1) I have yet to find anyone willing to accept email from me that has been encrypted before I send it and must be decrypted by them (GPG for example).
2) It is stored in plaintext on a server I do not control (I send it to someone who uses one of those big hosts like Google, Yahoo, etc).
Sending it over the wire in plaintext is probably being less of an issue now (as it seems the most used hosts are doing TLS), but that doesn't really help with bullet #2.
I think the best bet is attempting to communicate with others using some other application that is not email based (like textsecure for example). Not sure how to get regular email from corporations via another means though (monthly bills for example).
Unfortunately, no, TLS in the SMTP world is basically a joke, security-wise. It can inconvenience a passive interceptor, but crumbles in the face of an active adversary, due to the fact that $NOBODY does cert checking, and consequently, nobody can do cert checking, because it would break their mail server, because nobody does cert checking properly.
Providing a fallback would negate the security benefit, obviously -- but might gather enough data for a whitelist (ish) of servers/sending domains which we can demand valid certs for.
I'm not too concerned about bouncing valid email, as long as it doesn't create loops. Nor am I that worried about missing emails.
As long as all the senders are a) mailing-lists that either should do the right thing, or will actually change to do the right thing if an error is reported, b) big free services like gmail/yahoo/outlook that might be divided into groups of "does the right thing" and "blacklist"/bounce to let any friend know that they need to send from "free service y, not x" -- and c) friends that run their own email servers and can be beaten (eh, educated) to compliance.
I'd really not like to rely on some random CA list, though. I'm personally a cacert.org-fan/user -- but I suppose one might try to lean on DANE to avoid that particular hairball -- to some extent. It's either that or manual whitelist+trust on first use/some kind of pinning.
A bunch of intermediary relay mail servers of course all store and forward your mails. But there's also a couple dozen firewalls, traffic shapers, tunnels, bridges, routers, and managed switches that all have your e-mail. Who cares about disk storage when your e-mail is stored in 15 network device caches?
Mail has never really been secure, from the days of Incan relay runners passing messages across thousands of miles, to the Pony Express, to the current US postal service. Unless you put an encrypted letter in your envelope, it can (and regularly does) get intercepted by malicious actors. We've gone this long with it being insecure, so I don't see what the big fuss is with the internet all of a sudden.
Also: mail should be easy and universal. That's really the point of mail: that you can send a message to anyone, anywhere in the world, with one system, and it just works [while remaining inexpensive]. Anyone messing with it should always keep that in mind.
Dragnet surveillance was never practical before, due to the ongoing manpower required. With the Internet, that's changed.
My comment was basically "email is not secure." I think we agree on that point.
https://ipgmail.com/ on iOS is usable for encrypted mail by mere mortals, when configured to attach the public key to outgoing emails.
A robust, free offline mail archiver for Windows is http://www.mailstore.com/en/mailstore-home-email-archiving.a..., aggregates and searches local and cloud mail.
Having read their webpage, it appear to be good to consolidate all your accounts & mailboxes (new and old).
But you end up with a new propietary mail storage and with propietary software that runs on windows :(
Does mail-in-a-box then provide the scripts to perform regular software updates and any configuration migrations between versions? There's more to running software than the initial setup... A complete Mail solution in a Unix-like environment consists of a lot of disconnected programs with their own configurations that are difficult to get running, and even more difficult to maintain without a full time systems administrator in place.
I mentioned in another discussion recently how much I would love to see something akin to SmarterMail available as a simple package install Cross-Platform (one of the best mail server softwares out there imho, from a setup/upgrade POV) but commercial and tied to Windows for deployments... If I didn't have to work for a living, I'd probably start something like this. Mail services are usually made far more complicated than they should be, and I understand there are a lot of desired features... but I do feel that having a good module/plugin system that one could be developed that isn't the pain that current solutions are.
To me a current mail solution should provide, SMTP, POP3, IMAP, WebMail, and WebAdmin at a minimum... Value adds would be easy multi-domain support, easy to configure AV/Spam plugins, Calendars + Sharing and Group Contact Sharing. Honestly, the only solutions with a relatively easy setup for this are for Windows... All the nix solutions are cobbled together bits that are very hard to upgrade and maintain versions and require a lot more breadth of knowledge than a single product. I've tried many of the systems for nix and they mostly suck in practice.. some more than others.
That was my impression of the whole thing, too. I've long had an exim configuration I could decorate my walls with, without understanding what most of it did or if it was secure.
Recently, I got so fed up I began writing my own mail server suite. It's still pretty basic and in development, but it does have some of the features you mention, namely
> SMTP
> POP3
> WebMail (though rudimentary)
> WebAdmin
> Multi-Domain support
In the pipeline, but not yet ready
> IMAP
> Plugins
Some of the goals of the project are to have a mail processing suite with a clear interface between the modules, as well as easy extensibility and configuration.
Me and some people I've talked into testing it already run some instances, and so far it has proved pretty stable.
Caveat: The backend is an SQLite database, so if your use-case is serving a lot of clients, there might be some lock contention.
If you're interested, check out https://github.com/cmail-mta / http://cmail.rocks/
But for < 100 users one sqlite db would probably be sufficient. (on a relatively fast drive/ssd)
Having said that, I am comfortable doing all that Linux sysadmin stuff, so maybe that's the difference. And if I were offering email accounts to people I didn't know, that would be an entirely different maintenance challenge.
Yes it does.
If so, I'd be extremely tempted to switch over. I already use Postfix/Dovecot/Roundcube, but Roundcube is currently broken because of conf changes between upgrades and Dovecot has been _horribly_ broken (taken a week+ to sort out) by a big configuration change on their side a couple of years ago :\
1) Most robust "security" of this form is negated if you're running it on a budget VPS. Those things are often extremely and unavoidably insecure for reasons out of your control (out-of-date VM software, insecure control panels, incompetent VM neighbors, etc.).
2) OpenBSD is probably the best option for this. Just use OpenSMTPD and choose a simple secure IMAP server from the ports. OpenBSD is perfectly suited for simple, security-critical applications like mail servers.
Isn't it a SMTP server? If so that's just one of many parts of an email server.
Mail-in-a-box has been around since 2013. So it's been a few years now :)
https://news.ycombinator.com/item?id=6983097 https://www.digitalocean.com/company/blog/transparency-regar...
This solution also gives you webmail though and DKIM. Very nice, I use the OwnCloud webmail which works ok for me (less features but very, very much better looking than Roundcube and I can sync calendar and contacts to the same server!)
I think it is very important that projects like this one exist, they take the annoying details out of running your own server software. Thanks a lot!
I was thinking the other day: A simple open Go/Rust based self contained mail server (SMTP, IMAP) with a straight forward deployment would be a thing.
