On Wed, Oct 22, 2014 at 9:32 PM, James B. Byrne <byrnejb> wrote:
> I am now investigating encrypting our IMAP user spool files. Does anyone have
> experience with handling encrypted data stores using either or both of the
> subject methods and would care tio share their observations? Which is the
> preferred method (I know: it depends, but on what?)? What administrative
> pain does each cause?
I guess you first need to decide what/who are you protecting your email from.
If we are speaking about somebody entering into the datacenter and
stealing/cloning a disk containing your users' emails, the luks
solution described by Digimer should work fine.
If you want to protect sensitive users of your organization (HR
director, CFO, etc) from your own IT admins, things get complicated
easy :-) . ecryptfs can do a per-user file-based encryption but it
doesn't really handle multi-user environments. If your /home/user1 is
mounted from a ecrypfs filesystem, nothing prevents root / sudo'd
processes from picking files from a certain user.
For the latter I'd suggest using PGP -- although instructing users to
handle the complexity of client-based encryption is another huge task.
My 0.02€
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
