Hacker News new | past | comments | ask | show | jobs | submit login
Set up an email server in two hours (sealedabstract.com)
220 points by steveklabnik on July 15, 2013 | hide | past | favorite | 127 comments



If you are still using GMail (or Yahoo, or arbitrary US-based email company) in August, your right to complain about the NSA spying on you is revoked. If you’re complaining about government spying on the Internet, or in a gathering of programmers, and you won’t take basic steps to do anything about it, then you’re a hypocrite, full-stop.

I don't understand this point of view. Your opinion on how fair or legal or morally right a law is has nothing to do with the steps you've taken to avoid that law.

Why do the "basic steps to do anything about it" stop at protections that the technically-skilled can take, rather than contacting and complaining to your Congressperson or otherwise actual attempts to have the law changed?

And how useful is it to run your own encrypted email server if the email message itself isn't encrypted in transit?


You're spot on, the argument is completely invalid. It's the same premise used when people claim you have no right to voice your opinion about an election if you don't vote.

It's an argument form of attempting to intimidate the reader, and very lowbrow intellectually.

It's a pretty comically police state'y attitude to say that anyone's right to complain is ever revoked under any circumstances. The author apparently is immune to being aware of his own hypocrisy.


Abstaining != apathy.

If you vote "none of the above", or spoil your ballot, you have my respect. Heck, if you sit it out and chill, that's cool too.

But if you can't be bothered to participate, or worse discourage others with cynicism (Trey Parker, Matt Stone), and then complain, I have nothing but contempt for you.

That said, running one's own email server is nothing like voting.


Jello Biafra once proposed a system where every ballot has a "None of the Above" and if that option wins, you do the election over with all new candidates.


Great idea. Good for election integrity too. "Under votes", common down ticket, allows someone to helpfully making a choice for you. Those down ticket races like sheriff, auditor, judge are pretty high stakes, often decided by just a few votes.


Here in Portugal we can just submit a blank ballot, and it gets counted separately from the spoiled ballots. Seems easier than adding a new option to every ballot.


Sure, you can do that in most American elections too, but do the blank ballots have any effect besides registering your discontent in a tally.

(For what it's worth, I think that if you don't like anyone on the ballot, you're much better off encouraging better people to run or running for office yourself.)


Elections aren't cheap. Who pays for the redo?


They're also not cheap to campaign for - politicians will want to avoid do-overs.


> And how useful is it to run your own encrypted email server if the email message itself isn't encrypted in transit?

It isn't, of course.

The proportion of mail that is encrypted is the square of the proportion of email users who have encryption set up (assuming all email users are equally likely to mail any other user). So if 1% use encryption, only 0.01% of emails will be encrypted. If we want most mail to be encrypted we need 70% of people to use encryption. This means it has to be REALLY EASY TO SET UP AND USE.

Ideally, when someone buys a PC/phone/tablet, and uses it to communicate with others, it should do strong encryption out of the box, so that the user would have to take explicit steps to not encrypt.

Most of these devices run software controlled by Microsoft, Apple or Google, all of which are deeply implicated with the NSA. So it's futile to expect that they will willingly protect their users' privacy. Therefore the next best thing is to write software that once installed will be really easy to use, that is to say in normal operation it will take no effort at all to use (zero user interface).


> If we want most mail to be encrypted we need 70% of people to use encryption. This means it has to be REALLY EASY TO SET UP AND USE.

Given most users' utter ignorance about any technical matter (a consequence of the intellectual laziness our age promotes IMHO), I think the only useful way to ensure this is to make it the default in any e-mail client. But this is still only half the way uphill -- it also means storage should also be secure, including remote ones like Gmail, or that users should become educated enough to stop using services that aren't.

The first one is unlikely to happen IMHO, as it would mean companies that depend on mining your e-mail, like Google, would basically have to stop doing it. The other one is even more unlikely to happen as it would require people to actually invest time in using computers, something which our society has constantly brainwashed to think they shouldn't do -- everything should be plug'n'play and trivial and just work out of the box. Heaven forbid you'd actually have to understand the whys and the hows.

