Building a secure communications server

Building a secure communications server

[Pjotr Prins]

In light of recent political attacks on E-mail servers in France and
the USA and in light of the current worm attack I think it is very
clear we need communication servers we can trust. I am running my own
E-mail server and with the progress we are making in GNU Guix (system
configuration, image creation) I think we are close to creating a
solution that others can use. What I want achieve is that we can fire
up an image on a VPS with safe communications. It would contain a mail
server and webmail. The user will have option to allow users to only
communicate internally and, perhaps, keep incoming mail in one account
keeping mail in 'escrow'. 

This image should be state-of-the-art in security setup. Guix can help
greatly there. Part of the security will come from the fact that these
machines are not centrally hosted. An alternative to protonmail, for
example. We should be able to lose a few servers as long as we get
notified somehow that they have been compromised. This is a biological
model of defence.

Who wants to help me create such a solution? It has to be a team
effort. If you need bread we can also try and find some money. In fact
it would be great to get someone full time hacking on this.

Who wants to run such a server? We also need users. I would have set
up a couple of such instances today for teams on the road in
Asia/Africa.

I realise this may take some resources from Guix development, but I
think it is justified and it may gain Guix more attention and
traction!

Pj.

Re: Building a secure communications server

[Pjotr Prins]

What would be a good webmail service to run over https? Should be
simple and secure (these go together, as you know). And should it run
over imap? I think we'll need to provide imap anyway.

Pj.

Re: Building a secure communications server

[ng0]

On Sat, 13 May 2017, Pjotr Prins wrote:

> In light of recent political attacks on E-mail servers in France and
> the USA and in light of the current worm attack I think it is very
> clear we need communication servers we can trust. I am running my own
> E-mail server and with the progress we are making in GNU Guix (system
> configuration, image creation) I think we are close to creating a
> solution that others can use. What I want achieve is that we can fire
> up an image on a VPS with safe communications. It would contain a mail
> server and webmail. The user will have option to allow users to only
> communicate internally and, perhaps, keep incoming mail in one account
> keeping mail in 'escrow'.
>
> This image should be state-of-the-art in security setup. Guix can help
> greatly there. Part of the security will come from the fact that these
> machines are not centrally hosted. An alternative to protonmail, for
> example. We should be able to lose a few servers as long as we get
> notified somehow that they have been compromised. This is a biological
> model of defence.
>
> Who wants to help me create such a solution? It has to be a team
> effort. If you need bread we can also try and find some money. In fact
> it would be great to get someone full time hacking on this.
>
> Who wants to run such a server? We also need users. I would have set
> up a couple of such instances today for teams on the road in
> Asia/Africa.
>
> I realise this may take some resources from Guix development, but I
> think it is justified and it may gain Guix more attention and
> traction!
>
> Pj.
>
>
>
>

10 or 13 years ago something similar was my motivation. A project
which can be regarded as the base of some of my current work.
Its name was "arda/libertad". It was supposed to be an re-implementation
of the R-Plan, an Orangebook Autistici/Inventati came up with for
resilent servers running in an global network.

Logic and Progression drove me to distributed networks and ultimately
abandon the plan of using server based technologies, rely as little
as possible on servers even if it takes years of development.

That said, what you wrote is something I talked about with
people in Netherlands until 1 or 2 years ago the contact just
dropped. I think the very fragmented groups of anarchists in Netherlands
is one group of people who is interested. There are other groups,
but in general you have to be clear:
do you want people with prior knowledge in system administration to
use the 'spawn a VM' system, or do want to people without any prior
interest or knowledge in system administration to use this?
I tend towards the last option, but it depends on the system you
want to design.
This is still one of the reasons I am working on GuixSD and the
system I create with GuixSD. I don't want to talk about specific
groups or people, but there's huge value for easy to use systems
for the people running their own factories, people who fight against
oppression in their country, etc, last not least for everyone if
you design a system in a way that it can be used by anyone dead simple.

