Just out of curiosity, what is a cold boot attack?

gruez · 2026-03-06T00:24:02 1772756642

https://en.wikipedia.org/wiki/Cold_boot_attack

tl;dr they pull the decryption keys from your computer while it's still running, which of course it is because your mail server has to be up 24/7.

wildzzz · 2026-03-06T01:55:54 1772762154

Simple solution: put your server inside of a cabinet or enclosure that immediately powers it off if opened with a hidden micro switch. Additionally, write a little udev rule to immediately power off if any new USB device is connected or Ethernet is unplugged.

encrypted_bird · 2026-03-06T03:43:36 1772768616

So a trip-switch for the server?

How would one access it if one needed to do config changes or, really, anything the server for legitimate purposes?

quesera · 2026-03-06T04:36:31 1772771791

ssh in and shut down first (and/or just use a properly reliable filesystem).

Mail transfer can tolerate multi-hour interruptions. Imagine the drama if it couldn't!

encrypted_bird · 2026-03-07T04:17:42 1772857062

If you can ssh in, couldn't they ssh in?

encrypted_bird · 2026-03-06T03:42:15 1772768535

That is fascinating! Thanks for sharing!