Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
On Sat, Nov 17, 2012 at 05:41:12PM +, Julian Yon wrote: > Would I recommend it? No. Unless you want to do so for the learning > experience. SMTP is insecure by design; running your own server doesn't > do anything to prevent interception of messages, it merely gives you > another system to administer. For security purposes you will achieve > more by learning how to use GnuPG to encrypt your mail. You can use > this with any email provider, either with tools built into (or added > onto) your mail client, or using the standalone tools and C&P. It > doesn't solve every problem (e.g. mail headers are plaintext) but it > does mean that the body of encrypted messages is not revealed if > communication is intercepted, or the server is seized. There are some clear advantages of running your own email server regarding surveillance and overall control. If you have your own email server, you can decide of your logging policy; and not necessarily keep a trace of all your exchanges. You can encrypt the server hard drives. For many server seizures this will prevent the data to be accessed right away. You are free to decide about your backup policy. When you click "delete", how do you know if there's not a copy that will stay available for a year? With Postfix and probably other mail servers, you can configure a per server TLS policy. You can make sure that the communication with SMTP servers used by your peers is properly encrypted (and not MITM'ed). It makes interception a lot harder. And you can be sure that what you receive in your mailbox will not be harvested for data collection. Unfortunately, you are never alone: this also depends on the server used to send the email... -- Jérémy Bobbio.''`. lu...@debian.org: :Ⓐ : # apt-get install anarchism `. `'` `- signature.asc Description: Digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
On Sun, 18 Nov 2012 09:50:20 +0100 Jérémy Bobbio wrote: > With Postfix and probably other mail servers, you can configure a > per server TLS policy. You can make sure that the communication with > SMTP servers used by your peers is properly encrypted (and not > MITM'ed). It makes interception a lot harder. > > And you can be sure that what you receive in your mailbox will not be > harvested for data collection. Unfortunately, you are never alone: > this also depends on the server used to send the email... i.e. you can't actually be sure of anything. Unless you control every link from sender to your server, you should assume your message can be (or even has been) intercepted. So your peers encrypt their traffic to you; doesn't mean that traffic to them was encrypted, nor does it mean that plaintext messages can't be plucked straight from their queues. While you gain the possibility to control your own storage, you don't control anything that any intermediaries (or those watching your intermediaries) store. This massively limits your advantage, while you have to deal with all the headaches that come with running a mail server. It worries me that this point isn't better understood. It's the same faulty reasoning that leads to people wanting 1-hop Tor routes. Control of your end and trusting the other end is not enough. Do you gain something? Technically yes. Is it enough to phase your adversaries? Almost certainly not. Having a fully anonymised mail service would be of benefit, but just running your own server doesn't even come close to providing adequate security, because SMTP *is insecure by design*. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) signature.asc Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
true, but looking at the massive amounts of government's requests from say, google for inbox content. i would say that storing your own mail will help a lot. of course, i don't know the true magnitude of interceptions, and encryption is a must to hide content. but it seems to me that practically, to make it harder to intercept metadata like who is mailing who, (which, in case of political dissent really is all the government needs to know. since that if i talk to a known activist, i should probably be interrogated.) a personal mail server can help. its not perfect, but so far the overhead of such a server doesnt seem too high to be worth it. plus, once its working well, i can expand it to say 200 people easily. if every one of 200 citizens would do that, we would get such decentralized mail that it will probably require intercepting a lot more. rather than a single 'national security letter' from an agent. lets poke big brother in the eye :) On 18 November 2012 15:07, Julian Yon wrote: > On Sun, 18 Nov 2012 09:50:20 +0100 > Jérémy Bobbio wrote: > > > With Postfix and probably other mail servers, you can configure a > > per server TLS policy. You