[encrypted_bird]

Just out of curiosity, what is a cold boot attack?

[gruez]

https://en.wikipedia.org/wiki/Cold_boot_attack

tl;dr they pull the decryption keys from your computer while it's still running, which of course it is because your mail server has to be up 24/7.

[wildzzz]

Simple solution: put your server inside of a cabinet or enclosure that immediately powers it off if opened with a hidden micro switch. Additionally, write a little udev rule to immediately power off if any new USB device is connected or Ethernet is unplugged.

[encrypted_bird]

So a trip-switch for the server?

How would one access it if one needed to do config changes or, really, anything the server for legitimate purposes?

[quesera]

ssh in and shut down first (and/or just use a properly reliable filesystem).

Mail transfer can tolerate multi-hour interruptions. Imagine the drama if it couldn't!

[encrypted_bird]

If you can ssh in, couldn't they ssh in?

[encrypted_bird]

That is fascinating! Thanks for sharing!