From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pjotr Prins <pjotr.public12@thebird.nl>
Subject: Re: Building a secure communications server
Date: Wed, 17 May 2017 13:51:03 +0200
Message-ID: <20170517115103.GA16553@thebird.nl>
References: <20170513060327.GA20242@thebird.nl>
	<51f03a37.AEAAKHxcPksAAAAAAAAAAAOtZhgAAAACwQwAAAAAAAW9WABZFu9_@mailjet.com>
	<87efvs25de.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47824)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pjotr2017@thebird.nl>) id 1dAxUE-0008GE-TJ
	for guix-devel@gnu.org; Wed, 17 May 2017 07:51:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pjotr2017@thebird.nl>) id 1dAxUB-00064f-Le
	for guix-devel@gnu.org; Wed, 17 May 2017 07:51:26 -0400
Received: from mail.thebird.nl ([95.154.246.10]:44782)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <pjotr2017@thebird.nl>)
	id 1dAxUB-00063r-EY
	for guix-devel@gnu.org; Wed, 17 May 2017 07:51:23 -0400
Content-Disposition: inline
In-Reply-To: <87efvs25de.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

Plan for a secure E-mail server

The idea is to have a secure setup which can be replicated fast and
parameterized - i.e., there will be installation options. We'll
develop this so anyone can fire up a VPS instance and get a secure
communications environment - especially when people are on one host
and between hosts using encrypted channels.

The plan is as follows:

Phase 1

. postfix with some utilities (postgrey, spfmilter)
. courier-imap
. web mail server using imap

Phase 2

. stunnel+sslh - for tunneling ssh/smtp/imap over port 443

Phase 3

. Spam/virus filters

Phase 4

. web based user mail account management

Phase 5

. mailman support

Phase 6

. irc support
. other messaging services

Phase 7

. voice support - mumble?

My server runs phases 1-3. The rest will be new for me though I know
how mailman operates. We need to make the setup modular, so we can mix
and match services (not everyone wants mailman or other web fronting
services). Exim may be an option too.

In parallel we'll start talking with VPS providers and see if we can
host services cleanly on the fly. One area they need to help is to
provide IPs that are not blacklisted for SPAM. With my server I am
continuously fighting these lists. We should have some guarantees
there.

How does that look?

Pj.