can make sure that the communication with > > SMTP servers used by your peers is properly encrypted (and not > > MITM'ed). It makes interception a lot harder. > > > > And you can be sure that what you receive in your mailbox will not be > > harvested for data collection. Unfortunately, you are never alone: > > this also depends on the server used to send the email... > > i.e. you can't actually be sure of anything. Unless you control every > link from sender to your server, you should assume your message can > be (or even has been) intercepted. So your peers encrypt their > traffic to you; doesn't mean that traffic to them was encrypted, > nor does it mean that plaintext messages can't be plucked straight from > their queues. While you gain the possibility to control your own > storage, you don't control anything that any intermediaries (or > those watching your intermediaries) store. This massively limits your > advantage, while you have to deal with all the headaches that come with > running a mail server. > > It worries me that this point isn't better understood. It's the same > faulty reasoning that leads to people wanting 1-hop Tor routes. > Control of your end and trusting the other end is not enough. Do you > gain something? Technically yes. Is it enough to phase your > adversaries? Almost certainly not. Having a fully anonymised mail > service would be of benefit, but just running your own server doesn't > even come close to providing adequate security, because SMTP *is > insecure by design*. > > > Julian > > -- > 3072D/F3A66B3A Julian Yon (2012 General Use) > > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
On Sat, Nov 17, 2012 at 07:06:32PM +0100, Andreas Krey wrote: > On Sat, 17 Nov 2012 17:41:12 +, Julian Yon wrote: > ... > > or dedicated server, or colocate a machine of your own in a datacentre. > > While in theory you could run a server off a cable or DSL line, I > > wouldn't recommend it. Even if your ISP is friendly towards the idea > > they're unlikely to guarantee you the uptime you need for a reliable > > service. > > Don't think that regular colo/VPS server promise much more. The main > problem on cable/DSL is the usual lack of an actually fixed address. Keep in mind that colo/rent-a-server and cable/DSL at home aren't the only possibilities; I run my own mail server on a machine located in my home and have done so since about 2000 - since 2005 it's been on a T1 circuit with a 99.99% SLA, which has worked flawlessly, and before that it was variously on ADSL with static IP and dorm-room ethernet back before filtering such things got very common. With consumer-targeted internet service dynamic addresses can be a problem, but IIRC it's usually possible to get a static one or use dynamic DNS. Port-filtering and weird traffic shaping is the real problem; I've been refusing to deal with such and insisting on spending for the T1 ever since an unpleasant encounter with an ISP that blocked outgoing TCP port 22. > > Never mind that it'll be your home the police are sniffing > > around if you're doing anything illegal with it. > > ... > > at your server. If you only have the one server, then you'll only need > > one record, but if your server is down or unreachable then other > > servers will probably either bounce or blackhole incoming mail. > > Servers doing the former deserve to be walked away from (to another > provider), and admins of servers doing the latter are criminals, > at least in my local jurisdiction. *boggle* criminal prosecutions for one's mail server configuration? Remind me to stay well clear of your jurisdiction. > > They're under no obligation to queue it for you. > > Yes, they are. At least that is what every sane mail server does. > (Given the insane state of the world this doesn't say much.) > > [Actually, the server whose obligation to queue in case my MX is down > is being paid for by the person sending the mail.] In practice, on the few downtime events I have had with power outages or machine problems and such, I've mostly not had problems with servers not queueing and resending, but I have seen some mailing lists give up on delivering to my account and had to unsub/resub. > Well yes; I still like my mail directly appear in my inbox (even though > I admin that I need to poll this address). > > Andreas Yes, local mail spool is nice, and so is being able to just write one's own .procmailrc. -- Andrea Shepard PGP fingerprint: 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5 pgprknjdLyc0l.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
