Re: OpenBSD email provider
On Tue, Mar 18, 2014 at 04:54:55PM -0300, Giancarlo Razzolini wrote: Em 18-03-2014 15:56, Kevin Chadwick escreveu: On Tue, 18 Mar 2014 11:23:12 -0300 Giancarlo Razzolini wrote: It's perfectly useful, mail is only dropped by some idiotic systems (already mentioned) that don't understand or care about more effective anti spam methods or the little guy and when the big guys cause almost all of the spam. But there are still these idiotic systems that won't deliver you mail if you do not have reverse dns name. They deliver, but to SPAM folder. Google work like this. But e.g. yandex.ru, mail.ru work ok with no rDNS Except that if whoever has just been using that ip address is part of a botnet or likes mass mailing then you may well get blocked as you have no trackable reputation. There are things like DKIM but they aren't universally checked yet and serve more as assurance than combating spam. DKIM should be coupled with spf too. Yes, that is why I use amazon ses for the sending part. And I also use spf, of course. -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: OpenBSD email provider
Em 21-03-2014 21:48, Stuart Henderson escreveu: On 2014-03-19, Giancarlo Razzolini grazzol...@gmail.com wrote: Em 19-03-2014 09:41, Stuart Henderson escreveu: you have more trust in ISP DNS servers honouring TTLs than I do. if you can only get a dynamic IP at home and would like to host mail there yourself, in a machine which only you have physical access to, etc. (i.e. do *not* want to keep your email archive on a VPS), you could rent a VPS and use it as a tunnel endpoint instead. I don't. I do not use any of my ISP's dns servers. Also, in this case, I have to trust the other mta's dns servers honoring TTL's, not mine. That is exactly what I mean. You trust other ISPs, who you don't even have a business relationship with, to tell their customers/mtas to deliver your mail to the correct address... Some places deliberately place a minimum restriction on TTLs to save on bandwidth. Others do it to mitigate DNS rebinding attacks. So you can have problems caused by both good *and* bad ISPs... The bottom line is, we have today an email system that is broken, and I don't see it getting any better in the near future. Part is because it relies on another broken system which is dns, and part because the mta's are supposed to talk with each other and the standard is set on very low levels of security when it should be the other way around. You can host your own mail, but do not trust it to be really only your mail. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: OpenBSD email provider
On 2014-03-19, Giancarlo Razzolini grazzol...@gmail.com wrote: Em 19-03-2014 09:41, Stuart Henderson escreveu: you have more trust in ISP DNS servers honouring TTLs than I do. if you can only get a dynamic IP at home and would like to host mail there yourself, in a machine which only you have physical access to, etc. (i.e. do *not* want to keep your email archive on a VPS), you could rent a VPS and use it as a tunnel endpoint instead. I don't. I do not use any of my ISP's dns servers. Also, in this case, I have to trust the other mta's dns servers honoring TTL's, not mine. That is exactly what I mean. You trust other ISPs, who you don't even have a business relationship with, to tell their customers/mtas to deliver your mail to the correct address... Some places deliberately place a minimum restriction on TTLs to save on bandwidth. Others do it to mitigate DNS rebinding attacks. So you can have problems caused by both good *and* bad ISPs...
Re: OpenBSD email provider
On 2014-03-18, Craig R. Skinner skin...@britvault.co.uk wrote: On 2014-03-17 Mon 20:25 PM |, Jean-Francois Simon wrote: Just to mention, I'm looking for a more private ESP. As I know that OpenBSD conveys an idea of security, I tend to trust a provider relying on this OS. If you want to read documentation, become your own mail provider using OpenBSD. I have tried some time ago third solution, however I think since I have a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination. Find an ISP that will provision a static IP address do it yourself. In some places, there are monopoly ISPs who will not (or cannot) do this at all, in which case the only way to handle it is via a tunnel of some kind. Inbound: Ask your ISP about an ETRN feed, which used to be popular for businesses connected by dialup/ISDN. ETRN still requires static IP if you don't want to risk it being sent to an expired dynamic address.
Re: OpenBSD email provider
On 2014-03-18, Giancarlo Razzolini grazzol...@gmail.com wrote: But, with a very small ttl on the dns record (I use 60 seconds), this risk can be reduced. you have more trust in ISP DNS servers honouring TTLs than I do. if you can only get a dynamic IP at home and would like to host mail there yourself, in a machine which only you have physical access to, etc. (i.e. do *not* want to keep your email archive on a VPS), you could rent a VPS and use it as a tunnel endpoint instead.
