On Wed, Oct 22, 2014 at 9:32 PM, James B. Byrne <byrnejb> wrote: > I am now investigating encrypting our IMAP user spool files. Does anyone have > experience with handling encrypted data stores using either or both of the > subject methods and would care tio share their observations? Which is the > preferred method (I know: it depends, but on what?)? What administrative > pain does each cause? I guess you first need to decide what/who are you protecting your email from. If we are speaking about somebody entering into the datacenter and stealing/cloning a disk containing your users' emails, the luks solution described by Digimer should work fine. If you want to protect sensitive users of your organization (HR director, CFO, etc) from your own IT admins, things get complicated easy :-) . ecryptfs can do a per-user file-based encryption but it doesn't really handle multi-user environments. If your /home/user1 is mounted from a ecrypfs filesystem, nothing prevents root / sudo'd processes from picking files from a certain user. For the latter I'd suggest using PGP -- although instructing users to handle the complexity of client-based encryption is another huge task. My 0.02€