On Tue, 9 May 2023 13:36:07 -0600 Zack Newman <z...@philomathiclife.com> wrote:
> Personally, I don't think this makes all that much sense. E-mail is not > very secure. If you can't guarantee communication is E2EE, then this seems > like false security/privacy to me. Not only does the other recipient > likely use a service like Gmail which means your communication is in > Google's hands; but unless you strictly enforce encryption in transit- > most MTAs only use _opportunistic_ encryption-every device your e-mail > traversed possibly has access to the content as well. This is why > applications like Signal are gaining popularity especially in the > crypto/infosec crowd. Well, this is true… for the ultimate guarantee, you use end-to-end encryption tools like S/MIME and OpenPGP. This is a more "can it be done" exercise. If it proves to "not be that secure", then so be it. It's a case of nothing ventured, nothing gained. > Last, if you are worried about the "remote server"; then why not just > host the MTA at your house along with your "home mail server"? If you check the MX records of my present email domain, you'll see that's exactly what I'm doing. The email is hosted at my house (on a Linux VM) behind an OpenBSD router/firewall which is directly connected to this country's glorious NBN. Now, those who know anything about Australia's NBN will know that it is utterly useless in a power outage and can have bouts of unreliability. (I run HFC NBN. NTD is on back-up 12V power, but the infrastructure in the street is not, so in a black-out, the NTD sits there blinking useless asking: "where's my network?!?!") If the NBN goes down, or I'm doing maintenance… MX is down and out. If I'm away from home when it goes down, it might be days before I can get back there to fix it. I'd like my emails to just safely sit somewhere under my control until they can be collected. I could just store them on the server clear-text and use UUCP for delivery. I've certainly coaxed Taylor UUCP to work over SSH in the past, and it does work just fine. Not sure if OpenBSD has a built-in UUCP, but that is an option. It'd solve my immediate problem… but I figure if they're going to sit there any length of time, I might as well protect them from prying eyes if possible. The aim here is not to defend against every possible attack, it's to defend against the most probable ones and keep people honest. Regards, -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
