Lloyd Zusman said:Mail in transit or which is being piped to other processes would remain in plain text; only when Courier is writing a message to disk would it be optionally encrypted.
I'm not sure of the logic behind this approach, however if it only encrypts when mail is written to disk that you want it encrypted, investigate putting your mail spoolone of the encrypted filesystems that Linux supports. A google for linux and "encrypted filesystem" turned up plenty.
It depends on what his threat model is. An encrypted filesystem can protect backups (assuming you remember to not back up the cleartext form!), but may or may not hide the contents from other users on a live system. I know the kernel "loopback" encrypted FS looks just like a regular mounted disk. I'm not sure whether CFS (which uses a specialized NFS client/server) is visible to all users or just users who provided the appropriate password.
Whatever it is, the mail daemons must have access to the encrypted FS so any user that can masquerade as one of these daemons can look at any message. That means any threat model involving local users with privilege escalation will be difficult to solve - if they can access the mail spool, they can probably muck with the mail daemons so anything they do may be moot.
Bear
------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
