recipient public keys?

For the latter, there are various systems that make it possible to
encrypt email in transit, so that by the time it is delivered to a
mailbox (and perhaps somewhat earlier) the content can only be read by
the recipient.

Suitably capable disks support encryption via keys held in the disk
controller, so that if the disk is ever separated from the machine, its
content should be unreadable.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Hijacked thread, now about queue encyption

Tessa Plum
In reply to this post by Wietse Venema
That's right. Thank you so much.

Tessa

On 2020-04-04 02:10, Wietse Venema wrote:

> Tessa Plum:
>> Hi Wietse,
>>
>> As an incoming MTA, after Postfix receive messages, which part takes
>> the
>> duty of saving messages to disk?
>
> The cleanup(8) daemon writes incoming mail to a queue file.
>
> There are about a dozen other daemons that read from a queue file.
>
>> Is this possible that messages were stored into disk by encrypted?
>
> One solution is to use full-disk encyption i.e. there are no keys
> stored as plaintexxt on the disk, the disk is unreadable when the
> server is shut down, and Postfix does not manage encryption keys.
>
> Otherwise, Postfix would need to manage encryption keys to store
> messages and decryption keys to deliver messages. The big question
> is The big question is where would Postfix get the keys from? They
> should not be stored as plaintext on the disk.
>
> If you want encryption only, then you will need an external milter
> or external content filter that replaces plaintext content with
> encrypted content. See
> http://www.postfix.org/CONTENT_FILTER_READ+ME.html
> for an overview of the options.
>
> Wietse