kasper4165:
> Hello all,
>
> I have a problem during configuration of postfix smtp server.
> My company policy is to not storage files with any credentials which are not
> encrypted on any host. Is there any way to make sasl_passwd.db file
> protected with password and at the same time it can be used by postfix?
> Maybe there is any other way to do not keep passwords on host and still have
> postfix working?
>
> Thanks in advance for any advice!
>
> P.S.
> If you are 100% sure that this is impossible fell free to comment.
There is no need to store passwords in a file. You can store them
in any Postfix-supported database, including a local server that
answers queries over a UNIX-domain socket that is accessible only
for Postfix (or root).
Otherwise, options are a) unsealing the decryption key after secure
boot and modifying the Postfix master daemon to pass it to Postfix
SMTP client processes; or b) solving a chicken-and-egg problem.
Wietse
