Scott Burns <[email protected]> wrote .. > Hello list, > > > > We have an opportunity to provide a hosted solution for a new customer. We > would like to use NetBSD for part of this solution. The solution involves > the intake and processing of large volumes of email. Due to some customer > requirements /gov't regulations the incoming spooled mail files need to be > encrypted when on disk. Is it possible to setup postfix, or I guess > sendmail, to encrypt it's mail files (like /var/spool/mqueue from my > sendmail days) when they are stored on disk before being forwarded to > another machine? > > > > In this case postfix will be forwarding the email off to another machine > after receiving/spam filtering occurs on the postfix machine. Once into the > other machines custom mailserver we have control of this issue as the > messages are dissected and processed. > > > > Thanks > > Scott. > > > >
Scott, Here's a quick hack I put together this morning that uses postfix w/ encrypted mail. This example only encrypts the body of the message, but the headers could be encrypted too. I used libmcrypt because I was in a hurry this morning but you could pull out the mcrypt code and replace with gpgme or openssl encryption if you wanted. I convert the binary data to base64 here just to play nice with pgsql. I'm just sticking the IV in the same table as the body, might want to do a sanity check regarding IV handling, key, etc. You can run pgsql from a RAM disk if you want, also use the streaming features to replicate to other servers, cloud, etc. That sort of thing. regurgitating the mail for re-send is a piece of cake, or you could hack dovecot or whatever to use a pgsql store instead of mbox if you wanted. here's a sample mail encryption. https://dx.burplex.com/ma3l/enc-pmess.c https://dx.burplex.com/ma3l/README if you want to tinker with it, https://dx.burplex.com/ma3l.tar.gz That sets up a RAM Disk and runs the pipe-to parser programs from the RAM disk. the incoming email is stored on the RAM Disk (5 second rule?) for a moment. The netbsd version of setup 'assumes' you don't have a drive labelled 'swap' that's not actually a swap drive. (which is possible but weird IMHO). It might do bad things if you have a real drive labelled 'swap', i haven't tried it. Anyway, an idea. -- Waitman Gobble San Jose California USA