Re: OpenBSD email provider
Em 19-03-2014 09:41, Stuart Henderson escreveu: you have more trust in ISP DNS servers honouring TTLs than I do. if you can only get a dynamic IP at home and would like to host mail there yourself, in a machine which only you have physical access to, etc. (i.e. do *not* want to keep your email archive on a VPS), you could rent a VPS and use it as a tunnel endpoint instead. I don't. I do not use any of my ISP's dns servers. Also, in this case, I have to trust the other mta's dns servers honoring TTL's, not mine. This approach of using a VPS with a VPN is a possibility. But until we develop a new email system, you'll have to rely on a flawed network to deliver you mail. -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: OpenBSD email provider
If you are already using your own email server, use it with OpenBSD it will be best and if you are looking into GUI for openbsd or simple solution check out http://gayatri-hitech.com/all-products/mailpigeon/ Thanks, Jay On Sat, Mar 15, 2014 at 10:24 PM, Jean-Francois Simon jfsimon1...@gmail.com wrote: Hello all, I'm looking for a secure mail provider, i fpossible using OpenBSD, also wondering if OpenBSD itself provides it for interested people. If anybody has informations thanks would be interesting to share. Regards Jeff
Re: OpenBSD email provider
On Mon, Mar 17, 2014 at 10:02:00PM -0400, Daniel Ouellet wrote: The last time I checked (and it was a long time ago), GMail rewrote either the sender or the reply-to address with the one you use to authenticate the connection. Again, it might not be true now, but it has happened to me in the past. Look to me that you should do some research before asking. simple google search gmail relay email and second link from the answer. https://support.google.com/a/answer/2956491?hl=en Start there and see where you want to go next. But please help yourself. Hopefully this will help you some. Best Daniel Hi Daniel Not sure if you were replying to me or to the OP, but I'll just clarify things for the archives. I just checked, and what I said remains true: If you compose a mail from f...@bar.com, and use GMail as a relay, using some GMail account's credentials (f...@gmail.com) for SMTP auth, the recipient will get a message in which the From: field has been rewritten from f...@bar.com to f...@gmail.com. Furthermore, the sent email will be stored in f...@gmail.com's Sent Mail folder. Anyway this whole discussion is pointless. If the OP is looking for a more private ESP using GMail as a relay isn't really an option IMHO. I just wanted to give a warning about the header rewriting. Over and out Zé --
Re: OpenBSD email provider
On 2014-03-17, Jean-Francois Simon jfsimon1...@gmail.com wrote: Just to mention, I'm looking for a more private ESP. As I know that OpenBSD conveys an idea of security, I tend to trust a provider relying on this OS. conveys an idea of security won't help you if the provider uses bad mail daemons or configuration or has an accident, all of which are just as possible with OpenBSD as another OS. Choice of mail daemon and knowledge/competence in the whole operating environment would mean more to me than particular choice of OS. Fastmail seemed above average to me last time I looked but this was several years ago, I prefer self-hosting.
Re: OpenBSD email provider
previously on this list Jean-Philippe Ouellet contributed: Also, absolutely sure privacy is totally respected??? Let me know when you find a jurisdiction in which you can reasonably expect that to even be possible to begin with. Yeah, I believe you have to pin STARTTLS for each host manually for it not to be easily circumvented. If you just wish to avoid search companies scanning your mail content for keywords then I expect there are many providers to choose from. Otherwise forget the server and use gpg and protect your host or look for an ISP that gives you a static IP. I find I still have some trouble with higher paying Cisco customers like banks though using dumb filter methods. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: OpenBSD email provider
On 2014-03-17 Mon 20:25 PM |, Jean-Francois Simon wrote: Just to mention, I'm looking for a more private ESP. As I know that OpenBSD conveys an idea of security, I tend to trust a provider relying on this OS. If you want to read documentation, become your own mail provider using OpenBSD. I have tried some time ago third solution, however I think since I have a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination. Find an ISP that will provision a static IP address do it yourself. Ask around at your local BSD/Linux user groups. Until then; Outbound: ask your ISP for their relay host detail. Normally it is mail.isp.net or smtp.isp.net. Usually there is no authentication required as they only allow connections from the (dynamic) IP addresses they provide to their customers. Inbound: Ask your ISP about an ETRN feed, which used to be popular for businesses connected by dialup/ISDN. If they charge extra for it, ask about the cost of a static IP connection compare. For off site mail, a search for OpenBSD shell hosting providers came up with these, some of which are used by people on this list: http://www.devio.us/help#10 http://www.grex.org/staff/system.xhtml http://openbsd.polarhome.com/
