Pardon me, but while proficient in many areas of computer and electronics technology, I am new to linux. Perhaps this thread belongs in the newbie section, but it is regarding security, so here it is.
I am working with Ubuntu server 12.04 and excited about learning this new platform and getting away from the dark side of non-open source software. So, I am working on two goals at once - learn and run linux (server) and create a secure and non-traceable portal for general email communications. The latter comes about after a long, on-going discussion amongst members of a business group who wish to discuss both business and items of personal nature via email. Now, with the recent revelation of governmental intrusion into our means of electronic communication, I am further inspired to continue with this project and think it should be a consideration for everyone.
There are certainly some commercial services that might offer this, but I would like the satisfaction and possible added protection of building something myself.
PGP using common, public email providers certainly offers message encryption to a satisfactory level. Messages may persist in the cloud somewhere and be publicly discoverable at some level, but are probably uncrackable most reasonable means. However there are certainly trails leading to the senders and recipients of such messages.
My goals would be:
1) encrypt all email info (message and recipients)
2) info in #1 above stored in encrypted form on the server
3) eliminate any unauthorized or forced access to the encrypted message on the email server
4) further encryption of email from the clients to the server via VPN or SSL obfuscate the data stream between client and server as to even the type of protocol (email, for ex.)
So my thoughts are:
1) Build up a linux server with open source email components - qmail seems to be a good candidate for the MTA. Have clients use PGP.
2) Use whole computer or disk encryption method to thwart efforts to benefit from access to the physical or virtual computer.
3) Use SSL tunnel between client and server
4) Add further hardening of the linux server and network via either hardware of OS configuration (iptables or other)
This would seem to offer all the goals enumerated above and perhaps not be too much of a technical challenge.
This
http://www.sans.org/reading_room/whi...il-server_1372
is a reference I got from linuxquestions.org and seems to be good except that it may be a bit dated (2004).
Thoughts?
