
Mail-in-a-Box Security Guide - joshdata
https://github.com/mail-in-a-box/mailinabox/blob/master/security.md
======
howeyc
My email is not secure, for a number of reasons. Here are a couple.

1) I have yet to find anyone willing to accept email from me that has been
encrypted before I send it and must be decrypted by them (GPG for example).

2) It is stored in plaintext on a server I do not control (I send it to
someone who uses one of those big hosts like Google, Yahoo, etc).

Sending it over the wire in plaintext is probably being less of an issue now
(as it seems the most used hosts are doing TLS), but that doesn't really help
with bullet #2.

I think the best bet is attempting to communicate with others using some other
application that is not email based (like textsecure for example). Not sure
how to get regular email from corporations via another means though (monthly
bills for example).

~~~
peterwwillis
You do realize the entire internet is run on servers and network devices you
do not control, right?

A bunch of intermediary relay mail servers of course all store and forward
your mails. But there's also a couple dozen firewalls, traffic shapers,
tunnels, bridges, routers, and managed switches that all have your e-mail. Who
cares about disk storage when your e-mail is stored in 15 network device
caches?

Mail has never really been secure, from the days of Incan relay runners
passing messages across thousands of miles, to the Pony Express, to the
current US postal service. Unless you put an encrypted letter in your
envelope, it can (and regularly does) get intercepted by malicious actors.
We've gone this long with it being insecure, so I don't see what the big fuss
is with the internet all of a sudden.

Also: mail should be easy and universal. That's really the point of mail: that
you can send a message to anyone, anywhere in the world, with one system, and
it just works [while remaining inexpensive]. Anyone messing with it should
always keep that in mind.

~~~
howeyc
Maybe you commented after the title changed? Original title was "How secure is
your email? here's email-in-a-box" (at least that's what I remember it was).

My comment was basically "email is not secure." I think we agree on that
point.

~~~
peterwwillis
Yes. I guess I was just (badly) making the point that since it's impossible to
just communicate with one server you control, a secure mail paradigm should
include servers we do not control.

------
tracker1
This project is pretty awesome... though I'm not clear on what happens after
you are setup.

Does mail-in-a-box then provide the scripts to perform regular software
updates and any configuration migrations between versions? There's more to
running software than the initial setup... A complete Mail solution in a Unix-
like environment consists of a lot of disconnected programs with their own
configurations that are difficult to get running, and even more difficult to
maintain without a full time systems administrator in place.

I mentioned in another discussion recently how much I would love to see
something akin to SmarterMail available as a simple package install Cross-
Platform (one of the best mail server softwares out there imho, from a
setup/upgrade POV) but commercial and tied to Windows for deployments... If I
didn't have to work for a living, I'd probably start something like this. Mail
services are usually made far more complicated than they should be, and I
understand there are a lot of desired features... but I do feel that having a
good module/plugin system that one could be developed that isn't the pain that
current solutions are.

To me a current mail solution should provide, SMTP, POP3, IMAP, WebMail, and
WebAdmin at a minimum... Value adds would be easy multi-domain support, easy
to configure AV/Spam plugins, Calendars + Sharing and Group Contact Sharing.
Honestly, the only solutions with a relatively easy setup for this are for
Windows... All the _nix solutions are cobbled together bits that are very hard
to upgrade and maintain versions and require a lot more breadth of knowledge
than a single product. I 've tried many of the systems for _nix and they
mostly suck in practice.. some more than others.

~~~
_cbdev
> Mail services are usually made far more complicated than they should be, and
> I understand there are a lot of desired features...

That was my impression of the whole thing, too. I've long had an exim
configuration I could decorate my walls with, without understanding what most
of it did or if it was secure.

Recently, I got so fed up I began writing my own mail server suite. It's still
pretty basic and in development, but it does have some of the features you
mention, namely

> SMTP

> POP3

> WebMail (though rudimentary)

> WebAdmin

> Multi-Domain support

In the pipeline, but not yet ready

> IMAP

> Plugins

Some of the goals of the project are to have a mail processing suite with a
clear interface between the modules, as well as easy extensibility and
configuration.

