Thats why its important to define which security goal your setup has.
If you really want to PGP-encrypt your mails at receive, you can do it with Ciphermail:
https://www.ciphermail.com/Ciphermail is implemented as a SMTP proxy, so you just feed postfix's smtp-client into ciphermail and then have a localhost-only listening smtpd which delivers to local storage.
But to your points:1: If your WM is remotely manageable via SSH, you will also have access to its "boot" over SSH/IPMI or whatever remote interface your hosting company uses. 2: Yes agree. But one thing to consider, is that if you have hosting with VM's or VPS:es, its common that they make a backup of your machine, eg they backup your machine as-is. This means that when your hosting company takes the backup, it will still be encrypted. Eg, even if they take the backup while the machine is in running state, it will still be a backup of the "offline image" of machine, which will represent how the machine will look if it was turned off and then turned on right now, since LUKS never write plaintext to the disk drive. RAM contents of the VM is usually not written to disk or backuped at all since it can contain sensitive data. 3: Yes thats true. But that is true for any non-encrypted mail that is received on your server, since they could, if they were dishonest, tap the mail from the RAM of the server, like they could with the LUKS key. No on-server encryption is going to solve if your hosting company is rogue. In your first mail, you described the hosting company for being untrusted because they were reckless and unresponsible with backups and copies of offline-data that could linger around in the datacenter and fall into the wrong hands.
If the hosting company is completely untrusted with not just lazy/reckless employees, insead just dishonest employees that could itself be rogue, theres only 2 options: A: Encrypt the mail before it reach the hosting company. For example receiving mails in a another server, encrypting them with ciphermail and then forwarding the encrypted mails to the hosting company.
B: Change hosting company to a more trusted one.-----Ursprungligt meddelande----- From: Thomas Keller
Sent: Wednesday, June 03, 2015 1:32 AM To: postfix-users@postfix.org Subject: Re: encrypt incoming emails with my public gpg key On 2015-06-03 01:16, Sebastian Nielsen wrote:
If you only are worried by backups or other copies that might come in the wrong hands, and not someone directly accessing the server, I would suggest setting up a encrypted storage in the server. Since VPS/VM in many times give you root access, you could easily set your virtual machine to be encrypted with LUKS, and then you have to type a password each time the VM boot.
using LUKS has some disadvantages here: 1) somebody has to type remotely the password every time the machine boots. This is very impractical 2) LUKS is only effective when the machine is turned off. Once LUKS is mounted (decrypted) data can be read and encryption key recovered 3) if ever, somebody gains access to the decryption key (see 2) all emails ever received are accessible. Besides, for the sake of argument, we can assume that I already have LUKS, but want to have another layer. These two things are not mutuallyexlusive.
smime.p7s
Description: S/MIME Cryptographic Signature