Now that our decades-long dream of seeing everyone having access to a computer and to a vast network of information has finally come true, it doesn't look like such a beautiful dream anymore...


> I think the only useful way to ensure this is to make it the default in any e-mail client.

I agree.

> But this is still only half the way uphill -- it also means storage should also be secure

That would be ideal. But even without that, something useful has been done since it is practical for the NSA/GCHQ to read all internet traffic, it is not pratical fro them to burgle everyone's house.

If PCs come with encryption as standard, it needs to be a steganographic file system, with multiple keys revealing different sets of files and with the number of possible keys being very large. Otherwise, an adversary could simply use rubber hose techniques to get the information.

> including remote ones like Gmail

Gmail represents a single point of failure and is thus always going to be attractive to an adversary. Anything stored unencrypted on gmail, Google Drive, or equivalent -- one should assume the NSA can read it.

> The first one is unlikely to happen IMHO, as it would mean companies that depend on mining your e-mail, like Google, would basically have to stop doing it.

You're right in that gmail's business model is basically anti-privacy. We need to convince people to use local email software not store their email on a remote website (such as gmail).

> The other one is even more unlikely to happen as it would require people to actually invest time in using computers

You're right, because it's impossible to have a zero-user interface filesystem encryption (since people need to type in their password).

> something which our society has constantly brainwashed to think they shouldn't do -- everything should be plug'n'play and trivial and just work out of the box.

There's certainly an element of truth to this.

> Now that our decades-long dream of seeing everyone having access to a computer and to a vast network of information has finally come true, it doesn't look like such a beautiful dream anymore...

Computers can be the biggest tool for freedom and empowerment ever invented, or the biggest tool for coercion and oppression. I believe this will be one of the biggest political issues of our times.


Just why isn't key distribution an SMTP extention? I'd expect there to be an RFC for it, but I couldn't find anything. (I'm not talking about DomainKeys. I'm asking why an SMTP client can't ask for a recipient's public key, and if it exists do the encryption.) Here is a blog post about it:

http://www.illuminatedcomputing.com/posts/2013/07/public-key...


There is TLS for SMTP, which admittedly doesn't protect the email once it gets to the server, but at least helps en-route.

Also, I don't think there's a problem around the fact that most of the time you don't communicate directly with the recipient's smtp server - relaying is definitely a part of SMTP. It would work in the case of running your own SMTP server that you use to relay mail (assuming you encrypt your own SMTP sessions), but you'd need smtp servers to recursively query for the public key if you want to enable relaying.

This is starting to sound suspiciously like DNS, so why not just store the keys there? There are already ways to do that:

http://www.gushi.org/make-dns-cert/HOWTO.html

Add in DNSSEC records and you can be pretty certain you have the right key.


Thank you for replying! Relaying does seem like a fatal flaw. DNS seemed like a bad match for per-user information (rather than per-domain), but indeed that HOWTO gives a nice way of working around that. So it's just a question of MUA PGP modules trying that mechanism.


I'm currently writing software that essentially does this. It doesn't put the key in the SMTP protocol, but in the mail header, e.g.

    X-Purrcat-Key: ...public key goes here....


Well I commend you for moving things forward! Have you talked with any security professionals about possible pitfalls of using mail headers? I was sort of hoping tptacek would come on and tell me why my idea is no good. :-)


Not yet, though the project will be open sourced, which will hopefully enable other people to catch any security holes I've left in it.


Please note that the X- pattern is considered deprecated: http://tools.ietf.org/html/rfc6648

TL;DR: just make your header Purrcat-Key.


Thanks for the info.


This seems like it would work if you wanted to encrypt a reply message, however how would you get another user's public key if you're the one initiating the first conversation?


I've always assumed that encrypting my communications is akin to demanding the authorities pay special attention to my activities.


That's why everyone should do it. For everything.


