Postby jch » Mon Nov 21, 2005 8:18 am
The encrypted message store thing comes up from time to time, usually as a result of someone discovering that there's some other product with an encrypted message store.
In this case, it's easy to answer. The original poster is asking if access to the message store is protected from command line access. Answer: yes. You need to be root or in group scalix to get at the message store files.
Interestingly, if you're root all bets are off as regards protection, including an encrypted message store. I can envisage a mail server design where someone, say the operator, supplies a key to gain access to the message store at boot time which gets around most of the problems of run-time in-clear access (but do you trust the operator? and what happens when there's a power outage at the weekend?). And don't get me started on periodically changing the key.
There are a couple of ecryption things you might one to explore. One is encrypting your backups to stop bad people stealing and reading them (you can make this really rather secure using public keys as you can encrypt the backup using a public key, but make recovery dependent on trustworthy mechanisms for using the private key, it depends on how paranoid you are). If you want your disks to be protected, you can look into the encryption layer provided by the device-mapper: but don't forget that the encryption is the simplest part of the security process.
Anyway, the short answer is the one I gave at the begining. In order to subvert the security of the message store you need to subvert the security of the operating system. And the corollaries: you have to have a degree of trust in your admin(s); if you can become root there's nothing we can do to stop someone anyway.
If you really really want to protect your messages from (almost) everyone the use a client that supports S/MIME or PGP -- and make sure you're using it in a way that provides the level of protection you need.
jch