On Sun, Nov 18, 2012 at 09:50:20AM +0100, Jérémy Bobbio wrote: > There are some clear advantages of running your own email server > regarding surveillance and overall control. > > If you have your own email server, you can decide of your logging > policy; and not necessarily keep a trace of all your exchanges. Another advantage in this unpleasant age of warrantless searches and NSLs - if Big Brother has taken an interest in your mail, you can be sure *you will know about it*; with gmail they could be getting a copy of all your messages and have a gag order prohibiting anyone from telling you. -- Andrea Shepard PGP fingerprint: 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5 pgpLLUqEGPFvB.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor TTFtalk list)
The law enforcement needs a warrant to enter your home. So yep, at least you'll know about it. I wonder if getting a warrant to pull a server from co-lo takes the same amount of effort and paperwork as getting a warrant to enter someone's home? On Nov 18, 2012 4:26 PM, "Andrea Shepard" wrote: > On Sun, Nov 18, 2012 at 09:50:20AM +0100, Jérémy Bobbio wrote: > > There are some clear advantages of running your own email server > > regarding surveillance and overall control. > > > > If you have your own email server, you can decide of your logging > > policy; and not necessarily keep a trace of all your exchanges. > > Another advantage in this unpleasant age of warrantless searches and > NSLs - if Big Brother has taken an interest in your mail, you can be > sure *you will know about it*; with gmail they could be getting a copy > of all your messages and have a gag order prohibiting anyone from telling > you. > > -- > Andrea Shepard > > PGP fingerprint: 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5 > > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor TTFtalk list)
On Sun, Nov 18, 2012 at 04:40:11PM -0800, SiNA Rabbani wrote: > The law enforcement needs a warrant to enter your home. So yep, at least > you'll know about it. > > I wonder if getting a warrant to pull a server from co-lo takes the same > amount of effort and paperwork as getting a warrant to enter someone's home? Well, there is an advantage to co-lo in that if they raid your home they'll probably seize anything more technologically sophisticated than an abacus, whereas with the co-lo you'll just lose that server, at least in that raid. On the other hand, yeah, I don't know if there's a difference in terms of the amount of effort for them to get at it. You could also make it more of a hassle for them to follow up by putting it in a colo in a different country than your residence. What one *really* wants is a way to get colo anonymously and then harden the server against snooping in case they do seize it, but that seems fairly tricky to arrange since there's both the payment and the need to physically deliver the server as potential identity leaks. I think with colo it would be reasonably possible to be assured of knowing about it if it's tampered with, though. You could design something with a tamper-evident case so you'd know if it were opened or removed from the rack, you could ssh into it from your home machine and have a high-resolution probe of whether it's running or not, and so on. If you're particularly paranoid and up for a little hardware design, put an audio recorder or other suitable monitoring device on a PCIe card with a battery or supercap to charge up from the bus and then keep it running while the machine is shut down. -- Andrea Shepard PGP fingerprint: 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5 pgpDe9n6kQkkN.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
On Sun, 18 Nov 2012 16:18:35 -0800 Andrea Shepard wrote: > On Sat, Nov 17, 2012 at 07:06:32PM +0100, Andreas Krey wrote: > > > > Servers doing the former deserve to be walked away from (to another > > provider), and admins of servers doing the latter are criminals, > > at least in my local jurisdiction. > > *boggle* criminal prosecutions for one's mail server configuration? > Remind me to stay well clear of your jurisdiction. European states seem to be having some sort of race to see who can bring full-blown fascism back quickest. Given that for over a decade here in the UK if you're unlucky a forgotten passphrase could land you 2 years in jail I'm no longer surprised by any of these laws. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) signature.asc Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
