Mail-in-a-Box Security Guide

My email is not secure, for a number of reasons. Here are a couple.<p>1) I have yet to find anyone willing to accept email from me that has been encrypted before I send it and must be decrypted by them (GPG for example).<p>2) It is stored in plaintext on a server I do not control (I send it to someone who uses one of those big hosts like Google, Yahoo, etc).<p>Sending it over the wire in plaintext is probably being less of an issue now (as it seems the most used hosts are doing TLS), but that doesn&#x27;t really help with bullet #2.<p>I think the best bet is attempting to communicate with others using some other application that is not email based (like textsecure for example). Not sure how to get regular email from corporations via another means though (monthly bills for example).

This project is pretty awesome... though I&#x27;m not clear on what happens after you are setup.<p>Does mail-in-a-box then provide the scripts to perform regular software updates and any configuration migrations between versions? There&#x27;s more to running software than the initial setup... A complete Mail solution in a Unix-like environment consists of a lot of disconnected programs with their own configurations that are difficult to get running, and even more difficult to maintain without a full time systems administrator in place.<p>I mentioned in another discussion recently how much I would love to see something akin to SmarterMail available as a simple package install Cross-Platform (one of the best mail server softwares out there imho, from a setup&#x2F;upgrade POV) but commercial and tied to Windows for deployments... If I didn&#x27;t have to work for a living, I&#x27;d probably start something like this. Mail services are usually made far more complicated than they should be, and I understand there are a lot of desired features... but I do feel that having a good module&#x2F;plugin system that one could be developed that isn&#x27;t the pain that current solutions are.<p>To me a current mail solution should provide, SMTP, POP3, IMAP, WebMail, and WebAdmin at a minimum... Value adds would be easy multi-domain support, easy to configure AV&#x2F;Spam plugins, Calendars + Sharing and Group Contact Sharing. Honestly, the only solutions with a relatively easy setup for this are for Windows... All the <i>nix solutions are cobbled together bits that are very hard to upgrade and maintain versions and require a lot more breadth of knowledge than a single product. I&#x27;ve tried many of the systems for </i>nix and they mostly suck in practice.. some more than others.

I am so glad this is finally happening. The mail-in-a-box project is something I think has been needed for many years now. I run my own mail server, but few people have the know how to run one, and so too much mail ends up either at Google (being harvested for ad targeting) or at crappy E-mail providers with lousy security practices.

This reminds me of <i>Google Has Most of My Email Because It Has All of Yours</i> [0].<p>[0]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=7731022" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=7731022</a>

It&#x27;s interesting that this does not encrypt at rest (e.g., via dm-crypt). I&#x27;d rather not rely on Digital Ocean to protect access to their backups and prevent data from leaking to other droplets. Also, it requires a somewhat sophisticated attack to obtain the dm-crypt key from a running VM.<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=6983097" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=6983097</a> <a href="https:&#x2F;&#x2F;www.digitalocean.com&#x2F;company&#x2F;blog&#x2F;transparency-regarding-data-security&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.digitalocean.com&#x2F;company&#x2F;blog&#x2F;transparency-regar...</a>

I hate to be obstinate, but:<p>1) Most robust &quot;security&quot; of this form is negated if you&#x27;re running it on a budget VPS. Those things are often extremely and unavoidably insecure for reasons out of your control (out-of-date VM software, insecure control panels, incompetent VM neighbors, etc.).<p>2) OpenBSD is probably the best option for this. Just use OpenSMTPD and choose a simple secure IMAP server from the ports. OpenBSD is perfectly suited for simple, security-critical applications like mail servers.

This is great. On Ubuntu I always use &quot;apt-get install mail-stack-exchange&quot; which leaves you with STARTTLS enabled SMTP, IMAP, POP3 and, with the removal of 1 #, 587 submission. the users are the normal users of the system which automatically have a Maildir created upon receiving their first mail.<p>This solution also gives you webmail though and DKIM. Very nice, I use the OwnCloud webmail which works ok for me (less features but very, very much better looking than Roundcube and I can sync calendar and contacts to the same server!)<p>I think it is very important that projects like this one exist, they take the annoying details out of running your own server software. Thanks a lot!

I just setup my own mail server with iredmail. I would&#x27;ve used this if it was available.

Thanks a lot for this. This might be handy next time.<p>I was thinking the other day: A simple open Go&#x2F;Rust based self contained mail server (SMTP, IMAP) with a straight forward deployment would be a thing.

I never expect email to be secure; if it was necessary to transfer sensitive data via email, I&#x27;d just encrypt it with something like PGP.

Will this work on Debian Jessie?