Me and some people I've talked into testing it already run some instances, and
so far it has proved pretty stable.

Caveat: The backend is an SQLite database, so if your use-case is serving a
lot of clients, there might be some lock contention.

If you're interested, check out [https://github.com/cmail-
mta](https://github.com/cmail-mta) /
[http://cmail.rocks/](http://cmail.rocks/)

~~~
tracker1
If you separate each account's folders/inbox into a separate sqlite database,
with the accounts/configuration in another, it probably wouldn't be to bad at
even moderate scale.

But for < 100 users one sqlite db would probably be sufficient. (on a
relatively fast drive/ssd)

~~~
_cbdev
That's actually exactly what you can already do with cmail ;)

Each user can optionally be assigned a "user database", storing only the mails
in her own inbox (which also allows users to have direct control over their
own mail database).

If this is not used, mail is stored in the master database.

As you said, most normal deployments should not run into those limits, but its
worth keeping them in mind.

------
jwr
I am so glad this is finally happening. The mail-in-a-box project is something
I think has been needed for many years now. I run my own mail server, but few
people have the know how to run one, and so too much mail ends up either at
Google (being harvested for ad targeting) or at crappy E-mail providers with
lousy security practices.

~~~
dmix
> I think has been needed for many years now

Mail-in-a-box has been around since 2013. So it's been a few years now :)

------
tomkwok
This reminds me of _Google Has Most of My Email Because It Has All of Yours_
[0].

[0]:
[https://news.ycombinator.com/item?id=7731022](https://news.ycombinator.com/item?id=7731022)

------
jedbrown
It's interesting that this does not encrypt at rest (e.g., via dm-crypt). I'd
rather not rely on Digital Ocean to protect access to their backups and
prevent data from leaking to other droplets. Also, it requires a somewhat
sophisticated attack to obtain the dm-crypt key from a running VM.

[https://news.ycombinator.com/item?id=6983097](https://news.ycombinator.com/item?id=6983097)
[https://www.digitalocean.com/company/blog/transparency-
regar...](https://www.digitalocean.com/company/blog/transparency-regarding-
data-security/)

------
rc4algorithm
I hate to be obstinate, but:

1) Most robust "security" of this form is negated if you're running it on a
budget VPS. Those things are often extremely and unavoidably insecure for
reasons out of your control (out-of-date VM software, insecure control panels,
incompetent VM neighbors, etc.).

2) OpenBSD is probably the best option for this. Just use OpenSMTPD and choose
a simple secure IMAP server from the ports. OpenBSD is perfectly suited for
simple, security-critical applications like mail servers.

~~~
frik
> OpenSMTPD

Isn't it a SMTP server? If so that's just one of many parts of an email
server.

~~~
rc4algorithm
> and choose a simple secure IMAP server from the ports.

------
teekert
This is great. On Ubuntu I always use "apt-get install mail-stack-exchange"
which leaves you with STARTTLS enabled SMTP, IMAP, POP3 and, with the removal
of 1 #, 587 submission. the users are the normal users of the system which
automatically have a Maildir created upon receiving their first mail.

This solution also gives you webmail though and DKIM. Very nice, I use the
OwnCloud webmail which works ok for me (less features but very, very much
better looking than Roundcube and I can sync calendar and contacts to the same
server!)

I think it is very important that projects like this one exist, they take the
annoying details out of running your own server software. Thanks a lot!

------
cmdrfred
I just setup my own mail server with iredmail. I would've used this if it was
available.

------
frik
Thanks a lot for this. This might be handy next time.

I was thinking the other day: A simple open Go/Rust based self contained mail
server (SMTP, IMAP) with a straight forward deployment would be a thing.

------
userbinator
I never expect email to be secure; if it was necessary to transfer sensitive
data via email, I'd just encrypt it with something like PGP.

------
plg
Will this work on Debian Jessie?

