forked from onionmail/onionmail
-
Notifications
You must be signed in to change notification settings - Fork 0
federicoculloca/onionmail
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
OnionMail ################################################ # WEB: http://onionmail.info # # TOR: http://louhlbgyupgktsw7.onion # ################################################ OnionMail is an open source SMTP/POP3 compatible mail server with some functions designed for Tor hidden services. OnionMail use filesystem cryptography and some extended functions. This server also allows you to use the email in the tor network without losing the ability to communicate with the Internet. «In the future, maybe we will implement the anonymous coffee! Today, only OnionMail ;) » OnionMail functions: Multiple instances of server. (multiple indipendent hidden services). SSL cryptography by default. (STARTTLS 2048 bits) Multiple encryption everywhere, RSA + AES + RSA + AES with salt. Support unicode password (UTF-8 password and 2048 bits keyfiles). Inhibition of store any message in relay server. (Only direct connection is allowed without multiple connections). Metadata protection. NSA or GCHQ can't read your metadata. SMTP Compatibility. Internet normal email compatibility. AntiSpam, blacklist and realtime filters. Decentralized trust system for SSL certificate and public keys and exit list. Native mailing list support. Garbage collector to remove automatically old messages. Clock and time zone spoofing. Server services and operations: Add / Remove mail address or mail server in blacklist. Mailing list Subscribe / Unsubscribe. Request of server "rulez". (Server help). (All via mail message to the server directly "server@ xyz... .onion ") JAVA Implementation for all platform. Native version compiled with GCJ. Localhost control port and server API. Protected server password and keys (optionaly not saved). IP BlackList Onion BlackList RSA Server and Tor connection authentication. Connections via Tor Network. Enter/Exit server to connect Tor to Internet and viceversa. Statistics in csv format. TorDNSLocalProxy to work with Exim4 and transprent SOCSK4A Tor Proxy. Strong cryptography (RSA 2048 bits, AES 256 + AES 256 + AES 256 ). Password key derivation via multiple keyfiles and passwords. Deleting files with wipe by default. Message headers filtering to hide informations and sigint. POP3 TLS Access. SMTP TLS Access. User's parameters. Exit node selection to connect to internet. M.A.T. Protocol to connect correctly Internet, Tor, email and OnionMail. Server identification request via email to obtain the ssl certificate fingerprint. Self headers rebound to verifiy the client's mail headers and OnionMail filtering. AntiSpam system. And much more..... Why OnionMail The real question is: «Why not???». OnionMail defends the right to confidentiality of communications. OnionMail prevents clandestine espionage “otherwise democratic” governments. How it works? Usually other mail systems all mail messages pass through different SMTP servers often the connection is not encrypted. With OnionMail the connection is always encrypted and the server does not saving data to disk. Only the recipient's server stores the messages. The message files into the server are encrypted with asymmetric key, which is encrypted with the password of the user and the server keys. In the event of theft, the system does not reveal any sensitive data. It always advisable to use PGP or GPG to encrypt e-mail messages. When a message is sent from the Internet it passes through the server Enter / Exit. These servers are the entry and exit nodes of Tor for e-mail. The user can choose which node to use to communicate to the internet. Spam is short-lived because there are the custom blacklists. So each user can set their own spam filters. All servers are federated to create a check system for SSL server certificates. With systems like this X-Keyscore and similar technologies have big problems to intercept your mail messages. Rules of Use Messages with multiple recipients are not allowed. There aren't Delivery Status Notification. If there are any problems email client responds with an error directly. The message headers are filtered. The hostname and ip addresses in the mail headers will be deleted or replaced with [0.0.0.0]. It compulsory to use TLS. (STARTTLS, SSL 2048 bits). You can manage the Blacklist and block individual addresses or entire hidden service to block spam. The messages are automatically deleted after a number of days even if unread. You can request services and information to the server by sending a message to the server@xy ... z.onion Always follow the rules of the server. For more information please send a message with subject RULEZ to your server. The SysOp, admin or root user can't read your private email messages. How to use To use OnionMail you must use a Tor connection. We suggest to use Tails and GPG or PGP to encrypt your email messages. To get your OnionMail use this page. http://onionmail.info/reqmail.html There aren't any webmail to use your OnionMail. To read your email use the POP3 with TLS protocol. (ClwawsMail and Thunderbrid supports this protocol). When you send an email to the internet your address is changed by the M.A.T. (Mail Address Translator) protocol. The onion address in moved before the character "@" and is append after"@" an intenret domain name of the exit/enter node. Example: If your mail address is: [email protected] The exit node is: onionmail.info The address will automatically translated: [email protected] To use the servers services, send an email message to your server. The address of server is "server" and all the same before character "@" of your OnionMail address. Example: If your mail address is: [email protected] Your server is: [email protected] The SysOp is the owner/administrator of the server. The address of sysop is "sysop" and all the before character "@" of the server address. Example: Your SysOp mail address: [email protected] To use the server's services send an email message to the server, the subject of the messages is used to select the function. Example: If you want tho read the server rules send a message to your server (example [email protected]) with the subject "RULEZ" The server will reply to you with the rulez file. How to activate an OnionMail account into the OnionMail's project deep network Generate a PGP key associated to an email or an existent OnionMail address. Go to this page. Paste your PGP public key and enter your email (or current OnionMail) address. Select the server. We suggest “ridot”. Choose the username. Click on the button “subscribe” and wait for 150/200 seconds. Do not leave the page. Read your email. You will receive an encrypted message and account informations. Server Functions As described in the previous section, to use the server's functions send a message to your server. Get server informations: Send a message to the sever width subject: IDENT The server will reply to the SSL and server informations. Manage your SPAM filters: To read the SPAM filters senda a message to the server width subject: SPAM LIST To add an address the subject is: SPAM ADD [email protected] To add an entire server the subject is: SPAM ADD *@spamexample.onion To remove an entry, read the number from SPAM LIST. The subject is: SPAM DEL (number) Subscribe to a mailing list: Send a message to the mailing list's server (server@ all the same after "@" of list address). The subject is: LIST [email protected] SUBSCRIBE Unsubscribe to a mailing list: Send a message to the mailing list's server (server@ all the same after "@" of list address). The subject is: LIST [email protected] UNSUBSCRIBE Get the exit node list: The subject is: EXIT LIST To set the default exit node: The subject is: SET EXIT exitnode.example.org To get help, rules and manuals: The subject is: RULEZ Tho get the rulez file of a mailing list: Send a message to the mailing list's server (server@ all the same after "@" of list address). The subject is: LIST [email protected] RULEZ To check your headers: The subject is: REBOUND HEADERS How to activate a server To activate an OnionMail server you must use Tor and Java. We suggest to install cpulimit to prevent server CPU trouble when OnionMail generates the keys. Don't create any exit server if don't know what you are doing: An OnionMail enter/exit server can associate the hidden service onion address to the internet address. Do not create any user into the enter/exit server. The first step is: Create an hidden service: Create a directory, for example /home/onionmail/hiddenServiceDir Edit the /etc/tor/torrc file to add an hidden service: HiddenServiceDir /home/onionmail/hiddenServiceDir/ HiddenServicePort 25 127.0.0.1:10025 HiddenServicePort 110 127.0.0.1:10110 Download OnionMail and extract it, for example in /home/onionmail Create the user and group for onionmail and set the files permissions. Restart tor and wait for the completion of tor bootstrap. Read the content of the file hostname into the hiddenServiceDir. This is your .onion address. Edit the OnionMail configuration: Edit the file servers.conf ( /home/onionmail/etc/servers.conf ) Modify the line "SMTPServer example {", after the word SMTPServer replace "example" with a nickname of the server. Modify the parameter "Onion". This is the address of the hidden service (put the content of the file hiddenServiceDir/hostname ). Modify the parameter "MailDir". This is the root directory of the server, use an absolute path and do not create the directory. ( For example /home/onionmail/maildir ). Change the passwords: Parameter PassWD. Don't forget to modifiy the root password into the configuration file control.conf ( /home/onionmail/etc/control.conf ). If you want tho create an exit/enter OnionMail server: Set the MX record of the enter/exit internet domain name of the server. Modify the file servers.conf into OnionMail config directory. Set the parameter "ExitRouteDomain" tho the internet domain name of the server. Set the parameter "ServerType" to "exit". Set the parameter "SMTPPort" to 25. This is the SMTP port. (Listen 0.0.0.0:25) Don't forget to set: HiddenServicePort 25 127.0.0.1:25 into the torrc file. ( /etc/tor/torrc ). Don't forget to modify the ssl infomations (SSLInfo) into the servers.conf file. How to create multiple servers: Modify the /etc/tor/torrc to create more hidden service and hiddenServiceDir (directory). (Do not reuse the same ports). Add multiple server block into the servers.conf ( /home/onionmail/etc/servers.conf). (Copy and paste the first server block and change the copy). Generate the server: java -jar onionmail.jar --gen-servers Copy the files keyblock.txt and sysop.txt in a secure place (not into the server machine!). Do this for each OnionMail server. Start the OnionMail server: java -jar onionmail.jar Paste the contents of keyblock.txt and server keyblock password (read sysop.txt). The content of keyblock.txt end with a line "." You can also use a little trick to daemonize OnionMail: Wipe the files keyblock.txt and sysop.txt. Create a single password file. java -jar onionmail.info < passwordfile & How to control the server: You can use the PHPOnionMail package or the API directly. To use the API connect via telnet: telnet 127.0.0.1 9100 How to create a user manually: telnet 127.0.0.1 9100 server nickname serverpassword addusr username quit The SysOp account: The user logon informations are into the sysop.txt
About
TOR Mail encrypted server for Hidden Services
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published