Some time ago there was a post on reddit ( https://www.reddit.com/r/Qubes/comments/9q76f2/splitmail_setup/) that described setting up an offline mail vm. Just kill the "send" part there and you'll get a mail black hole that receivs but never sends. Seems like this is more or less what you want.
On Tuesday, August 6, 2019 at 5:06:54 AM UTC+3, redd...@vfemail.net wrote: > > In Qubes, is it possible to set up a VM that can receive email, but not > send information out, via email or otherwise? > > The motivation is: Many online accounts rely on an email address to reset > passwords. However, the VM that handles inbound emails, processes a lot of > untrusted input. If the VM gets compromised by an attacker, the attacker > can then send password reset emails and read them. So to defend against > this, I want to prevent the compromised VM from communicating out the > contents of these password reset emails. > > Specifically: > 1. Assume the VM is compromised (can't rely on in-VM enforcement > mechanisms). > 2. Assume the email provider is not compromised > > To further illustrate the problem, here are example setups and why they > don't work: > > Setup 1: Use qubes firewall to restrict to the email provider's server and > IMAP port. Block UDP requests using qvm-firewall. > Why it doesn't work: Attacker can create an account on the same email > provider and connect to their account (the firewall rules will not prevent > this). They can then sync emails containing any data, to their account. > > Setup 2: Like Setup 1, but use POP3. > Why it doesn't work: Attacker creates account at provider, transmits data > via POP3 delete operations. > > Does anyone have a email setup with this inbound-only property, ideally > that does not require running their own email server? > > Thank you. > > > ------------------------------------------------- > This free account was provided by VFEmail.net - report spam to > ab...@vfemail.net <javascript:> > > *ONLY AT VFEmail!* - Use our *Metadata Mitigator*™ to keep your email out > of the NSA's hands! > $24.95 ONETIME Lifetime accounts with Privacy Features! > No Bandwidth Quotas! 15GB disk space! > Commercial and Bulk Mail Options! > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bfb49d87-20e4-44c5-af4a-ef2e0e931cec%40googlegroups.com.
