Running a secure-only - and a hidden mail server.


3 years ago
Hey all,

I'm wondering something. I'm trying to look into the possibilities of the following. I want to (1) set up a mail server that only accepts mail that was sent encrypted, and (2) set up a Tor hidden service that (also) runs a mail server (the same server if possible).
One thing I'm trying to achieve here, is that the email I'm receiving has been encrypted from the point it was sent by the sender's mail server, ignoring the fact that the the email provider of the sender (or the sender itself) might still leak the email in other ways. I guess I need to be able to reject the mail (or connection) before it tries to send it to me (when it comes unencrypted of course).
I'm also planning to buy a domain name if I find a good way to execute plan #1.

The first idea, I think should be possible. My only problem with this is that I don't want to spend that much money on a certificate, and I'm wondering if mail servers would accept a self-signed certificate whenever they sent something to me.
However, with the second idea I need more guidance. I know that generally (at least if I got it right) an email will be sent to the server from the sender's domain's MX record. (Question: I've read some basic information of how Tor works, and how hidden services work, but I've not dived into all the technical details (as of yet).
Do hidden services (.onion's) support MX records in some way? Can a mail server be configured to sent email through Tor towards my hidden service? Would it be possible to put onion addresses into the MX record of one of my domains? So many questions...

Anyway, I appreciate any help with this. Oh... and don't ask why. :P

3 years ago
Do hidden services (.onion's) support MX records in some way?

No
Can a mail server be configured to sent email through Tor towards my hidden service?

Yes. You can torify your mail server or even put into virtual circuit with all traffic transparently routed to Tor.

Would it be possible to put onion addresses into the MX record of one of my domains?

No. Of course, you can, but nobody will understand this address.


set up a mail server that only accepts mail that was sent encrypted

What kind of encryption are you talking about? Transport-level encryption (like TLS) or encryption of the mail itself (PGP, attached *.rar with password)? Both exim and postfix could be configured to drop all unencrypted connections.


With StartSSL you can get SSL certificate for free.

3 years ago
Would it be possible to put onion addresses into the MX record of one of my domains?
"Danja"
No. Of course, you can, but nobody will understand this address.

Not even Tor users? Anyway, now that I think about it it is probably not a good idea. I'm afraid that then the onion address could to easily be linked to me by the company where I register the domain name.

set up a mail server that only accepts mail that was sent encrypted
"Danja"
What kind of encryption are you talking about? Transport-level encryption (like TLS) or encryption of the mail itself (PGP, attached *.rar with password)? Both exim and postfix could be configured to drop all unencrypted connections.

I was thinking about SSL or TLS, PGP is nice, but I also worry about if someone accidentally puts my name in the To header or something.

With StartSSL you can get SSL certificate for free.
"Danja"
Nice, will look into that.

Thanks.

Reply

You are not logged in. Login or register to reply on this thread.