Zimbra volume on truecrypt
This article describes the steps to setup a truecrypt partition as a secondary zimbra volume. We assume you have ZCS already installed and operational. In this case using Ubuntu 8.04 LTS (Hardy Heron) and ZCS 5.0.11
To know about truecrypt visit: http://www.truecrypt.org
Part 0 : Installation of Truecrypt package :
Prerequisite : No GUI necessary. sudo apt-get install dmsetup libsm6 libgtk2.0-0 sudo apt-get -f install
To download Truecrypt : sudo wget http://www.truecrypt.org/downloads/truecrypt-6.1-ubuntu-x86.tar.gz
To install : sudo tar zxpf truecrypt-6.1-ubuntu-x86.tar.gz sudo ./truecrypt-6.1-setup-ubuntu-x86
To test install : truecrypt --text --test
To see help : truecrypt --text --help
Part 1 : To create Truecrypt volume :
To host file containing volumes : sudo mkdir /protect-folder
To create volume in interactive way : truecrypt --text --create or To create normal Truecrypt volume directly : (This command just ask for password of new volume and random 300 car string)
sudo truecrypt --text -c -k "" --volume-type=normal --size=100000000 --encryption=AES-Twofish --hash=SHA-512 --filesystem=FAT /protect-folder/prdvolume1.tc
(size in bytes ==> 100000000 = 100Mb, FAT is the only choice possible==> see EXT3 format below)
To mount volume : sudo truecrypt --text -k "" --protect-hidden=no --mount /protect-folder/prdvolume1.tc /media/truecrypt1
To list mounted volumes : sudo truecrypt --text -l
To see properties of a volume : sudo truecrypt --text --volume-properties /protect-folder/prdvolume1.tc
To dismount TrueCrypt volume : sudo truecrypt --text --dismount /protect-folder/prdvolume1.tc
To format TC volume in Ext3 linux format : Login a root : sudo su - Mount Truecrypt volume : sudo truecrypt --text -k "" --protect-hidden=no --mount /protect-folder/prdvolume1.tc /media/truecrypt1
See name of logical disk : sudo truecrypt --text -l
Unmount Linux Vol but not Truecrypt volume ! : sudo umount /media/truecrypt1
Format Truecrypt volume in Ext3 mode : sudo mke2fs -j /dev/mapper/truecrypt1 (See doc in http://manpages.ubuntu.com/manpages/hardy/man8/mke2fs.html)
Dismount Truecrypt volume : sudo truecrypt --text --dismount /protect-folder/prdvolume1.tc
And remount Truecrypt volume : sudo truecrypt --text -k "" --protect-hidden=no --mount /protect-folder/prdvolume1.tc /media/truecrypt1
To verify Truecrypt volume is OK : sudo truecrypt --text --volume-properties /protect-folder/prdvolume1.tc
To prepare the directory to host ZCS volume : sudo mkdir /media/truecrypt1/storetc
To make Zimbra user owner of storetc directory (mandatory for Zimbra volume): chown -v -R zimbra /media/truecrypt1/storetc
To give permissions (mandatory for Zimbra volume) : sudo chmod -v -R 0755 /media/truecrypt1
Permissions are persistent with dismount and mount.
Part 2 : To create Zimbra secondary volume in /media/truecrypt1/storetc :
As user zimbra:
To create a secondary volume : zmvolume -a -n messagetc1 -p /media/truecrypt1/storetc -t secondaryMessage
To verify, list the volumes : zmvolume -l
To activate the secondary volume : zmvolume -sc -id 3
To verify current active volumes : zmvolume -dc
To test login to ZCS Administration Console and test HSM on server/volumes tab
Back to console as root : To verify everything is see the directory name 0 created by ZCS :
ls /media/truecrypt1/storetc
Thanks to Jean-Regis BOULET for sharing his notes with us.