I think defaulting to encryption is great for businesses. A friend who does security policy for a big corporation is always complaining about data egress, and closing even one vector would help. And within the corp you control the MTA and MUAs, so you could at least secure intra-corp communications. To him, leaking info to a competitor or the public is a bigger deal than the NSA.


Absolutely. I implemented 5 regional health information exchanges. We resigned ourselves to accepting that a disclosure was a matter of when, not if.


Yeah this type of logic regarding the NSA spying has been driving me nuts. It is illegal regardless of what I choose to do or use. The applicability of these laws does not depend on what I or anyone else buys, uses or patronizes and neither does our right to complain about it.


[deleted]


I think that speeding laws should be abolished on highways and interstates, road surface permitting. I really do.

I also don't surpass 10% over the limit. Neither do I have a radar detector, nor a GPS unit that maps speed traps.

Does this make me a hypocrite? Of course not.


But you would be a hypocrite if you also complained about people speeding in the street where you live.


Would I necessarily be? Perhaps I believe that speeding is particularly unsafe when it is not permitted and therefore not expected.

However I think this analogy has strayed too far and broken down. I'm not sure how complaining about others speeding maps back to encrypting email. (Also, I don't actually care when other people speed, so long as they don't do it recklessly ;)


Residential streets are not at all the same as highways and limited-access interstates.


Odd blog post.

Talks about "NSA-proofing email" and doesn't mention PGP, GPG or S/MIME.

Should be titled "How to set up a mail server with SMTP and IMAP". Seems only peripherally connected with protecting email from snooping in any way.


Yeah, it didn't make any sense to me either. I'm all for running your own mail server but that alone will not make it any more secure unless you only communicate with people using said server.

If I care that much about the content of an e-mail it will be encrypted or I will tell the person via other means. I assume everything I send via e-mail to be available to 3 letter agencies all over the world, regardless of what server I use.


And, even encryption doesn't keep the metadata from the NSA.


It's defence against legal compliance with the NSA.

Emphasis is privacy and compliance, not security.


No it isn't. The email passes through the server unencrypted (between Postfix and Dovecot), so it's still a potential tap point. In fact, running encryption to the server simply says to the NSA: Ask Linode for access to this disk.


He used an encrypted FS I believe, but the NSA could just ask to monitor all mail to and from his instance at Linode (or any ISP) since he didn't encrypt the mail.


And they probably have most of the mail anyways because odds are he's mostly communicating with people using google, yahoo, microsoft, etc.


I wonder how effective this advice would even be at achieving that goal. Consider, for instance, that what meager protections are afforded electronic communications (by the Stored Communications Act, etc.) only apply to providers that "serve the public". [1] Others, such as Jake Appelbaum, have argued that hosting with Gmail or other large providers offloads the legal burden onto their well-equipped legal teams to defend against subpoenas, FISA requests, NSL's and the like. [2]

The problem here is that it is very difficult to protect yourself when you don't understand your adversary's capabilities. We need transparent legislation and accountability in both government agencies and tech industry corporations. A lot of this advice boils down to an assumption that the NSA/DOJ/FBI will "play fair", and there is really no reason to expect them to do that.

[1]: https://ssd.eff.org/3rdparties/govt/stronger-protection [2]: http://youtu.be/HHoJ9pQ0cn8


Well, with that consideration, the advice is moot since it isn't outside government regulation.

Hmm...good point. We really need an open-source ISP for privacy to start to work. A fool-less system where the executing code is available to the public with read-only access with write permissions to appointed admins.


There was an excellent tutorial posted on that the other day: http://futureboy.us/pgp.html


I wonder if it is feasible to hide messages in spam. e.g. pretend that your machine is spewing out ads when it is sending messages. It probably one of the first things that will get filtered out by the NSA.


I do not want to NSA-proof my email or phone conversations. I do not want to wear a mask to avoid face recognition and what more propositions are yet to come how we should adapt to the situation given.

While we are are from the ideal world where this behaviour would be without consequences, the matter asks for a change of the situation we are finding ourselves in.

Get loud, get political. Don't dream that you are holding a weapon in your hand because you can half assedly encrypt peer to peer communication. This is only confirming the status quo. Like n umbrella might confirm it's raining.

