LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-14-2013, 09:19 AM   #1
dejswa
LQ Newbie
 
Registered: Aug 2011
Posts: 10

Rep: Reputation: Disabled
DIY secure email


This is regarding security but I am also new at Linux, so I am putting it in the newbie section . . .

I am working with Ubuntu server 12.04 and excited about learning this new platform and getting away from the dark side of non-open source software. So, I am working on two goals at once - learn and run linux (server - Ubuntu 12.04) and create a secure and non-traceable portal for general email communications. The latter comes about after a long, on-going discussion amongst members of a business group who wish to discuss both business and items of personal nature via email. Now, with the recent revelation of governmental intrusion into our means of electronic communication, I am further inspired to continue with this project.

There are certainly some commercial services that might offer this, but I would like the satisfaction and possible added protection of building something myself.

PGP using common, public email providers certainly offers message encryption to a satisfactory level. Messages may persist in the cloud somewhere and be publicly discoverable at some level, but are probably uncrackable most reasonable means. However there are certainly trails leading to the senders and recipients of such messages.

My goals would be:
1) encrypt all email info (message and recipients)
2) info in #1 above stored in encrypted form on the server
3) eliminate any unauthorized or forced access to the encrypted message on the email server
4) further encryption of email from the clients to the server via VPN or SSL obfuscate the data stream between client and server as to even the type of protocol (email, for ex.)

So my thoughts are:
1) Build up a linux server with open source email components - qmail seems to be a good candidate for the MTA. Have clients use PGP.
2) Use whole computer or disk encryption method to thwart efforts to benefit from access to the physical or virtual computer.
3) Use SSL tunnel between client and server
4) Add further hardening of the linux server and network via either hardware of OS configuration (iptables and such)

This would seem to offer all the goals enumerated above and perhaps not be too much of a technical challenge.

This
http://www.sans.org/reading_room/whi...il-server_1372
is a reference I got from linuxquestions.org and seems to be good except that it may be a bit dated (2004).

Thoughts?
 
Old 06-14-2013, 09:54 AM   #2
thedaver
Member
 
Registered: Jan 2010
Posts: 65

Rep: Reputation: 21
OK, so you want to hide from the "government". I won't address questions about your motives, however tempting that might be.

I'm going to poke a few holes in your scheme from a technical standpoint to test whether you really observe all areas of risk.

1) SSL for transit at less that 2048 bits of encryption is effectively crackable and probably susceptible to man-in-the-middle attacks. So your client-server connection is not likely going to prevent government level intrusion to observe the message stream content.

2) The client will decrypt the message in memory and display on the screen in plain text (with whatever user-readable encoding you might use). At that point, your client was susceptible to key-loggers, screen scrapers, remote monitoring, and number of other tools available to government-level intrusion and monitoring.

3) My personal bias (tin-foil hat time) is that PGP keys are already shared with sufficient breadth that it should be a nominal task for the government level intrusion to break clean through PGP. That however, is not something I can point to with any examples. The weakness in PGP is the chains of trust, IMHO.

4) Your entire premise for exchanging email in this highly secure manner WILL break down unless you and all your participants restrict all communications to within your platform. When they communicate outside of your realm of security, you compromise your model

5) You are a linux newbie, you will make a mistake or fail to enable something and this may not work as you expect

6) Humans may/will leak information which would compromise your messaging model.

7) "but are probably uncrackable most reasonable means" - indicates that you are being dishonest with yourself in assessing the breadth of computing resources that most evidence indicates a government intrusion team could bring to bear to decrypt/decipher communications. More tin-foil hat stuff here but I think you need to appreciate that (in the context of evaluating "reasonable") the government - with virtually unlimited resources or oversight - will crack you.

Frankly, my limited insight suggests you need to re-evaluate your secure messaging model and consider an alternative such as a central message service (like this forum engine) and some (highly complex) means of securing the clients so that they cannot print, screen shot or forward the content nor can they be penetrated by government intrusion (assuming you attract their attention).

Or, just behave yourself. :-)
 
Old 06-14-2013, 11:27 AM   #3
dejswa
LQ Newbie
 
Registered: Aug 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
Thanks for your input!

Most people don't need a motive to want phone and internet privacy! How about you?

What I really want is something better than the commonly available means for email communication. Yes, I agree, the client is the weak link. If your machine is not secured, if you allow others to read your email attach keystroke loggers, etc. then you have issues. I'm not talking about top secret security, just something to keep from being the 'low hanging fruit' of unauthorized data mining from either government or other unauthorized or unwanted access. And I'm not expecting to defeat some entity with massive computing power and experts from cracking a home made system. If someone is executing a MIM attack on your connection then you are definitely on someone's radar and probably have more problems than just email security. My thoughts were that having some level of message and connection encryption is a good place to start.

Moreso, I need a good project and so far I'm off to a good start with learning Linux server, etc.

Cheers,

. . .
 
Old 06-14-2013, 11:38 AM   #4
thedaver
Member
 
Registered: Jan 2010
Posts: 65

Rep: Reputation: 21
OK, so taking back the anxiety to a simpler requirement: "I want to run a secure, linux-based email server" then you are looking at it pretty squarely.

Typical good behaviors for a mail server:

Use SSL-enabled channels for the clients (SPOP, SSL for IMAP)
Use PGP for message content
You could use an encrypted FS for the message storage (mailboxes) that you control, performance could become a consideration, as could backup and restore
Maintain your firewalls, utilize fail2ban to keep pests away, enable snort to monitor your server
Keep up to date on patches
Maintain and enforce a password policy
 
Old 06-14-2013, 12:00 PM   #5
Doug Huffman
LQ Newbie
 
Registered: Jan 2008
Location: Through Death's Door on Washington Island, Wisconsin in Lake Michigan
Distribution: Fedora
Posts: 28

Rep: Reputation: 6
FedGov cracking of properly maintained RSA encryption is likely possible given the level of their computing and financial resources. Our task is to make decryption so expensive as to prevent cursory snooping.
 
Old 06-14-2013, 02:16 PM   #6
dejswa
LQ Newbie
 
Registered: Aug 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
Any thoughts on qmail vs postfix or other options for MTA?
 
Old 06-14-2013, 03:40 PM   #7
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,374

Rep: Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198
There is no secure email unless it is between two trusted computers on a secure line.

One might consider a self signed certificate that gets rotated daily to any common email. You actually run into some limits on encryption since part of the message has to be read by routers.
 
Old 06-15-2013, 08:58 AM   #8
thedaver
Member
 
Registered: Jan 2010
Posts: 65

Rep: Reputation: 21
In my view, the choice of the MTA is largely immaterial. qmail is dying, so use postfix.
 
Old 06-15-2013, 05:33 PM   #9
mysmys
LQ Newbie
 
Registered: Jun 2013
Posts: 2

Rep: Reputation: Disabled
Thanks for the update re qmail. Something I read made it look easier to set up, but now looking around at other threads re qmail, looks like it has issues.

Will keep working on it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Plan for DIY secure email mysmys Linux - Security 2 06-13-2013 01:23 PM
Command based email client to send email through secure smtp havolinec Linux - Newbie 2 07-27-2010 08:40 AM
Is the email system secure? another 1 Linux - Security 9 06-30-2009 10:26 PM
secure email rblampain Linux - Security 3 10-24-2007 02:03 AM
Secure email (SSL vs. secure authentication) jrdioko Linux - Newbie 2 11-28-2004 02:39 PM


All times are GMT -5. The time now is 10:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration