[tor-talk] Private mail server (Was: i saw your response on the Tor talk list)

Julian Yon julian at yon.org.uk
Sat Nov 17 17:41:12 UTC 2012 

On Fri, 9 Nov 2012 12:59:55 -0500
george torwell <bpmcontrol at gmail.com> wrote:

> i have a few unrelated questions, if i may.
> ive noticed that you have your own mail server, which is cool.

I don't have my own mail server. I use GMail's servers with my own
domains. You can determine this easily from the public DNS:

$ host -t mx yon.org.uk
yon.org.uk mail is handled by 10 aspmx.l.google.com.
yon.org.uk mail is handled by 20 alt1.aspmx.l.google.com.
yon.org.uk mail is handled by 20 alt2.aspmx.l.google.com.
yon.org.uk mail is handled by 30 aspmx2.googlemail.com.
yon.org.uk mail is handled by 30 aspmx3.googlemail.com.
yon.org.uk mail is handled by 30 aspmx4.googlemail.com.
yon.org.uk mail is handled by 30 aspmx5.googlemail.com.

> and i want to set up one myself for privacy reasons. just for me and
> a few friends.
> would you recommend that? can you share how you did it?

In future I'd appreciate it if questions like this could go to the list
instead of to me personally. I don't mind sharing my thoughts with the
wider community, who can then either learn from them or criticise them
(which of course I learn from). But direct communication feels a bit
too much like consultation, and as this is my profession and I have
children to feed I don't really want to do it for free. This is why I'm
replying on-list.

If you want to run your own mail server, you need either to hire a VPS
or dedicated server, or colocate a machine of your own in a datacentre.
While in theory you could run a server off a cable or DSL line, I
wouldn't recommend it. Even if your ISP is friendly towards the idea
they're unlikely to guarantee you the uptime you need for a reliable
service. Never mind that it'll be your home the police are sniffing
around if you're doing anything illegal with it.

On the server you want to run a Unix-type system. GNU/Linux and FreeBSD
are the most popular options, though NetBSD is a good candidate too.
(OpenBSD has many advocates but I'm not personally a fan). You then
will need to configure an SMTP server. Postfix is included with many
distributions and is a reasonable choice. But whichever you choose,
configuring a mailserver is not trivial. One mistake you don't want to
make is to end up running an open relay, as it'll get you blacklisted
by the major providers pretty quickly.

To be able to receive mail to your server, you need one or more domains
that you can create DNS records for. For mail to foo at example.com to be
correctly routed, you need to add an MX record in example.com pointing
at your server. If you only have the one server, then you'll only need
one record, but if your server is down or unreachable then other
servers will probably either bounce or blackhole incoming mail. They're
under no obligation to queue it for you. So if you don't want that to
happen, you should consider running a backup server on a different
network (and add a lower priority MX record for it). Note that the need
for DNS records precludes foo at something.onion as a practical address
format. Your mail will have to be routed off-Tor.

Would I recommend it? No. Unless you want to do so for the learning
experience. SMTP is insecure by design; running your own server doesn't
do anything to prevent interception of messages, it merely gives you
another system to administer. For security purposes you will achieve
more by learning how to use GnuPG to encrypt your mail. You can use
this with any email provider, either with tools built into (or added
onto) your mail client, or using the standalone tools and C&P. It
doesn't solve every problem (e.g. mail headers are plaintext) but it
does mean that the body of encrypted messages is not revealed if
communication is intercepted, or the server is seized.


Julian

-- 
3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012 at jry.me>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20121117/99531a8b/attachment-0001.pgp>

More information about the tor-talk mailing list