Re: OpenBSD email provider
On 3/15/2014 11:54 AM, Jean-Francois Simon wrote: Hello all, I'm looking for a secure mail provider, i fpossible using OpenBSD, also wondering if OpenBSD itself provides it for interested people. If anybody has informations thanks would be interesting to share. Regards Jeff Get an inexpensive OpenBSD VPS and do it yourself. You don't have to muck with your ISP at that point. -- James Shupe
Re: OpenBSD email provider
Em 18-03-2014 09:44, Kevin Chadwick escreveu: previously on this list Jean-Philippe Ouellet contributed: Also, absolutely sure privacy is totally respected??? Let me know when you find a jurisdiction in which you can reasonably expect that to even be possible to begin with. Yeah, I believe you have to pin STARTTLS for each host manually for it not to be easily circumvented. If you just wish to avoid search companies scanning your mail content for keywords then I expect there are many providers to choose from. Otherwise forget the server and use gpg and protect your host or look for an ISP that gives you a static IP. I find I still have some trouble with higher paying Cisco customers like banks though using dumb filter methods. A static IP address without a meaningful reverse name mapping such as mail.myopenbsdhomeserver.com isn't very useful. Most ISP's wont do reverse mappings or will charge your eyeballs for it. Also, you can host anything these days using dynamic ip addresses. If your IP address changes you will stay a few seconds without receiving any mail, and also may have some mail delayed, but you shouldn't lose anything. And you can use services for relaying your mail, instead of sending them directly from your home server. I use amazon ses and it works like a charm. It has DKIM and most mail servers accepts their mail without any problems. -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: OpenBSD email provider
I'm looking for a more private ESP. Personally, I am also fed up with people interfering with my earthquake precognitions.
Re: OpenBSD email provider
On Tue, 18 Mar 2014 11:23:12 -0300 Giancarlo Razzolini wrote: A static IP address without a meaningful reverse name mapping such as mail.myopenbsdhomeserver.com isn't very useful. Most ISP's wont do reverse mappings or will charge your eyeballs for it. It's perfectly useful, mail is only dropped by some idiotic systems (already mentioned) that don't understand or care about more effective anti spam methods or the little guy and when the big guys cause almost all of the spam. Also, you can host anything these days using dynamic ip addresses. If your IP address changes you will stay a few seconds without receiving any mail, and also may have some mail delayed, but you shouldn't lose anything. Except that if whoever has just been using that ip address is part of a botnet or likes mass mailing then you may well get blocked as you have no trackable reputation. There are things like DKIM but they aren't universally checked yet and serve more as assurance than combating spam. DKIM should be coupled with spf too.
Re: OpenBSD email provider
Em 18-03-2014 15:56, Kevin Chadwick escreveu: On Tue, 18 Mar 2014 11:23:12 -0300 Giancarlo Razzolini wrote: It's perfectly useful, mail is only dropped by some idiotic systems (already mentioned) that don't understand or care about more effective anti spam methods or the little guy and when the big guys cause almost all of the spam. But there are still these idiotic systems that won't deliver you mail if you do not have reverse dns name. Except that if whoever has just been using that ip address is part of a botnet or likes mass mailing then you may well get blocked as you have no trackable reputation. There are things like DKIM but they aren't universally checked yet and serve more as assurance than combating spam. DKIM should be coupled with spf too. Yes, that is why I use amazon ses for the sending part. And I also use spf, of course. -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: OpenBSD email provider
On Tue, Mar 18, 2014 at 11:23, Giancarlo Razzolini wrote: anything these days using dynamic ip addresses. If your IP address changes you will stay a few seconds without receiving any mail, and also may have some mail delayed, but you shouldn't lose anything. And you can Unless of course the new owner of your old IP decides to accept the mail.
