LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 04-10-2013, 08:08 AM   #1
RoseTheFlower
LQ Newbie
 
Registered: Apr 2013
Distribution: Debian
Posts: 2

Rep: Reputation: Disabled
The most secure mail server software?


I would like to run a mail server for my own needs. I want to make sure that every outgoing and incoming message gets highly encrypted on every step so that nobody can have access to that data, including the ISP. Basically, I'm looking for the level of security one would expect from the Secret Service or Julian Assange of Wikileaks. What are the options? What is the best solution?
 
Old 04-10-2013, 08:50 AM   #2
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,OpenBSD
Posts: 666
Blog Entries: 2

Rep: Reputation: 169Reputation: 169
Are you communicating only with a smallish group you expect to maintain similar security standards to yourself? If not there is a fundamental problem in keeping all the mail confidential. If you''re trying to protect mail addresses and sizes as well as content then anonymous remailers should be among your options.

Any of qmail/postfix/exim should be OK. You could use them with TLS and/or IPsec.
http://www.postfix.org/TLS_README.html
http://en.wikipedia.org/wiki/IPsec
I'd be reluctant to suggest sendmail; although it's improved it used to have security updates like adobe and java have recently.

Some of this may interest you too: http://epic.org/privacy/tools.html
 
Old 04-10-2013, 01:29 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
I agree with your encryption +anon remailer suggestion.

Quote:
Originally Posted by linosaurusroot View Post
I'd be reluctant to suggest sendmail; although it's improved it used to have security updates like adobe and java have recently.
Last CVE for core products (no derivatives, etc) and as you can see severe problems do not affect only Sendmail:
Qmail: CVE-2006-1141 (arbitrary code execution),
Postfix last: CVE-2011-1720 (heap corruption and possibly arbitrary code execution),
Sendmail last: CVE-2012-2200 (local user privilege elevation),
Exim: CVE-2012-5671 (arbitrary code execution).
 
1 members found this post helpful.
Old 04-10-2013, 03:54 PM   #4
RoseTheFlower
LQ Newbie
 
Registered: Apr 2013
Distribution: Debian
Posts: 2

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by linosaurusroot View Post
Are you communicating only with a smallish group you expect to maintain similar security standards to yourself?
That's not the goal. I'm aware of GPG and it'd be the easiest way to encrypt stuff but it requires the other side to use it as well.
I want an email account for all purposes which means receiving mail from any other mail server that's out there. Are you saying there's no way to protect the data in that case? Are the common protocols too transparent? I'm not much of a networking person, but I'm a very experienced/advanced PC user.
 
Old 04-10-2013, 09:00 PM   #5
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5
Posts: 16,086

Rep: Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995
Basically, the other end has to co-operate somehow.
There are (loosely) 2 options

1. actual file encryption eg gpg (see enigmail http://www.enigmail.net/home/index.php )

2. encrypted email cxn eg TLS (as above) or VPN or ssh tunnel etc




If its just data txfr rather than email per se, then see scp, sftp, ftp+TLS (eg vsftpd https://security.appspot.com/vsftpd.html ), sshfs etc etc
 
Old 04-10-2013, 11:22 PM   #6
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,OpenBSD
Posts: 666
Blog Entries: 2

Rep: Reputation: 169Reputation: 169
Quote:
Originally Posted by RoseTheFlower View Post
I want an email account for all purposes which means receiving mail from any other mail server that's out there. Are you saying there's no way to protect the data in that case?
Assuming you want to accept data from anyone at all, turning nobody away regardless of how unaware and unequipped they may be in regards to crypto, then you will have to accept plaintext input because that's all some people will send. You can increase your chances of getting encrypted traffic by:
- opportunistic encryption in SMTP+TLS (getting crypto from suitable s/w even if the user is unaware)
- opportunistic encryption in IPsec (getting crypto from suitable s/w even if the user is unaware)
- suggesting web https transfers intread of mail from people unsure about mail crypto (https being very widely deployed)

The same sort of thing applies if you reply to these people.

Beside the actual transmission the data will exist at the endpoint before and after. And typical computers of unaware people are not secure.
https://www.google.co.uk/search?q=pe...rs+compromised
Anyone wanting to know your secrets will follow the first rule of cryptanalysis: "look for plaintext".
 
Old 04-17-2013, 01:02 PM   #7
ajaydata
LQ Newbie
 
Registered: Apr 2013
Posts: 2

Rep: Reputation: Disabled
See www.xgen.in

You may like to see http://www.xgen.in/feature/download/...tyFeatures.pdf - some of the things you may be looking at.

Quote:
Originally Posted by RoseTheFlower View Post
I would like to run a mail server for my own needs. I want to make sure that every outgoing and incoming message gets highly encrypted on every step so that nobody can have access to that data, including the ISP. Basically, I'm looking for the level of security one would expect from the Secret Service or Julian Assange of Wikileaks. What are the options? What is the best solution?
 
Old 06-17-2013, 02:56 AM   #8
DirtyRony
LQ Newbie
 
Registered: Jun 2013
Posts: 1

Rep: Reputation: Disabled
I myself have been after the same solution for ages. And I'm utterly puzzled at the fact that there seems to be
a b s o l u t e l y nothing out there ready to deploy.
Xgen seems interesting, but is it free?

Last edited by DirtyRony; 06-17-2013 at 02:58 AM.
 
Old 06-17-2013, 04:22 AM   #9
descendant_command
Member
 
Registered: Mar 2012
Posts: 683

Rep: Reputation: 134Reputation: 134
Well for encrypted coms, both parties have to be in on the secret.
If you want to communicate with "anybody", then, by definition, the message must be readable by "everybody".

As already stated there are widespread means to encrypt the transmission (avoiding interception by network sniffing), but the end(and/or intermediate)points are vulnerable, unless the message itself is encrypted with a key known and employed by both parties.

Last edited by descendant_command; 06-17-2013 at 04:23 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Secure and functional mail server? debwalker Linux - Security 5 07-07-2012 09:47 PM
Best Mail Secure & Stable Open Source Mail Server turiyain Linux - Server 13 10-17-2011 07:34 AM
LXer: Review of “Linux E-Mail – set up, maintain, and secure a small office e-mail server” LXer Syndicated Linux News 0 03-25-2011 05:30 AM
Is My Postfix-Dovecot Mail Server Secure Enough? bper Linux - Security 4 09-19-2010 06:19 AM
Secure Mail Server Setup djkene70 Linux - Networking 3 10-14-2003 01:29 PM


All times are GMT -5. The time now is 05:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration