guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Building a secure communications server


From: Clément Lassieur
Subject: Re: Building a secure communications server
Date: Wed, 17 May 2017 14:26:20 +0200
User-agent: mu4e 0.9.18; emacs 25.2.1

Hi Pjotr,

Thanks for working on this, I like the idea, and I have always wanted to
do something similar.

Pjotr Prins <address@hidden> writes:

> Plan for a secure E-mail server
>
> The idea is to have a secure setup which can be replicated fast and
> parameterized - i.e., there will be installation options. We'll
> develop this so anyone can fire up a VPS instance and get a secure
> communications environment - especially when people are on one host
> and between hosts using encrypted channels.
>
> The plan is as follows:
>
> Phase 1
>
> . postfix with some utilities (postgrey, spfmilter)
> . courier-imap
> . web mail server using imap
>
> Phase 2
>
> . stunnel+sslh - for tunneling ssh/smtp/imap over port 443
>
> Phase 3
>
> . Spam/virus filters
>
> Phase 4
>
> . web based user mail account management
>
> Phase 5
>
> . mailman support
>
> Phase 6
>
> . irc support
> . other messaging services
>
> Phase 7
>
> . voice support - mumble?
>
> My server runs phases 1-3.

I don't understand how your server can run phases 1 to 3, since Postfix
isn't packaged.  I guess you are running a foreign distro, which means
you are still pretty far from you goal.

My own mail server runs GuixSD with OpenSMTPD, which works very well (I
even have one client!).  Is there an important feature OpenSMTPD is
missing?  If so, we should package Postfix as a first step.

Same question with Courier-Imap: why don't you use Dovecot?  Its Scheme
configuration is very nice, and it seems much more popular than
Courier-Imap anyway.

Also, I would push for a Jabber service rather than an IRC service,
because Jabber (XMPP) is decentralized.

Thanks again :)
Clément

> The rest will be new for me though I know how mailman operates. We
> need to make the setup modular, so we can mix and match services (not
> everyone wants mailman or other web fronting services). Exim may be an
> option too.
>
> In parallel we'll start talking with VPS providers and see if we can
> host services cleanly on the fly. One area they need to help is to
> provide IPs that are not blacklisted for SPAM. With my server I am
> continuously fighting these lists. We should have some guarantees
> there.
>
> How does that look?
>
> Pj.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]