From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?utf-8?Q?Cl=C3=A9ment?= Lassieur Subject: Re: Building a secure communications server Date: Wed, 17 May 2017 14:26:20 +0200 Message-ID: <87inkz4qkz.fsf@lassieur.org> References: <20170513060327.GA20242@thebird.nl> <51f03a37.AEAAKHxcPksAAAAAAAAAAAOtZhgAAAACwQwAAAAAAAW9WABZFu9_@mailjet.com> <87efvs25de.fsf@gnu.org> <20170517115103.GA16553@thebird.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:38384) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dAy29-00008m-Ge for guix-devel@gnu.org; Wed, 17 May 2017 08:26:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dAy24-0004Hl-Jy for guix-devel@gnu.org; Wed, 17 May 2017 08:26:29 -0400 Received: from mail.lassieur.org ([83.152.10.219]:42426) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dAy24-0004H3-Bj for guix-devel@gnu.org; Wed, 17 May 2017 08:26:24 -0400 In-reply-to: <20170517115103.GA16553@thebird.nl> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Pjotr Prins Cc: guix-devel@gnu.org Hi Pjotr, Thanks for working on this, I like the idea, and I have always wanted to do something similar. Pjotr Prins writes: > Plan for a secure E-mail server > > The idea is to have a secure setup which can be replicated fast and > parameterized - i.e., there will be installation options. We'll > develop this so anyone can fire up a VPS instance and get a secure > communications environment - especially when people are on one host > and between hosts using encrypted channels. > > The plan is as follows: > > Phase 1 > > . postfix with some utilities (postgrey, spfmilter) > . courier-imap > . web mail server using imap > > Phase 2 > > . stunnel+sslh - for tunneling ssh/smtp/imap over port 443 > > Phase 3 > > . Spam/virus filters > > Phase 4 > > . web based user mail account management > > Phase 5 > > . mailman support > > Phase 6 > > . irc support > . other messaging services > > Phase 7 > > . voice support - mumble? > > My server runs phases 1-3. I don't understand how your server can run phases 1 to 3, since Postfix isn't packaged. I guess you are running a foreign distro, which means you are still pretty far from you goal. My own mail server runs GuixSD with OpenSMTPD, which works very well (I even have one client!). Is there an important feature OpenSMTPD is missing? If so, we should package Postfix as a first step. Same question with Courier-Imap: why don't you use Dovecot? Its Scheme configuration is very nice, and it seems much more popular than Courier-Imap anyway. Also, I would push for a Jabber service rather than an IRC service, because Jabber (XMPP) is decentralized. Thanks again :) Clément > The rest will be new for me though I know how mailman operates. We > need to make the setup modular, so we can mix and match services (not > everyone wants mailman or other web fronting services). Exim may be an > option too. > > In parallel we'll start talking with VPS providers and see if we can > host services cleanly on the fly. One area they need to help is to > provide IPs that are not blacklisted for SPAM. With my server I am > continuously fighting these lists. We should have some guarantees > there. > > How does that look? > > Pj.