Secure Private Emails

Has any one used any Secure Private Email server. (eg: https://www.mailpile.is/)

Do you think hosting your own email server be a good idea?

If hosting is good idea, what could be my options
What software to be use to

  • Host it on a raspberry pi at home
  • Host it on a VPS/AWS

I run my own mailserver, AMA.

It was a lot of fun to set up, but it can be difficult to maintain.

If you have to ask, look at Redmail. They provide a “turn-key” setup, that you could configure if you wanted.

If not, you’ll need to come up with the three main parts of a mail service (sender, receiver, and how you access your mail), and configure them to act as a whole.

Big issue with running mail at home is ensuring your ISP is fine with mail servers (a lot of them block port 25 or otherwise may up your monthly fee), and your home IP is more than likely dynamic and thus makes reliability a concern if you don’t script key updates and ensure they go through. This is less of an issue if the sender is doing mail queuing, but it’s something to keep an eye on.

a VPS/AWS isn’t a bad idea, and you can always still colo small boxes too if you decided you want to play with more than just mail.

As for running a “secure” mail server, Mailpile isn’t any more secure than most self hosted mail solutions like iRedMail etc. The big difference is OpenPGP integration is a little cleaner, but that really only matters if you only use the web interface (and using PGP via a web interface has… other issues that make PGP less relevant).

I personally have my PGP key for local encrypt/decrypt/verify/sign, however I mostly get secure messages through my LiquidFiles instance. Most importantly, it’s fairly idiot-resistant for the less tech-savvy to send me things securely.

Cheers,
-Jim

1 Like

So I’m going to speak for experience from being on the frontlines for both Firehost, softlayer, and Hostgate. Running one’s own private email server is a pain in the arse.

caveats:

Pros:

  • Super easy to setup initially for an internal private email server
  • Great way to get real world network, infosec, and it support experience.
  • Necessary for CompTIA Linux+ LX0-104 including pre-required skills for setting up syslog servers, ldap servers, firewalls, ntp servers, and dns servers

As a person who literally tests the security of these systems for a living, let me break this down into more reasonable terms:

For private mail servers as long as relay is turned off (which is the default in postfix), this isn’t an issue. Period.
Whether or not the IP one acquires from the get go being on a spam list is a different story, but when using a provider of any repute that isn’t a dynamic home IP this usually isn’t an issue. Even when using a less reputable IP (say it was previously such a use case) it isn’t as much of a flagging issue for the average user due to low volumes a single user server sends. I typically see this issue go away within a month or so after getting new IP ranges.

Really bad example given the last exploit of note against sendmail was 5 years ago which doesn’t apply to personal mail servers (only applied to organisational servers with multiple users, whom had local access already). The last remote exploit for sendmail was 9 years ago, which still required you be using some less-common features that are not on by default.
Postfix, which most of the easy setups use, has had even less issues over the years.
Anything can lead to root access in the same way a spoon can get you into a bank vault; technically it could, but it’s not going to happen any time soon and no one will have the patience to bother even trying.

This is misleading; running a mailserver is itself the smtp+imap. One would not use ldap on a personal mail server, and for just a mail server there would be no firewall server since IPTables would suffice.
All of these automated suites like iRedMail setup ClamAV (which is the malware scanner, oddly enough only scanning for windows binaries on a linux server since the scanning is meant for the end user downloading the file and not the server itself)
No individual server needs dedicated spam collection; the Spam Assassin baked into the F/OSS mail server deployment suites for self-serve mail all set it up at once
A honeynet is far from required, and pretty much useless unless you run a lot of infrastructure, and you expect attacks on internal items; a mail server is an edge device and ergo there isn’t much value in one. They’re neat to play with though, and we use them for research.

This is outright misleading; no mail system out of the box is compliant for any of this. Personal email servers are only required to have any of this if they actually handle that information, which either never goes over email to begin with or uses some other encryption package on top of it.
PCI doesn’t allow emails to contain credit card data in the first place, HIPPA generally frowns upon using email for it at all (technically can in some cases, but generally it’s all done through portals instead),
That second link isn’t even relevant at all; it’s laws that are federally derived from the CFAA and their state codified equivalents; they are criminal laws for criminal actions (would apply if he wanted to maliciously hack into someone else’s server).

This is accurate to a degree; it makes delivery a lot more reliable, but it’s also a one-time setup when first putting the machine together. The TLS (note do not use SSL since it’s deprecated) can be automated using Let’s Encrypt, DKIM keys if you generate 2048 will be good for years (and receiving servers all still accept 1024 and often 512 still, if they even require it). One doesn’t even have to have a fail mode on SPF, as many receiving servers still can’t validate it anyway.

Absolutely, bonkers inaccurate. Personal mail servers do not need this, no org needs to run DNS on site except in certain cases like active directory, reverse PTR records, dynamically updating entries, and particularly high security requirements outside the scope of general mail delivery. More than likely, if CloudFlare / Google DNS has an issue, yours will have issues far more often.
Even if you run your own DNS servers, in many cases those organisations having an outage still kills your DNS resolution regardless, as if it’s not in cache the glue records to locate your DNS servers cannot be searched.
Them having a blip doesn’t stop mail delivery; that’s how mail queues work, it doesn’t fail and get lost to the ether. Additionally, it wouldn’t suddenly purge your MX records from the caches of all the intermediary DNS servers and the sending server itself which means more than likely it wouldn’t even end up in the queue.

This is just FUD; a minimal service system, something like CentOS minimal or a bare bones ubuntu, just needs yum-cron (or the apt equivalent, with the apply set to yes, security updates only as the package set to apply for reliability) set and it can be left basically untouched for ages. The system doesn’t have active users, it doesn’t have points for code entry / unchecked user input.
Anything else just is ignoring a reasonable threat model (I suggest reading the current version of NIST 800-30. Basically as very low likelihood event, even if a critical impact, is still a low risk because it’s such a rare event for something like an RCE to drop on a mail daemon).

As for this, backups are always important. You don’t need a cluster for a single mail server for a single or few users. Again, mail will queue with the senders should your server be unreachable. As long as you backup off-system it’s fine, but it is a task you have to do. I set an rsync script to run every so often to a backup system for stuff like this. It’s fairly hands off and functional.

5 Likes

Had a feeling you would fill in the gaps left there. :slight_smile:

Running one’s own private email server is a pain in the arse.

Yep, just ask Hillary

4 Likes

All of congress is that bad.