As side-thought: the same technical reflex might have occurred to that institutions in the first place: let's record everything and we will be more safe.


"Get loud, get political."

A major problem with this is that advanced surveillance technology and the increased sharing and cooperation between the various spy agencies and ever more militarized police force is being used to target, spy on, and repress political activists and protestors.

If you seriously, but peacefully and non-violently, try to oppose the surveillance state aparatus and are deemed to be a threat to the huge sums of money they are getting to fight the good fight or a threat to the power they're ammassing, you can expect to be spied upon and harassed at the bare minimum. The more of a threat they consider you to be, the more you're likely to find yourself in jail or worse.

Of course, this has been par for the course for political activists ever since Spartacus led a slave rebellion, and it will not stop the minority truly dedicated and idealistic activists. But the tools of state surveillance and repression have advaced so much that it's much harder for ordinary people to participate in the political process beyond voting for two mostly the same parties, writing emails, or making phone calls without suffering serious consequences.

This is scaring a lot of people off from even trying to make a difference. In many ways, many of us already are living in a dystopia.

That said, trying to raise the political consciousness, technological literacy, and privacy awarenss of the average individual is still a very worthwhile and usually safe thing to do (depending on how radical and confrontational your tactics are), and we'd all be much better off if more people did this instead of throwing up their hands and giving up or pretending it's not happening.


I came along to post a very similar thought. NSA proofing my email won't do any good. I'm not worried about the NSA (or my country's equivalent) spying on me. I'm worried about what are the consequences of their unchecked power in general.


I think do both. But yes, in the long term, a political solution is the only good solution. I hate how all this spying forces us into regressing on usability and also stops us from using some features, simply because we know NSA is on to doing nefarious things with all that data.

But we shouldn't have to worry about that sort of stuff, because we should have strong laws in place protecting against such mass spying.


If NSA is able to do that, any nation and possibly multiple entities can do the same. It's not because you don't know it that it doesn't happen.


Well it is good that NSA have never heard about zero day exploits. Otherwise think of all the nasty stuff they could do to a machine.

Stop with the proofing stuff already. Security is hard and relative. Having a very hardened system can only take you so far. Also it makes you visible - a lot of encrypted traffic is red flag for these kind of agencies. By claiming something is "Villain of the month" proof you just may put someone that really needs security in hot water. In some parts of the world literally.


I always thought that if the NSA really wanted to target my data, they would

a) Hand me a letter signed by a judge.

b) Delay my luggage at the next convenient airport and have a look.

c) Have someone break into my house.

d) Have someone rob me personally.

For all these, a self-hosted mail server offers no protection whatsoever. And for none of them, any zero day exploits are needed either.


>Stop with the proofing stuff already.

>By claiming something is "Villain of the month" proof you just may put someone that really needs security in hot water.

+1


[deleted]


Not quite. The HN crowd loves encryption and security porn. We love the feeling of sticking it to the man (almost every technologist has anarchistic streak in them). No key is big enough for us and you could always throw 1000 more PBKDF2 rounds. But for the majority of us encrypting our communications is low stake poker game at worst. And for the majority of that majority no adversary is even present. For us the snowden leaks are a matter of principle.

I hope for the day that all traffic over the net will be encrypted and outside of the peeping toms reach. We are not there yet.

But for now - out there - there are people that really need their communications concealed. And it is serious matter for them. Being invisible right now is better defense than having impenetrable fortress.

Will you recommend the setup described in the article for someone who can get in real trouble if the government is able to read her communications or even the learn that she is just communicating (this alone could be damning) with someone?


Nope. this is not NSA proof.

This is PRISM proof. i.e. it is not trivial for the NSA to request records from your $emailhost.

However it does not prevent your emails from being read by the NSA.

Firstly, your emails still have destination outside your linode bubble. so you email your friends who are on Gmail? well that in the NSA database now.

