On Sun, Jan 15, 2006 at 10:20:09PM -0600, [EMAIL PROTECTED] wrote: > based on my previous posts about trouble with svnd encryption having not > garnered any replies (see > http://marc.theaimsgroup.com/?l=openbsd-misc&m=113717720822507&w=2 ), i'm > going > to rephrase my questions. > > - what methods, if any, can be used to reliably encrypt my virtual mailboxes > so > that they are secure against physical theft of the machines? this seems to be > a > very useful thing to do since many corporate mailservers have sensitive data > on them > > - is there any useful information in the reply i got on the postfix-users > mailing list: > > "Looks like the "svnd" driver applies the per-process file size limit not only > to the files created, but also to the containing volume. This means that > "svnd" > used over ordinary files is not suitable." > > i cannot grok this reply even though i have read the vnd and vnconfig manual > pages. is there any truth to this statement? should i look at the source for > the > vnd driver to understand more? > > - are there any additional utilities anyone can recommend i use to > - are there any additional utilities anyone can recommend i use to further > investigate why the setup i described in the previous posts (mounting an > encrypted svnd device at /var/vmail and having postfix deliver to mailboxes > inside of /var/vmail) is not working? > > in a best-case scenario, i would like to be able to use the svnd encryption > provided with the base openbsd system. failing that, it would be nice to know > why svnd is not appropriate for this particular application and what some > possible alternatives are. > > cheers, > jake > >
Things I would try (in no particular order) Newfs the vnd device. Make sure you have no quota or user limits in place, because it complains about EDQUOT or EFBIG -> errno(3) Try to move your /var/spool/mail on the same disk. Postfix uses lot's off linking operations that may fail if these things are on different partitions. Configure virtual that it uses another delivery agent, for example maildrop. Look into src/virtual/maildrop.c with a debugger and find out where exactly it breaks.
