based on my previous posts about trouble with svnd encryption having not garnered any replies (see http://marc.theaimsgroup.com/?l=openbsd-misc&m=113717720822507&w=2 ), i'm going to rephrase my questions.
- what methods, if any, can be used to reliably encrypt my virtual mailboxes so that they are secure against physical theft of the machines? this seems to be a very useful thing to do since many corporate mailservers have sensitive data on them - is there any useful information in the reply i got on the postfix-users mailing list: "Looks like the "svnd" driver applies the per-process file size limit not only to the files created, but also to the containing volume. This means that "svnd" used over ordinary files is not suitable." i cannot grok this reply even though i have read the vnd and vnconfig manual pages. is there any truth to this statement? should i look at the source for the vnd driver to understand more? - are there any additional utilities anyone can recommend i use to further investigate why the setup i described in the previous posts (mounting an encrypted svnd device at /var/vmail and having postfix deliver to mailboxes inside of /var/vmail) is not working? in a best-case scenario, i would like to be able to use the svnd encryption provided with the base openbsd system. failing that, it would be nice to know why svnd is not appropriate for this particular application and what some possible alternatives are. cheers, jake