Secondly your linode machine is entirely virtual, so there is no way to see if your data has been tapped at the datastore level. How do you know that linode is not in bed with the NSA. Are there any backdoors in the provisioning system? What about the random number generator?

Thirdly and most importantly, most network connections are tapped by either the British, Germans, French, Austrailans or the US. so any network traffic is considered to be entering hostile territory as soon as it leaves your LAN.

So your options are:

Encrypt[1] or not use the internet.

Tor is largely pointless, as who do you think puts all that money and time into operating large exit points? also having the ability to interrogate packets at carrier level make it much easier to do timing attacks.

[1] assuming your machine isn't compromised, or the encryption is "NSA proof"


> so any network traffic is considered to be entering hostile territory as soon as it leaves your LAN.

I wouldn't trust the routers and modems either... And there are some problems with trusting the actual computers. At a minimum, USB devices shouldn't be trusted.

NSA proofing your data isn't easy.


I would like to point out that although it is suspected that Tor is worthless for traffic on the www due to exit nodes being tapped, it is much better when using hidden services.

Edit: had an extra 'w'.


Great article about setting up a mail server, but the privacy claims seem a little dubious. Private email takes two. Running your own server won't do much good if all of your email exchanges are with people on gmail, hotmail, yahoo, etc.


Please please don't use greylisting. It's not cool. There are too many broken mail servers around and you'll loose emails. I was unfortunate enough that I had to use mail server with greylisting enabled. As a result I regularly lost booking confirmations.

Spammers know greylisting. Workaround is cheap for them. That's why you are receiving some spams twice.


Not in my experience. I'm using greylistd with Exim and a custom config which uses geolocation to do greylisting by subnet country code. I've only needed to whitelist a handful of broken MTAs which don't retry.

My spammers clearly haven't caught on yet...

      zgrep grey /var/log/exim4/rejectlog* | rev | cut -c 2-3 | rev | sort | uniq -c | sort -rn | head
      8 CA
      7 IT
      5 ES
      4 BR
      4 AR
      2 TR
      2 RO
      2 IR
      2 EC
      1 PT


What do you mean too many? there are so few legit servers that will not resend an email and you can whitelist those.


I silently lost email from my accountants because of some sender verification misconfiguration. Silently dropping email seems too risky to me. Checking the greylist and then marking the email accordingly sounds like a good compromise.


So, this is nice, but it's not going to "NSA proof" your email in any meaningful sense. You're still going to be exchanging plain text email with most counter parties, and unless you require TLS (as is mentioned in the end, and which will lose you quite a bit of email), you can trivially be MITM'd. Also, the author appears to run it on Linode, ie. a VPS in the US. In other words, the encrypted filesystem is only marginally more complicated to get at than a non-encrypted one.

But that doesn't mean it isn't an extremely useful guide. What would be even cooler was if it would be productized, e.g. by packaging a VM image or as Puppet/Chef recipes - this would make leaving GMail a much simpler proposition to a much larger audience (and make large scale collection of emails, if not impossible, then significantly more complicated) - just get a cheap VPS, do a git clone on the recipe and invoke puppet.


There is an email service that offers what the article explains: https://countermail.com


Is it safe from the Feds compelling them to insert a backdoor?

http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/


No but neither is the setup of the article mentioned. PRISM is all signal intelligence. That is what SSL/PGP effectively solves.

Wiretapping (rootkits or backdoors) are almost impossible to stop. The endpoint is always the weakest point. And I'm sure the NSA spends millions on the latest exploits. No 3rd party hosting service is capable of preventing that.

> Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.


Patch management and zero-day protection are pretty important, but unfortunately not covered in this. It is also hard to maintain over the long term.

This is why I stopped hosting my own email.


That's also the reason why I stopped hosting my own email. I don't trust myself with not losing any emails while properly configuring spam blockers, keeping the system up to date, and staying on top of vulnerabilities.


IMHO, it's a bit irresponsible, to call something XXX-proof, when we don't even known the full range of capabilities of XXX.


Could the NSA use some random hidden exploit and break into the machine if they really wanted to? Probably. But this is about all your emails not being easily indexed by Google/NSA and whoever else the NSA works with.