Some of the projects I am working on are vaguely oriented
around the R-Plan with extensions of own ideas. To some degree we could 
colaborate.
I can't work fulltime on this, but expertise and exchange of knowledge
is useful since we are working with the same system.
Once university starts my work on free software will, at least for a 
while, no longer be fulltime but since I am working towards a
business within the next 4 years I will continue to work on it.
It would probably help if I could be more specific as I have multiple
plans in parallel which involve GuixSD, but I am working on the separation
of interests.

Public documentation at the moment is rare, but in case you want to talk 
about ideas here is the fingerprint of my pubkey: 
17A9D52A7EE8885AB35D819DA58C87D08AFD4FAD

The link to R-Plan: https://www.autistici.org/who/rplan/

Re: Building a secure communications server

[Pjotr Prins]

On Sat, May 13, 2017 at 11:31:28AM +0000, ng0 wrote:
> do you want people with prior knowledge in system administration to
> use the 'spawn a VM' system, or do want to people without any prior
> interest or knowledge in system administration to use this?
> I tend towards the last option, but it depends on the system you
> want to design.

I want to start with the first and end with the last.

> The link to R-Plan: https://www.autistici.org/who/rplan/

Thanks, I'll read up.

Pj.
-- 

Re: Building a secure communications server

[Arun Isaac]

> What I want achieve is that we can fire up an image on a VPS with safe
> communications.

VPSs may be a start. But, I'm not comfortable with them long term. We
should push for users to self-host their own infrastructure. It should
be something like the FreedomBox project.

https://freedomboxfoundation.org/

The FreedomBox project is based on Debian. Perhaps, we can build
something similar, but based on Guix.

Currently, I self-host my blog, email, XMPP, GNU Social, and a few other
services on my home ADSL connection with an Intel NUC running Parabola
GNU/Linux. At some point in the future, I will migrate it to Guix.

> What would be a good webmail service to run over https? Should be
> simple and secure (these go together, as you know). And should it run
> over imap? I think we'll need to provide imap anyway.

Roundcube is what I use. I don't know if there are better options.

https://roundcube.net/

Re: Building a secure communications server

[Ludovic Courtès]

Hi,

Arun Isaac <arunisaac@systemreboot.net> skribis:

>> What I want achieve is that we can fire up an image on a VPS with safe
>> communications.
>
> VPSs may be a start. But, I'm not comfortable with them long term. We
> should push for users to self-host their own infrastructure. It should
> be something like the FreedomBox project.
>
> https://freedomboxfoundation.org/
>
> The FreedomBox project is based on Debian. Perhaps, we can build
> something similar, but based on Guix.

The little-known “la Brique Internet” (“Internet Cube”) project¹ is
addressing a similar problem domain and they’ve made pretty impressive
achievements: these “cubes” have been shipped in France to non-experts
and it seems to work as intended.

The software relies on YunoHost² (which I’ve mentioned before) + Debian.
I suspect rebasing YunoHost on GuixSD could help improve reliability
(there could be a “rollback” button!) and flexibility (configuration
wouldn’t have to be limited to web applications), though of course it’s
easier said than done.

It would be lovely to see GuixSD help facilitate self-hosting!

Ludo’.

¹ https://internetcu.be/
² https://yunohost.org/

Re: Building a secure communications server

[Pjotr Prins]

Plan for a secure E-mail server

The idea is to have a secure setup which can be replicated fast and
parameterized - i.e., there will be installation options. We'll
develop this so anyone can fire up a VPS instance and get a secure
communications environment - especially when people are on one host
and between hosts using encrypted channels.

The plan is as follows:

Phase 1

. postfix with some utilities (postgrey, spfmilter)
. courier-imap
. web mail server using imap

Phase 2

. stunnel+sslh - for tunneling ssh/smtp/imap over port 443

Phase 3

. Spam/virus filters

Phase 4

. web based user mail account management

Phase 5

. mailman support

Phase 6

. irc support
. other messaging services

Phase 7

. voice support - mumble?