Re: OpenBSD email provider
Em 18-03-2014 18:18, Ted Unangst escreveu: On Tue, Mar 18, 2014 at 11:23, Giancarlo Razzolini wrote: anything these days using dynamic ip addresses. If your IP address changes you will stay a few seconds without receiving any mail, and also may have some mail delayed, but you shouldn't lose anything. And you can Unless of course the new owner of your old IP decides to accept the mail. Yes, there is this risk. They accept, drop the message or, in the most extreme cases, can be malicious and accept and store the message and you'll never know you should had received. But, with a very small ttl on the dns record (I use 60 seconds), this risk can be reduced. Anyway, of course you should always host your e-mail on a static ip. But it is possible to do so on a dynamic one. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: OpenBSD email provider
Hello Some answers in your mail. Thanks. Just to mention, I'm looking for a more private ESP. As I know that OpenBSD conveys an idea of security, I tend to trust a provider relying on this OS. Regards Le 17/03/2014 02:51, Jean-Philippe Ouellet a écrit : On 3/15/14 12:54 PM, Jean-Francois Simon jfsimon1...@gmail.com wrote: I'm looking for a secure mail provider, i fpossible using OpenBSD, also wondering if OpenBSD itself provides it for interested people. If anybody has informations thanks would be interesting to share. https://github.com/mailserv/mailserv comes to mind, although I've never tried it or read its source. I think a better question might be what qualities you're actually looking for in your mail provider as your question seems to indicate a misguided approach towards some notion of secure email. I'm also using own server today, essentially, I have'nt check deeply, but seems gmail does use automated bots who check the mail content for purpose I don't know about. As far as I'm concerned, the only difference between 3rd party email services is reliability. I wouldn't trust any of them anyway. I see you have a pgp key on the keyservers, but it seems somewhat neglected since all your sigs have expired and dsa/elgamal (especially with 1024 bit keys) hasn't been recommended for quite some time. I think revisiting that would be a more productive use of your time than abandoning your gmail account. Indeed, I'm not using the keys anymore. They're not updated. Although, don't read the above as pgp solves your problems, you haven't explained your problems, and pgp has its issues too, some of which are unavoidable because of problems inherent to email to begin with. If what you're after is something more along the lines of private communication, I'd say email probably isn't what you're looking for to begin with. Maybe something more like OTR [1], or pond once it gets reviewed more. Not so much private as hidden but as private. [1] https://otr.cypherpunks.ca/ [2] https://github.com/agl/pond If you want absolute privacy, don't use computers. If you want to get things done, keep your gmail. If you want to read documentation, become your own mail provider using OpenBSD. No I don't need absolute privacy about this topic, I mean that needs encryption etc ... Yes I want things done, I keep the gmail account, yet I'm interested in a more private solution where I can be absolutely sure that privacy is totally respected. I have tried some time ago third solution, however I think since I have a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination.
Re: OpenBSD email provider
[1] https://otr.cypherpunks.ca/ [2] https://github.com/agl/pond If you want absolute privacy, don't use computers. If you want to get things done, keep your gmail. If you want to read documentation, become your own mail provider using OpenBSD. No I don't need absolute privacy about this topic, I mean that needs encryption etc ... Yes I want things done, I keep the gmail account, yet I'm interested in a more private solution where I can be absolutely sure that privacy is totally respected. I have tried some time ago third solution, however I think since I have a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination. So, you know you still can run your own mail server, encrypted your email if that's what you want and still relay via your gmail as well. There is nothing wrong to run your mail server, but instead of relay from it, you can relay from it to your ISP, or to GMail as well so your point of a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination wouldn't apply. If that's what you want, this doesn't stop you from doing exactly what you say you want to do. Having you authenticate to GMail to send out or your server authenticate on your behalf to GMail is not different. You may want to check it out if that's what you want and you would have what you say you want. Best regards, Daniel
Re: OpenBSD email provider
On 17/03/2014, at 20:21, Daniel Ouellet dan...@presscom.net wrote: [1] https://otr.cypherpunks.ca/ [2] https://github.com/agl/pond If you want absolute privacy, don't use computers. If you want to get things done, keep your gmail. If you want to read documentation, become your own mail provider using OpenBSD. No I don't need absolute privacy about this topic, I mean that needs encryption etc ... Yes I want things done, I keep the gmail account, yet I'm interested in a more private solution where I can be absolutely sure that privacy is totally respected. I have tried some time ago third solution, however I think since I have a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination. So, you know you still can run your own mail server, encrypted your email if that's what you want and still relay via your gmail as well. There is nothing wrong to run your mail server, but instead of relay from it, you can relay from it to your ISP, or to GMail as well so your point of a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination wouldn't apply. If that's what you want, this doesn't stop you from doing exactly what you say you want to do. Having you authenticate to GMail to send out or your server authenticate on your behalf to GMail is not different. You may want to check it out if that's what you want and you would have what you say you want. Best regards, Daniel The last time I checked (and it was a long time ago), GMail rewrote either the sender or the reply-to address with the one you use to authenticate the connection. Again, it might not be true now, but it has happened to me in the past.
