[teddyh]

Running a server containing users’ data (especially an e-mail server) in 2016 without full-disk encryption is like running a web server without HTTPS. Just don’t. It’s a privacy disaster waiting to happen.

This can happen in any country, even to a silly cock joke site like this, and your users will be hurt by it, possibly for many years to come. There is no longer any excuse not to do it.

[nonninz]

Excuse my ignorance, but how does full-disk encryption work if you don't have console access to it?

How do you enter the password after, say, a hard reset/power outage?

[teddyh]

For Debian and Ubuntu servers: Mandos (http://www.recompile.se/mandos)

Introduction here: http://www.recompile.se/mandos/man/intro.8mandos

Disclosure: I am a co-author. (Yeah, yeah, we will switch our certificate from CACert to LetsEncrypt. Soon. Ish.)

[ryanlol]

SSH?