My server runs phases 1-3. The rest will be new for me though I know
how mailman operates. We need to make the setup modular, so we can mix
and match services (not everyone wants mailman or other web fronting
services). Exim may be an option too.

In parallel we'll start talking with VPS providers and see if we can
host services cleanly on the fly. One area they need to help is to
provide IPs that are not blacklisted for SPAM. With my server I am
continuously fighting these lists. We should have some guarantees
there.

How does that look?

Pj.

Re: Building a secure communications server

[Clément Lassieur]

Hi Pjotr,

Thanks for working on this, I like the idea, and I have always wanted to
do something similar.

Pjotr Prins <pjotr.public12@thebird.nl> writes:

> Plan for a secure E-mail server
>
> The idea is to have a secure setup which can be replicated fast and
> parameterized - i.e., there will be installation options. We'll
> develop this so anyone can fire up a VPS instance and get a secure
> communications environment - especially when people are on one host
> and between hosts using encrypted channels.
>
> The plan is as follows:
>
> Phase 1
>
> . postfix with some utilities (postgrey, spfmilter)
> . courier-imap
> . web mail server using imap
>
> Phase 2
>
> . stunnel+sslh - for tunneling ssh/smtp/imap over port 443
>
> Phase 3
>
> . Spam/virus filters
>
> Phase 4
>
> . web based user mail account management
>
> Phase 5
>
> . mailman support
>
> Phase 6
>
> . irc support
> . other messaging services
>
> Phase 7
>
> . voice support - mumble?
>
> My server runs phases 1-3.

I don't understand how your server can run phases 1 to 3, since Postfix
isn't packaged.  I guess you are running a foreign distro, which means
you are still pretty far from you goal.

My own mail server runs GuixSD with OpenSMTPD, which works very well (I
even have one client!).  Is there an important feature OpenSMTPD is
missing?  If so, we should package Postfix as a first step.

Same question with Courier-Imap: why don't you use Dovecot?  Its Scheme
configuration is very nice, and it seems much more popular than
Courier-Imap anyway.

Also, I would push for a Jabber service rather than an IRC service,
because Jabber (XMPP) is decentralized.

Thanks again :)
Clément

> The rest will be new for me though I know how mailman operates. We
> need to make the setup modular, so we can mix and match services (not
> everyone wants mailman or other web fronting services). Exim may be an
> option too.
>
> In parallel we'll start talking with VPS providers and see if we can
> host services cleanly on the fly. One area they need to help is to
> provide IPs that are not blacklisted for SPAM. With my server I am
> continuously fighting these lists. We should have some guarantees
> there.
>
> How does that look?
>
> Pj.

Re: Building a secure communications server

[Pjotr Prins]

On Wed, May 17, 2017 at 02:26:20PM +0200, Cl??ment Lassieur wrote:
> Thanks for working on this, I like the idea, and I have always wanted to
> do something similar.

Yes, I am surprised so few people here run their own :)

> I don't understand how your server can run phases 1 to 3, since Postfix
> isn't packaged.  I guess you are running a foreign distro, which means
> you are still pretty far from you goal.

On the mail servers I normally run Debian with some Guix on top. I
have had mail servers since 1996 or so - it was one incentive to try
Linux at the time. My Linux first server (hosted in Bangladesh) was
running sendmail over uucp(!). I came to smtp late :)

I think it is not so much work to replicate my setup in Guix. For me
it will be new to work with GuixSD images and configuring shepherd
etc.

But I am sure we can get some help there.

> My own mail server runs GuixSD with OpenSMTPD, which works very well (I
> even have one client!).  Is there an important feature OpenSMTPD is
> missing?  If so, we should package Postfix as a first step.
> 
> Same question with Courier-Imap: why don't you use Dovecot?  Its Scheme
> configuration is very nice, and it seems much more popular than
> Courier-Imap anyway.

