New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Server-Side encrypted email options
etcSudoers
Member
in General
!! For the overly paranoid !!
In the wake of this whole NSA garbage... I am looking to self-host my own email. But can one really trust those who host our VPSs?
I was looking at mailpile as they are concerned about big brother looking through your email too, but they problem still exists: The email is stored on server unencrypted.
Is there any solutions out there (even if only webmail based) that offer some sort of locally encrypted storage?
Comments
See: https://grepular.com/Automatically_Encrypting_all_Incoming_Email
On front page of HN today:
https://countermail.com/
https://news.ycombinator.com/item?id=6182461
For Postfix: http://vpsboard.com/topic/1503-postfix-encrypt-incoming-mail/
EncFS would do, but most of the mail you get (via SMTP) would already be saved by our 'murican agencies because 90% of SMTP is unencrypted.
If you want to use webmail, your best bet is to arrange for both the sender and receiver to use PGP encryption (i.e., encrypt on your desktop, paste into webmail form).
Just encrypt your server hard drive.
If you read the news you should know by now that "they" are doing all kinds of nasty and not-really trivial stuff, MITM attacks on SSL, serving java exploit to people browsing to half of the tor "hosted" sites, memory dumps on confiscated servers/laptops over firewire or cold boot attacks, using mouse jigglers to prevent computers from locking up (if they aren't already) and many other things we don't know about.
Yes, some encryption is better than nothing, by all means, use truecrypt, luks, encfs, whatever. But when somebody comes for your drive and takes the whole server or rack or racks most likely they'll also get your key if it's in the memory. That is even if it is your hardware, if it's just a vps it is 10x easier.
Encrypt your server's hard drive and enforce TLS in your MTA config