Obviously emails you've sent out to other servers/domains will be in the clear and will then be indexed.


> Obviously emails you've sent out to other servers/domains will be in the clear and will then be indexed.

Yes, that's what I meant. And - aren't those the majority of the emails? If so, it's incorrect to call it NSA-proof.


Like bleach only killing 99.99% of germs!!!


Too bad this does not mention two-factor authentication. I've grown so accustomed to it that I feel naked without it.


Two-factor authentication is available in Roundcube via plugins. POP3/IMAP4/SMTP don't really support two-factor authentication so the best you could do is use a password that you don't use elsewhere (a good idea regardless) -- I think that's what Google does with their "application specific" passwords or whatever.


Why would you need a two-factor authentication if the server is yours ? You can always reset everything, you are your own Google.


I'm not sure what you mean. I use two-factor authentication to ensure that people can't log in to my mail from 'new' locations without needing my cellphone. Having root access to the server and being able to reset everything doesn't fix this, unless I'm misunderstanding you.


How is this really NSA-proof? If your family/friends/colleagues are using GMail/Outlook/Yahoo/etc. to send you emails, the security of those emails is anyway compromised.


But if your family/friends all have their email hosted on your server then it's "safe".


The was a great tutorial! Would a raspberry pi have enough power to tackle this setup? I only ask because I have seen similar self-hosting projects on a pi, but nothing quite this complex.


Full-text indexing via Solr would certainly kill it (if it runs at all — what's the JVM landscape like on ARM?) but many of us have been running a similar setup on a vastly less powerful NSLU2.


What I have increasingly seen (not because of the NSA - most of my friends just assume the government are watching - they grew up on 24 and Jason Bourne) - is that email is just not something they use much. I'm told that email is all "spam", by which they mean followups to services they signed up with, not really spam, but not personal communications either. For them, personal communications is increasingly switching to txt/iMessages. The interactivity, the ability to be in a conversation is more natural than email where you write something, toss it over the fence at some MTA. The NSA might just be watching the wrong channel.

Obviously they are no doubt snooping iMessages, but if someone wanted to NSA proof their "email", maybe instead they should just forget email all together and think about mobile, point to point solutions. I used to use bbm before they have up on releasing new phones (something they have since done, but too late for me) - they used to have a decide pin you could use to make point to point encrypted messaging - it was easy to use and I assume reasonably secure. Maybe something like that is far better than even bothering with email.


I'd like to see this setup coded into a proper server provisioning tool like Chef/Puppet/Ansible.


OK, a general question. I understand why it's really bad that the government is spying on us. They shouldn't do it. But that's a civic and political issue (a very important one!) much more than a personal issue. As a private e-mail (and internet) user, I'm 100 times more concerned about Google reading my e-mail than the US government. I don't think the government cares much about my correspondence, but I know for a fact that not only is Google interested, they're actually sifting through my e-mails, extracting information and actively using that information against me every day.

Government sponsored invasion of privacy is infuriating, but corporate invasion of privacy is constant, on a far larger scale, not subject to almost any kind of oversight and scrutiny -- however slim --, and is much harder to stop (partly because it has less sinister connotations in people's minds, and people have the illusion that they're submitting voluntarily). In addition -- and this may be beside the point and a matter of personal taste -- corporate surveillance is used for far more egregious ends.

Why would you want to NSA-proof your e-mail but not Google-proof it (though that would probably be far harder to do)?


Seeing as the government can demand any information on you from Google if it really wants it, Google-proofing is a prerequisite for NSA-proofing. And Google can't imprison you.


"I don't think the government cares much about my correspondence"

That sounds a lot like the "I don't have anything to hide" argument.


The "I don't have anything to hide" argument is irrelevant when it applies to the political sphere. But when an article says, "this is how to hide your stuff" that argument becomes very relevant. If it's not about politics and society anymore but about your own actual privacy, why try to hide your stuff from the government when Google not only keeps a copy of your house keys but makes it a habit to snoop around and then show off about how well it knows you.