On Mon, Nov 19, 2012 at 12:53:10AM +, Julian Yon wrote: > On Sun, 18 Nov 2012 16:18:35 -0800 > Andrea Shepard wrote: > > > On Sat, Nov 17, 2012 at 07:06:32PM +0100, Andreas Krey wrote: > > > > > > Servers doing the former deserve to be walked away from (to another > > > provider), and admins of servers doing the latter are criminals, > > > at least in my local jurisdiction. > > > > *boggle* criminal prosecutions for one's mail server configuration? > > Remind me to stay well clear of your jurisdiction. > > European states seem to be having some sort of race to see who can > bring full-blown fascism back quickest. Given that for over a decade > here in the UK if you're unlucky a forgotten passphrase could land you > 2 years in jail I'm no longer surprised by any of these laws. Yeah, there is that. What hear from the region recently makes me wonder if Europe has had a 'Sputnik moment' of a sort and suddenly decided it needs to catch up with and surpass the US in the Totalitarianism Race. -- Andrea Shepard PGP fingerprint: 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5 pgpgXHpaXjcL2.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor TTFtalk list)
On Sun, 18 Nov 2012 16:40:11 -0800 SiNA Rabbani wrote: > The law enforcement needs a warrant to enter your home. So yep, at > least you'll know about it. > > I wonder if getting a warrant to pull a server from co-lo takes the > same amount of effort and paperwork as getting a warrant to enter > someone's home? Sadly, there's what the law says should happen, and there's what actually happens. Once you've had enough encounters with police on a power trip (remember: they're armed, and you're probably not) you stop relying on the system to protect you. If that sort of crap is going to happen, I want it to happen somewhere that my kids are not. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) signature.asc Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
Hey Andrea, It's djon3s on twitter / malaparte on irc. If someone was looking for '2 years python / js experience' do you have any suggestions for a project that would unambiguously represent competence in this area? A subset of python compiled into JS perhaps? - dan jones Andrea Shepard: > On Mon, Nov 19, 2012 at 12:53:10AM +, Julian Yon wrote: >> On Sun, 18 Nov 2012 16:18:35 -0800 Andrea Shepard >> wrote: >> >>> On Sat, Nov 17, 2012 at 07:06:32PM +0100, Andreas Krey wrote: Servers doing the former deserve to be walked away from (to another provider), and admins of servers doing the latter are criminals, at least in my local jurisdiction. >>> >>> *boggle* criminal prosecutions for one's mail server >>> configuration? Remind me to stay well clear of your >>> jurisdiction. >> >> European states seem to be having some sort of race to see who >> can bring full-blown fascism back quickest. Given that for over a >> decade here in the UK if you're unlucky a forgotten passphrase >> could land you 2 years in jail I'm no longer surprised by any of >> these laws. > > Yeah, there is that. What hear from the region recently makes me > wonder if Europe has had a 'Sputnik moment' of a sort and suddenly > decided it needs to catch up with and surpass the US in the > Totalitarianism Race. > > > > ___ tor-talk mailing > list tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Need help -- File descriptors problem after update
Hello, I recently updated to I just 0.2.3.24-rc, and when i view my server in arm, I see the following notice types on my tor processes: *desc: 888 / 992 (89%) 04:44:31 [ARM_WARN] Tor's file descriptor usage is at 89%. If you run out Tor will be unable to continue functioning. *It doesn't seem like this should be a problem, because tor is running as root and my /etc/security/limits.conf shows: * * softnofile 4096 * hardnofile 65535 *Does anyone know how I can fix this? I don't know where the "992" number limit is coming from. Thank you.** ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
On Sun, 18 Nov 2012 16:18:35 +, Andrea Shepard wrote: ... > > Servers doing the former deserve to be walked away from (to another > > provider), and admins of servers doing the latter are criminals, > > at least in my local jurisdiction. > > *boggle* criminal prosecutions for one's mail server configuration? > Remind me to stay well clear of your jurisdiction. To be more precise: You can't just drop mail that isn't yours when you have no contract with the mail owner (sender/receiver) allowing you to do so. ... > In practice, on the few downtime events I have had with power outages or > machine problems and such, Yeah, the real problem is your home server going bellyup just while you are away for two weeks, or developing fan problems the morning you are going to the airport for said time. Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds Date: Fri, 22 Jan 2010 07:29:21 -0800 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Need help -- File descriptors problem after update
> as root There's no need to run Tor as root. Use packet redirection or hack the kernel if you feel the need for a low port. > I don't know where the "992" number limit is coming from. We don't know what system you're using. Start looking either from init onwards, login.conf, rc, etc. Or from your current process back to init. see also: tor conf - ConnLimit ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