Both great suggestions. Let me read up on them. I have been using the
others because of an early start. Postfix has been very good to me.

One reason to make this list is to invite ideas...

> Also, I would push for a Jabber service rather than an IRC service,
> because Jabber (XMPP) is decentralized.

Absolutely! Japper is on. Git service is another.

Pj.

Re: Building a secure communications server

[Pjotr Prins]

On Wed, May 17, 2017 at 03:04:28PM +0200, Pjotr Prins wrote:
> Absolutely! Japper is on. Git service is another.

Japper is the new jabber ;)
-- 

Re: Building a secure communications server

[Ludovic Courtès]

Hello!

Clément Lassieur <clement@lassieur.org> skribis:

> Pjotr Prins <pjotr.public12@thebird.nl> writes:
>
>> Plan for a secure E-mail server
>>
>> The idea is to have a secure setup which can be replicated fast and
>> parameterized - i.e., there will be installation options. We'll
>> develop this so anyone can fire up a VPS instance and get a secure
>> communications environment - especially when people are on one host
>> and between hosts using encrypted channels.
>>
>> The plan is as follows:
>>
>> Phase 1
>>
>> . postfix with some utilities (postgrey, spfmilter)
>> . courier-imap
>> . web mail server using imap
>>
>> Phase 2
>>
>> . stunnel+sslh - for tunneling ssh/smtp/imap over port 443
>>
>> Phase 3
>>
>> . Spam/virus filters
>>
>> Phase 4
>>
>> . web based user mail account management
>>
>> Phase 5
>>
>> . mailman support
>>
>> Phase 6
>>
>> . irc support
>> . other messaging services
>>
>> Phase 7
>>
>> . voice support - mumble?
>>
>> My server runs phases 1-3.
>
> I don't understand how your server can run phases 1 to 3, since Postfix
> isn't packaged.  I guess you are running a foreign distro, which means
> you are still pretty far from you goal.
>
> My own mail server runs GuixSD with OpenSMTPD, which works very well (I
> even have one client!).  Is there an important feature OpenSMTPD is
> missing?  If so, we should package Postfix as a first step.
>
> Same question with Courier-Imap: why don't you use Dovecot?  Its Scheme
> configuration is very nice, and it seems much more popular than
> Courier-Imap anyway.
>
> Also, I would push for a Jabber service rather than an IRC service,
> because Jabber (XMPP) is decentralized.

And there’s also a Prosody service already.

It looks like with current GuixSD you could already get a simple
‘operating-system’ declaration with OpenSMPTD, Dovecot, and Prosody that
does a big chunk of the job!

Ludo’.

onionmail + bitmessage

[Fox]

how about a reproducible onionmail plus preparation of bitmessage 
powered by thunderbird frontside.


Should be quite a gain in security!

Re: Building a secure communications server

[Pjotr Prins]

On Sat, May 13, 2017 at 05:04:38PM +0530, Arun Isaac wrote:
> VPSs may be a start. But, I'm not comfortable with them long term. We
> should push for users to self-host their own infrastructure. It should
> be something like the FreedomBox project.
> 
> https://freedomboxfoundation.org/
> 
> The FreedomBox project is based on Debian. Perhaps, we can build
> something similar, but based on Guix.

Yes

> Currently, I self-host my blog, email, XMPP, GNU Social, and a few other
> services on my home ADSL connection with an Intel NUC running Parabola
> GNU/Linux. At some point in the future, I will migrate it to Guix.

Exactly what I am talking about. I also want to migrate my current
services so I can rebuild a system any time.

> > What would be a good webmail service to run over https? Should be
> > simple and secure (these go together, as you know). And should it run
> > over imap? I think we'll need to provide imap anyway.
> 
> Roundcube is what I use. I don't know if there are better options.
> 
> https://roundcube.net/

Yes, I saw that one before. One attractive thing about using IMAP as a
protocol is that the webservice can easily be isolated in a container.
I like that idea.

Pj.

--