> ... corporate invasion of privacy ...

The difference between "government sponsored" and "corporate" invasion of privacy, in this specific case, is that you can easily "opt out" of Google's invasion of privacy (which, technically, isn't, since you explicitly gave them permission to do it).


If I were from NSA: 1. Go to linode (or your favourite hosting provider). 2. Make a snapshot of memory of a running VM. 3. Extract encryption keys from that snapshot. 4. Decrypt.

The message here is: it does not matter which server setup you use, be it own hardware, cloud hosting or gmail. If data is seen unencrypted in any place which is not under exclusive control of yourself or your peers, it can (and eventually will) be intercepted.


I'm suddenly really happy that we decided to build our own facility to house our gear and even happier that there's only a couple of us with physical access to that particular facility (and that I'm notified almost immediately if/when the door opens).


Good tutorial but its does not make it fully secure. SMTP is an unsecure protocol, so if your host decides or is compelled to sniff the traffic, all emails received or sent could be recorded in plain text. Not to mention emails from senders using 3rd party services are already compromised even before it gets to you.

How is it that we still don't have proper support for secure SMTP among most email providers?


How? Stop sending email? That takes a lot less than two hours. As soon as I email someone who uses gmail nothing you have done prevents the NSA from seeing it. Without heroic measures to run my own private email system and force every person or company that I might email to use it, there is no way to keep the NSA completely out.


When the NSA can (is) watching the actual traffic through the internet backbone, NOTHING you do that is not encrypting is doing anything.

I sit and laugh at people who say they're switching to Linux or moving their mail to their own mail server because of the recent NSA revelations. They're not logging into your desktop directly. They weren't logging directly into your GMail, they're just quietly letting it accumulate as it passes something they do monitor.


Sure would be lovely if some of our German hacker brethren would start a strong gmail competitor. It wouldn't even need to be "NSA-proof", but just something with a large userbase and an order of magnitude harder to spy on, with no jurisdiction for NSL shenanigans.


Are you listening, Germany? =)

Many of us would pay a fair amount for such a product!


I wish people would stop calling "#" a "hashtag" outside of social networks.


I agree. Everyone should call it an octothorpe because that's an awesome word to say.


Well that's cool. Except, as others here have noted: what assurances do you have on the other end (destination)? You can have all the encryption you want, but ultimately "they" (NSA, FBI, CIA, whoever) have a thousand ways to get at the information they want: keyloggers, 0-days to get into your machine, 0-days to get into your email server, etc. Sure it's a fun exercise, but don't kid yourself into thinking that you're bulletproof. Whether you agree with it or not, the NSA can more than likely get around any protection you try to implement, if they have enough reason to put the effort into it.


Interestingly enough, one of the best tools that many of us "techies" have to help prevent this was developed (at least in part and initially) by the NSA itself: SELinux.


NSA-proofing is (in my opinion) a very temporary and actually kind of a selfish way of solving this problem. This is a situation where everyone is affected by legislation, cutting yourself out of the situation doesn't help anyone around you (and those you may communicate with, bringing you back into the 'grid') and really just delays the inevitable.

Everyone has some responsibility, and for any sort of permanent or at the very least long-lastic effect, people need to motivate and bombard their representatives with letters and phone calls.


Conversely - if significant numbers of people DID leave hosted services for this kind of solution, wouldn't that prompt the big providers (with deeper pockets and far more lobbying capability) to push back in order ensure their business is not negatively affected?


More than a few things in the article made me go "wait a minute", like saying "Dovecot is LDA, so it runs IMAP", the chained IV and the warning that some programs might not work (and if mutt won't work, how do you know Dovecot will?), or the use of mysql ... but the glibc bcrypt story is especially sad.


I have been wanting to set up my own mail for quite a while (I don't really care about it being encrypted etc. at the moment). Ideally this is going to give me the right push to do so. I do have a dedicated server so that makes things easy, hopefully the fact I am running CentOS will not make a difference.


