Setting up a secure mail server - Help, please.
Dear Dev Shed Users
I come here with one single and simple question that is more of an appeal actually.
For a long time I've been crawling the internet in search for the recipe on how to set up a residential mail server with the same features as Crypto Heaven (please look it up, I can't post their address here because I'm a new user), as I don't think that we - the people - can continue ignoring the blatant, disrespectful and intrusive attitude of governments around the world in regard to one's privacy.
I'd like to have my own mail server to host family and friends accounts, and no longer have to depend on Google, for instance.
The main features I want are:
secure, automatic and transparent end-to-end email
ability to revoke delivered and undelivered messages
secure and encrypted file storage and sharing
two factor authentication
4096 bit RSA asymmetric key encryption
AES symmetric key encryption with maximum length keys
fully automatic encryption key management
Transparent Data Encryption (TDE)
ALSO, THE SET UP SHOULD EXCLUDE THE POSSIBILITY OF
THE MAIL SERVER ADMIN HAVE ANY CHANCE TO ACCESS
THE USERS KEYS OR EMAILS, AS THE EMAILS WILL REST
ENCRYPTED ON THE ACCOUNTS' USERS, AND THE PRIVATE
KEYS WILL BE STORED ON THE USERS COMPUTERS OR
ON A TOKEN.
I'm sure there's a tutorial somewhere or maybe a kind (and heroic) soul could give me a step by step so I could be able to set it up myself.
Thanks in advance to all who come forward in this endeavor.
June 10th, 2013, 09:59 AM
I know of no Email server that offers anything close to what you are looking for, nor do I encourage anyone to operate their own at home mail server. The most difficult task in operating a mail server is controlling unwanted mail (spam). Many people have tried, but there is as yet no fail safe method of authenticating the sender. If 2 people want to securely pass messages back and forth, there is nothing to stop them from using a public/private key pair to encrypt/decrypt the messages. For this purpose, you do not need to purchase an expensive certificate, but to do this on a broad scale is a very onerous task fraught with risks.
August 7th, 2013, 04:21 AM
Secure Mail Server
>secure, automatic and transparent end-to-end email encryption
The best way to do this is to encrypt the message and not the communications. Many remote servers may not have secure channels for communication (SSL/TLS) but ALL mailservers can accept encrypted MIME email. SO its best to encrypt the message and send it over non encrypted SMTP
>ability to revoke delivered and undelivered messages
>secure and encrypted file storage and sharing
Best to run it on an encrypted disk system, hardware if possible for performance.
>two factor authentication
That will depend on what the email client supports - unless you just want webmail?
>4096 bit RSA asymmetric key encryption
>AES symmetric key encryption with maximum length keys
>fully automatic encryption key management
>Transparent Data Encryption (TDE)
All of this for encrypting the server data?
>ALSO, THE SET UP SHOULD EXCLUDE THE POSSIBILITY OF
>THE MAIL SERVER ADMIN HAVE ANY CHANCE TO ACCESS
>THE USERS KEYS OR EMAILS, AS THE EMAILS WILL REST
>ENCRYPTED ON THE ACCOUNTS' USERS, AND THE PRIVATE
>KEYS WILL BE STORED ON THE USERS COMPUTERS OR
>ON A TOKEN.
Exactly: so just send encrypted email using a personal email encryption certificate. Its tricky to setup the client(s) but once done its easy to send encrypted email. The disadvantages are that often clients wont allow fulltext search of encrypted email, and anyone who gets hold of your certificate/machine can still read the email.
September 26th, 2013, 04:47 AM
Yes I am agree with J.A. Coutts. creating and secure Mail server in the home is very expensive. and encrypting an hardware is very difficult, because you never know which virus can crash your system completely. The solution is to update the system every times and also you need to buy best anti virus like business edition.