[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)



thanks, i've already went the VPS way since i already got one set up as an
exit node.
adding dovecot to get imap and all the other protocols with the extra 's'
which will hopefully be more secure than just postfix.
it also takes care of the open relay problem that you rightfully mention.
only problem so far is that since it shares an ip with a Tor relay, gmail
will treat it as spam.

if we are already on the list:
my intention is to one day to offer anonymous email services gratis to
whoever will ask for an account.
account requests will be handled over TorChat or a simillar hidden service
so that i wont know who the users are.
users will be encouraged to log in through Tor+webmail, hidden service, or
something like Torbirdy+thunderbird.
and since my promise to respect others privacy is worthless, users will be
encouraged to use GPG.
if anyone has any wisdom to share, i really want to hear about it.
 thanks

On 17 November 2012 12:41, Julian Yon <julian@xxxxxxxxxx> wrote:

> On Fri, 9 Nov 2012 12:59:55 -0500
> george torwell <bpmcontrol@xxxxxxxxx> wrote:
>
> > i have a few unrelated questions, if i may.
> > ive noticed that you have your own mail server, which is cool.
>
> I don't have my own mail server. I use GMail's servers with my own
> domains. You can determine this easily from the public DNS:
>
> $ host -t mx yon.org.uk
> yon.org.uk mail is handled by 10 aspmx.l.google.com.
> yon.org.uk mail is handled by 20 alt1.aspmx.l.google.com.
> yon.org.uk mail is handled by 20 alt2.aspmx.l.google.com.
> yon.org.uk mail is handled by 30 aspmx2.googlemail.com.
> yon.org.uk mail is handled by 30 aspmx3.googlemail.com.
> yon.org.uk mail is handled by 30 aspmx4.googlemail.com.
> yon.org.uk mail is handled by 30 aspmx5.googlemail.com.
>
> > and i want to set up one myself for privacy reasons. just for me and
> > a few friends.
> > would you recommend that? can you share how you did it?
>
> In future I'd appreciate it if questions like this could go to the list
> instead of to me personally. I don't mind sharing my thoughts with the
> wider community, who can then either learn from them or criticise them
> (which of course I learn from). But direct communication feels a bit
> too much like consultation, and as this is my profession and I have
> children to feed I don't really want to do it for free. This is why I'm
> replying on-list.
>
> If you want to run your own mail server, you need either to hire a VPS
> or dedicated server, or colocate a machine of your own in a datacentre.
> While in theory you could run a server off a cable or DSL line, I
> wouldn't recommend it. Even if your ISP is friendly towards the idea
> they're unlikely to guarantee you the uptime you need for a reliable
> service. Never mind that it'll be your home the police are sniffing
> around if you're doing anything illegal with it.
>
> On the server you want to run a Unix-type system. GNU/Linux and FreeBSD
> are the most popular options, though NetBSD is a good candidate too.
> (OpenBSD has many advocates but I'm not personally a fan). You then
> will need to configure an SMTP server. Postfix is included with many
> distributions and is a reasonable choice. But whichever you choose,
> configuring a mailserver is not trivial. One mistake you don't want to
> make is to end up running an open relay, as it'll get you blacklisted
> by the major providers pretty quickly.
>
> To be able to receive mail to your server, you need one or more domains
> that you can create DNS records for. For mail to foo@xxxxxxxxxxx to be
> correctly routed, you need to add an MX record in example.com pointing
> at your server. If you only have the one server, then you'll only need
> one record, but if your server is down or unreachable then other
> servers will probably either bounce or blackhole incoming mail. They're
> under no obligation to queue it for you. So if you don't want that to
> happen, you should consider running a backup server on a different
> network (and add a lower priority MX record for it). Note that the need
> for DNS records precludes foo@xxxxxxxxxxxxxxx as a practical address
> format. Your mail will have to be routed off-Tor.
>
> Would I recommend it? No. Unless you want to do so for the learning
> experience. SMTP is insecure by design; running your own server doesn't
> do anything to prevent interception of messages, it merely gives you
> another system to administer. For security purposes you will achieve
> more by learning how to use GnuPG to encrypt your mail. You can use
> this with any email provider, either with tools built into (or added
> onto) your mail client, or using the standalone tools and C&P. It
> doesn't solve every problem (e.g. mail headers are plaintext) but it
> does mean that the body of encrypted messages is not revealed if
> communication is intercepted, or the server is seized.
>
>
> Julian
>
> --
> 3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012@xxxxxx>
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk