Is the Message Store encrypted or protected ?

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

jmadden
Posts: 10
Joined: Fri Oct 21, 2005 7:08 pm

Is the Message Store encrypted or protected ?

Postby jmadden » Fri Oct 21, 2005 7:14 pm

Still waiting for the download of Scalix to finish, but while I'm waiting, I need to know:

Is the Message Store encrypted or proteced in any way from access from the command line? In other words, from the command line, can I look thru the message store and read people's emails?

Also, is the manual available as a download anywhere? I can't seem to find it, or I would have looked there first. :)

Thanks in advance!

nolonger5

Postby nolonger5 » Wed Oct 26, 2005 10:11 am

No reply to this post? Wonder why? I'm curious about this, too.

kanderson

Reading email from the command line

Postby kanderson » Wed Oct 26, 2005 11:32 am

You cannot simply look through emails from the command line using cat, as you could with a maildir based system, however there is a client which would work from the command line to access your email. (It requires you to login though, of course).

Some of the details of an "in transit" email can be catted from in /var/spool/mqueue or /var/spool/clientmqueue, but those messages would also be sent in similarly clear text, so it hardly matters. They're typically only in there for a few seconds while the message is being processed.

The data is stored in /var/opt/scalix/data/* by default. You could snoop through there if you'd like to see how stuff is stored.

Kev.

jch
Scalix
Scalix
Posts: 202
Joined: Thu Mar 25, 2004 10:25 am

Postby jch » Mon Nov 21, 2005 8:18 am

The encrypted message store thing comes up from time to time, usually as a result of someone discovering that there's some other product with an encrypted message store.

In this case, it's easy to answer. The original poster is asking if access to the message store is protected from command line access. Answer: yes. You need to be root or in group scalix to get at the message store files.

Interestingly, if you're root all bets are off as regards protection, including an encrypted message store. I can envisage a mail server design where someone, say the operator, supplies a key to gain access to the message store at boot time which gets around most of the problems of run-time in-clear access (but do you trust the operator? and what happens when there's a power outage at the weekend?). And don't get me started on periodically changing the key.

There are a couple of ecryption things you might one to explore. One is encrypting your backups to stop bad people stealing and reading them (you can make this really rather secure using public keys as you can encrypt the backup using a public key, but make recovery dependent on trustworthy mechanisms for using the private key, it depends on how paranoid you are). If you want your disks to be protected, you can look into the encryption layer provided by the device-mapper: but don't forget that the encryption is the simplest part of the security process.

Anyway, the short answer is the one I gave at the begining. In order to subvert the security of the message store you need to subvert the security of the operating system. And the corollaries: you have to have a degree of trust in your admin(s); if you can become root there's nothing we can do to stop someone anyway.

If you really really want to protect your messages from (almost) everyone the use a client that supports S/MIME or PGP -- and make sure you're using it in a way that provides the level of protection you need.

jch


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 22 guests

cron