#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    1
    Rep Power
    0

    Setting up a secure mail server - Help, please.


    Dear Dev Shed Users

    I come here with one single and simple question that is more of an appeal actually.
    For a long time I've been crawling the internet in search for the recipe on how to set up a residential mail server with the same features as Crypto Heaven (please look it up, I can't post their address here because I'm a new user), as I don't think that we - the people - can continue ignoring the blatant, disrespectful and intrusive attitude of governments around the world in regard to one's privacy.
    I'd like to have my own mail server to host family and friends accounts, and no longer have to depend on Google, for instance.

    The main features I want are:

    secure, automatic and transparent end-to-end email
    encryption
    ability to revoke delivered and undelivered messages
    secure and encrypted file storage and sharing
    two factor authentication
    4096 bit RSA asymmetric key encryption
    AES symmetric key encryption with maximum length keys
    fully automatic encryption key management
    Transparent Data Encryption (TDE)
    ALSO, THE SET UP SHOULD EXCLUDE THE POSSIBILITY OF
    THE MAIL SERVER ADMIN HAVE ANY CHANCE TO ACCESS
    THE USERS KEYS OR EMAILS, AS THE EMAILS WILL REST
    ENCRYPTED ON THE ACCOUNTS' USERS, AND THE PRIVATE
    KEYS WILL BE STORED ON THE USERS COMPUTERS OR
    ON A TOKEN.

    I'm sure there's a tutorial somewhere or maybe a kind (and heroic) soul could give me a step by step so I could be able to set it up myself.

    Thanks in advance to all who come forward in this endeavor.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    289
    Rep Power
    45
    I know of no Email server that offers anything close to what you are looking for, nor do I encourage anyone to operate their own at home mail server. The most difficult task in operating a mail server is controlling unwanted mail (spam). Many people have tried, but there is as yet no fail safe method of authenticating the sender. If 2 people want to securely pass messages back and forth, there is nothing to stop them from using a public/private key pair to encrypt/decrypt the messages. For this purpose, you do not need to purchase an expensive certificate, but to do this on a broad scale is a very onerous task fraught with risks.

    J.A. Coutts
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    7
    Rep Power
    0

    Secure Mail Server


    >secure, automatic and transparent end-to-end email encryption

    The best way to do this is to encrypt the message and not the communications. Many remote servers may not have secure channels for communication (SSL/TLS) but ALL mailservers can accept encrypted MIME email. SO its best to encrypt the message and send it over non encrypted SMTP

    >ability to revoke delivered and undelivered messages

    ??

    >secure and encrypted file storage and sharing

    Best to run it on an encrypted disk system, hardware if possible for performance.

    >two factor authentication

    That will depend on what the email client supports - unless you just want webmail?

    >4096 bit RSA asymmetric key encryption
    >AES symmetric key encryption with maximum length keys
    >fully automatic encryption key management
    >Transparent Data Encryption (TDE)

    All of this for encrypting the server data?

    >ALSO, THE SET UP SHOULD EXCLUDE THE POSSIBILITY OF
    >THE MAIL SERVER ADMIN HAVE ANY CHANCE TO ACCESS
    >THE USERS KEYS OR EMAILS, AS THE EMAILS WILL REST
    >ENCRYPTED ON THE ACCOUNTS' USERS, AND THE PRIVATE
    >KEYS WILL BE STORED ON THE USERS COMPUTERS OR
    >ON A TOKEN.

    Exactly: so just send encrypted email using a personal email encryption certificate. Its tricky to setup the client(s) but once done its easy to send encrypted email. The disadvantages are that often clients wont allow fulltext search of encrypted email, and anyone who gets hold of your certificate/machine can still read the email.
  6. #4

  7. Join Date
    Jul 2013
    Location
    Melbourne
    Posts
    43
    Rep Power
    0
    Yes I am agree with J.A. Coutts. creating and secure Mail server in the home is very expensive. and encrypting an hardware is very difficult, because you never know which virus can crash your system completely. The solution is to update the system every times and also you need to buy best anti virus like business edition.

IMN logo majestic logo threadwatch logo seochat tools logo