>Better SPAM detection. Yes, you can beat the Big G.

I never had a spam problem with gmail. V!AGRA and other spam emails are always in my spam filter. I'd say current detection is around 98% effective with the remaining 2% due to the fact that I haven't tried to correct miscategorization of some newsletters.


Is this really going to protect you? I get the feeling it'll just give you a false sense of security.

They will still know who you are sending email to and receiving from.

The recipient metadata is unencrypted correct? As we've seen recently—the metadata often reveals more than the message content.


Not if you're sending important emails to other people hosted on your own server.


Should be titled "How to make yourself feel secure with a mail server that isn't".


It has been pointed out elsewhere that if you encrypt your data, you give the NSA reason to hold it indefinitely since you might be hiding something. In other words, the act of attempting to insure your privacy makes you more suspect. This sucks.


this is akin to having to put all of your snail mail in a lock box and set up your own post offices just to get mail to where you want it to, hoping it won't get intercepted along the way. I think the government needs to change, not us.


The costs look radically different. Which isn't to say the government doesn't need to change, of course.


The problem with this approach is - I know how dangerous is to run un-updated system, and I am too lazy to check updates at yet another system, and correct stuff when the updates break something.

And updates always break something.


I think the author missed one requirement: you need to have your own (sub)domain. Since it cost money most people do not have it.


You can get third-level domain names for free from various dynamic DNS providers.


Surely there should be a Bash script or Debian package for this kinda thing?


Nice try, NSA. This won't protect us at all.


ok I don't want to set up a whole system or even a virtual OS for reading email. Any lighter, less-invasive alternatives ?


If you are in the US, you are not NSL proof.


Yes, the NSA could still get your metadata, content from your ISP with an NSL, but this would eliminate the possibility of getting your email directly from the g00g


Given that 'the g00g' is delivering email in accordance with the very same NSLs I'm not sure how that's really better though. I would certainly place more faith in Google to properly maintain the security and configuration of an email server than myself.

The one advantage I see is that someone has to write the NSL in the first place so if you use a hosting provider that is very small you'd probably avoid attention just due to prioritization of resources. But that would only last until enough other people become aware of that refuge for it to become visible on the NSA's radar...


Yep, you are absolutely correct. This approach is only for the truly paranoid. But if you host accounts for your friends, family, and s/o, then your messages / metadata will never go out onto the web in any readable form. Yes, emails from businesses and other people will be visible but it is certainly a better setup if you care about your privacy.


> NSA-proof your email in two hours

Or just get used to using decentralized and encrypted p2p communication solutions. No server to set-up, just the client to install.


Have recommendations?


RetroShare


Thanks, that looks useful. Quick questions: would non-tech friends and family be able to use this? Problems being behind a NAT?


You should just exchange your public keys with your friends. The software makes this easy: it can create an email with your public key and open your default MTA for sending it to your friends. Then they can easily import the received email (with your public key attached). Then, of course, they should send their public keys to you.

There is no problem being behind a NAT, it supports UPnP / NAT-PMP port forwarding.


Thanks!



Instructions of how to secure your email even faster with same level of security.

1. Have Gmail account.

2. Use disc encryption in your desktop/laptop.

3. Have your own email client.

4. Use IMAP to download mail from your Gmail acocunt and to delete mails in Gmail.

NSA can still snoops your email like it does when you use your own server, but you don't keep the archive of your emails accessible to them.


you do realize that 'delete' does not actually delete your messages?


Yes, but the messages stay only six months. Probably roughly the same time as NSA would store intercepted mails.


Not sure if serious or trolling the OP, who I'm not sure if is serious or trolling either.


I'm serious. Don't people read those documents Snowden leaked? There is alternative to Prism called Upstream, that collects and intercepts data directly from communications.

https://en.wikipedia.org/wiki/File:Upstream-slide.jpg

The only difference between downloading daily your data to your laptop and deleting it from Google is that they stay in Google servers up to 30 days after deletion. In both cases NSA can read your emails. Either using PRISM or Upstream.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: