Comments on: NSA-proof your e-mail in 2 hours /code/nsa-proof-your-e-mail-in-2-hours/ sealed abstract class drew {} Sun, 27 Mar 2016 22:51:38 +0000 hourly 1 By: Gmail y el derrumbe de la expectativa de privacidad | Tecnologia Viral /code/nsa-proof-your-e-mail-in-2-hours/comment-page-3/#comment-23779 Wed, 28 May 2014 17:01:27 +0000 /?p=1753#comment-23779 […] acudir a soluciones más tranquilizadoras como montarse un servidor de correo propio. En Sealed Abstract explicaban recientemente cómo hacerlo —requisitos: un servidor de hosting, algo de […]

By: » Secure collaboration between journalists: tips from an expert - Digital Security - English - DW.DE /code/nsa-proof-your-e-mail-in-2-hours/comment-page-3/#comment-11655 Fri, 31 Jan 2014 16:14:03 +0000 /?p=1753#comment-11655 […] one of many Linux Distributions – hardening OS X (if you run a Mac Client) – – setting up a secure system. Note that with this, as with any other tutorial, you really need to know what you are […]

By: Creating a private cloud with ownCloud. Part 1: The Server | LowSNR /code/nsa-proof-your-e-mail-in-2-hours/comment-page-3/#comment-11642 Wed, 22 Jan 2014 00:21:20 +0000 /?p=1753#comment-11642 […] and mount the decrypted directory on /srv/decrypted-owncloud. The procedure below is cribbed from here with some modifications and […]

By: Charles /code/nsa-proof-your-e-mail-in-2-hours/comment-page-3/#comment-11634 Thu, 09 Jan 2014 16:55:59 +0000 /?p=1753#comment-11634 Nice tutorial! I’ve been running my own mail server since college, most recently with Exim + Dovecot + LUKS. A few observations:

1) Some ISPs won’t let you run a server at home, or want to charge you a lot of money to do so (Insight performs regular port scans and will cut off your service if they find anything)

2) If your residential Internet service goes down temporarily, RFC compliant remote servers will keep trying to deliver mail for 4-5 days as the article says, but many of them will issue a notification to the sender after the FIRST failed delivery attempt that delivery is being delayed, which can look unprofessional if you’re using this for work (a professor at business school gave me a lecture about this when he got one of these notifications trying to e-mail me something)

3) The encryption method they use (EncFS) leaks metadata about the files it’s storing; full disk encryption is always more secure

By: atak /code/nsa-proof-your-e-mail-in-2-hours/comment-page-3/#comment-11628 Sat, 04 Jan 2014 18:11:40 +0000 /?p=1753#comment-11628 When I run the encfs command I get fuse –public is not an valid option.

By: Erik Rose /code/nsa-proof-your-e-mail-in-2-hours/comment-page-3/#comment-11482 Thu, 12 Dec 2013 03:31:35 +0000 /?p=1753#comment-11482 Rather than the “chown -R opendkim…” above, I’d recommend this, as it doesn’t give opendkim write permissions it doesn’t need:

cd /etc/opendkim
chown root:opendkim mail
chmod g+r mail

Also, “chmod go-rwx /etc/opendkim/” doesn’t work, as you’ve noticed if you’ve tried it. Leave off the trailing “/“.

Great how-to! It’s really helping me patch up the ol’ mail server.

By: Pablo /code/nsa-proof-your-e-mail-in-2-hours/comment-page-3/#comment-11426 Mon, 09 Dec 2013 10:00:59 +0000 /?p=1753#comment-11426 Hi,
great tutorial! Everything is working fine here but the SMTP.

The log shows me:
Dec 9 09:47:18 ip-172-XXX-XXX-XXX dovecot: auth-worker: mysql( Connected to database mailserver
Dec 9 09:47:18 ip-172-XXX-XXX-XXX dovecot: imap-login: Login: user=me@XXX.XXX, method=PLAIN, rip=189.XXX.XXX.XXX, lip=172.XXX.XXX.XXX, mpid=7171, TLS
Dec 9 09:47:19 ip-172-31-40-52 dovecot: imap(me@XXX.XXX): Connection closed bytes=13/344

But I have no answer to my SMTP request.

I’m using the same server used in IMAP, so:

IMAP (this is working fine!):
Username: me@XXX.XXX
Incomeserver: mail.XXX.XXX
Port: 993 (already open in my firewall)
Connection type: SSL

SMTP (this is NOT working):
Sending server: mail.XXX.XXX
Port: 587 (already open in my firewall)
Connection: Start TLS
Username: me@XXX.XXXX
Password: XXX
Connection type: PLAIN

Actually I’ve tried all combinations in SMTP settings:
None + Plain
None + Login
None + CRAM-MD5

Start TLS + Plain
Start TLS + Login
Start TLS + CRAM-MD5

SSL + Plain
SSL + Login

None of these settings allowed me to connect to my SMTP server.

I’m using 2244 as SSH port. Could be something related?

The mail client I’m using is AirMail (Mac).

Could you please send some words about it?

Thanks in advanced,

By: gpunkt /code/nsa-proof-your-e-mail-in-2-hours/comment-page-3/#comment-11360 Tue, 03 Dec 2013 14:57:14 +0000 /?p=1753#comment-11360 the initial directories, decrypted and encrypted, are they in /home/root/filename or do you create a user like vmailuser and go with this? I’ll just begin trying this and see where it leads if I create a new user to deal with the mail because I see no other user than root in your codes, I don’t feel like using root for this idea.

By: Daps0l /code/nsa-proof-your-e-mail-in-2-hours/comment-page-3/#comment-11090 Wed, 18 Sep 2013 13:40:46 +0000 /?p=1753#comment-11090 @Eva Lacy

Well the e-mail database is encrypted with encfs, so if the host/harddisk is given to authorities they can not decrypt it and thus can not access your e-mails.

However, in general it’s true that if someone ‘evil’ has physical access to your host, you’re usually screwed. Because one can obtain the encryption keys from memory as long as the server is running.

But, obviously that does not mean you shouldn’t make it ‘as difficult as you can’ to protect your privacy! :)

By: fmbiete /code/nsa-proof-your-e-mail-in-2-hours/comment-page-3/#comment-11065 Sun, 15 Sep 2013 11:15:55 +0000 /?p=1753#comment-11065 Great post!!

Nice to see that someone got to work z-push-contrib + dovecot + solr