Re: OpenBSD email provider
On 3/17/14 3:25 PM, Jean-Francois Simon wrote: Just to mention, I'm looking for a more private ESP. As I know that OpenBSD conveys an idea of security, I tend to trust a provider relying on this OS. Not necessarily a safe assumption. I'm also using own server today, essentially, I have'nt check deeply, but seems gmail does use automated bots who check the mail content for purpose I don't know about. That will continue to happen, whether in your mailbox, or the mailboxes of the people you are communicating with. No I don't need absolute privacy about this topic, I mean that needs encryption etc ... Yes I want things done, I keep the gmail account, yet I'm interested in a more private solution where I can be absolutely sure that privacy is totally respected. I don't see a way to interpret that statement such that it doesn't contradict itself. Do you want privacy? or not... Sounds like maybe you want privacy by entrusting all your data to others that you can't even audit, all without any crypto??? Yeah... good luck with that :P Also, absolutely sure privacy is totally respected??? Let me know when you find a jurisdiction in which you can reasonably expect that to even be possible to begin with. Absolute and totally are pretty strong words, especially in this era of mass-infrastructure- sabotage and involuntary key disclosure, not to mention the difficulties of implementing a reasonably secure system to begin with.
Re: OpenBSD email provider
The last time I checked (and it was a long time ago), GMail rewrote either the sender or the reply-to address with the one you use to authenticate the connection. Again, it might not be true now, but it has happened to me in the past. Look to me that you should do some research before asking. simple google search gmail relay email and second link from the answer. https://support.google.com/a/answer/2956491?hl=en Start there and see where you want to go next. But please help yourself. Hopefully this will help you some. Best Daniel
Re: OpenBSD email provider
I think this give you plenty of example to do what you are asking about: https://www.google.com/search?q=gmail+relay+emailie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-achannel=sb On 3/17/14, 10:02 PM, Daniel Ouellet wrote: The last time I checked (and it was a long time ago), GMail rewrote either the sender or the reply-to address with the one you use to authenticate the connection. Again, it might not be true now, but it has happened to me in the past. Look to me that you should do some research before asking. simple google search gmail relay email and second link from the answer. https://support.google.com/a/answer/2956491?hl=en Start there and see where you want to go next. But please help yourself. Hopefully this will help you some. Best Daniel
Re: OpenBSD email provider
On 3/15/14 12:54 PM, Jean-Francois Simon jfsimon1...@gmail.com wrote: I'm looking for a secure mail provider, i fpossible using OpenBSD, also wondering if OpenBSD itself provides it for interested people. If anybody has informations thanks would be interesting to share. https://github.com/mailserv/mailserv comes to mind, although I've never tried it or read its source. I think a better question might be what qualities you're actually looking for in your mail provider as your question seems to indicate a misguided approach towards some notion of secure email. As far as I'm concerned, the only difference between 3rd party email services is reliability. I wouldn't trust any of them anyway. I see you have a pgp key on the keyservers, but it seems somewhat neglected since all your sigs have expired and dsa/elgamal (especially with 1024 bit keys) hasn't been recommended for quite some time. I think revisiting that would be a more productive use of your time than abandoning your gmail account. Although, don't read the above as pgp solves your problems, you haven't explained your problems, and pgp has its issues too, some of which are unavoidable because of problems inherent to email to begin with. If what you're after is something more along the lines of private communication, I'd say email probably isn't what you're looking for to begin with. Maybe something more like OTR [1], or pond once it gets reviewed more. [1] https://otr.cypherpunks.ca/ [2] https://github.com/agl/pond If you want absolute privacy, don't use computers. If you want to get things done, keep your gmail. If you want to read documentation, become your own mail provider using OpenBSD.
Re: OpenBSD email provider
2014-03-15 17:54 GMT+01:00 Jean-Francois Simon jfsimon1...@gmail.com: Hello all, also wondering if OpenBSD itself provides it for interested people. No.
Re: OpenBSD email provider
I haven’t used this provider, but they use OpenBSD. http://www.neomailbox.net/ Mike On Mar 15, 2014, at 12:54 PM, Jean-Francois Simon jfsimon1...@gmail.com wrote: Hello all, I'm looking for a secure mail provider, i fpossible using OpenBSD, also wondering if OpenBSD itself provides it for interested people. If anybody has informations thanks would be interesting to share. Regards Jeff
Re: OpenBSD email provider
On Saturday 15 March 2014 15:56:00 Michael Cornwell wrote: I haven’t used this provider, but they use OpenBSD. http://www.neomailbox.net/ Mike You might as well check out BSWS. http://www.bsws.de/en Available in English and German, with a variety of services. Speaking from experience (MX hosting, DNS), they provide very competent and kind support. To answer OP's specific question: http://www.bsws.de/en/email/ -- OpenPGP Key 4096R/7F0B40F4
