Nathan, The development servers are in separate jurisdictions throughout the world. For the initial proof of concept, I have two MTAs and two Data Servers, with one spare server. Each one is in a separate jurisdiction to make it more difficult to tap. I won't go into details, but let's just say that the United States wasn't an option for the Data Servers. I may consider the US for MTAs in the future...
Rock On Tue, Sep 17, 2013 at 6:10 PM, Nathan Suchy < [email protected]> wrote: > You should send email from a separate server in a different location and > have legal protection. Keep it in a Europe country that would help... > > Sent from my Android so do not expect a fast, long, or perfect response... > On Sep 17, 2013 5:45 PM, "Conrad Rockenhaus" <[email protected]> > wrote: > > > Nathan, > > > > That's exactly what I'm doing with this project. > > > > Internet<---->MTAs(Just running Postfix with ABSOLUTELY no logging) also > > running TOR as a (client only)<------>Data Server(Running as Hidden > Service > > only, no logging)<----->TOR End User > > > > Basically, to the normal Internet, it will just be a plain jane email > > address that is coming from a plain jane MTA. The MTAs will not know the > > IP address of the data servers because they will only deliver the email > via > > TORified SMTP to the data server. > > > > Of course, standard SPAM limiting measures will be in place (limits on > > number of addressees in a message, limits on how many messages can be > sent > > per minute, per hour, etc.) > > > > Now I've got the MTAs, I'm just perfecting the configuration and trying > to > > figure out a good domain name to use for the service (I would rather not > > use networks.rockenhaus.com, which is the placeholder for now.) I also > > need to come up with a secondary domain name in case people start > blocking > > emails from the domain. > > > > I'm funding the initial proof of concept. What I'll be asking for is > > either a honor system payment (so those who can't afford to pay can still > > use the service) or a donation based model, and also try to fund the > > service with tor based web hosting (which I doubt will bring in any > needed > > cash) and ask for donations of bandwidth and servers. > > > > The primary main objective, heh, is to ensure a failsafe system to > provide > > freedom of expression, freedom of government intrusion, and freedom of > > ensuring access to an experimental anonymous email system that won't turn > > over anything on it's servers, as if authorities seize MTAs, they won't > > find any evidence on there, and if they seize a data server, there's > > another data server standing by to automatically fail over (not putting > the > > eggs in one basket like tormail.) The only lines of compromise are > > sniffing the traffic in the MTAs, most TOR users are capable of utilizing > > encryption for their emails anyway. > > > > Sorry for the long response. I just wanted to paint a picture of how it > > would work. > > > > Now, for those who are curious about a guy who appeared out of no where > and > > started building this - I've been lurking for a while, and I didn't want > to > > say anything until I had the resources to build this. If you want > further > > information about me please feel free to contact me and I'll let you know > > who I am and why I am very pro free speech and pro tor, even when it's > used > > to personally attack me. > > > > Thanks, > > > > Rock > > > > > > On Tue, Sep 17, 2013 at 3:51 PM, Nathan Suchy < > > [email protected]> wrote: > > > > > If your willing to use a few servers one could be a Tor Node and one > > could > > > be an Email Relay which seemed normal and custom code your project.. > > > > > > Sent from my Android so do not expect a fast, long, or perfect > > response... > > > On Sep 17, 2013 10:26 AM, "Conrad Rockenhaus" <[email protected]> > > > wrote: > > > > > > > Thanks. The service that I'm starting up is connecting to external > mtas > > > > that aren't tor exit nodes. So basically, the way tormail was set up > > to > > > a > > > > degree. Starting out small until so I can prove the viability so > people > > > > will start using and hopefully donating either bandwidth or etc to > keep > > > it > > > > alive. > > > > > > > > There's going to be one major difference between this project and > > tormail > > > > though - the data/web backend won't be in one place. More on that > > later, > > > > I'm trying to get the proof of concept off the ground. > > > > > > > > -Rock > > > > On Sep 17, 2013 10:11 AM, "Harold Naparst" <[email protected]> > > wrote: > > > > > > > > > > http://eq4xhu6y7nmemcb2.onion/squirrelmail > > > > > > > > > > > is almost online. Working out some kinks and need to get the > > bigger > > > > MTAs > > > > > > set up. However, I need to find a good automated sign up script > > > > because > > > > > I > > > > > > don't feel like coding one. Anyone know of a good one? I've > tried > > > the > > > > > > Google and came up empty handed. > > > > > > > > > > Rock, you can check out mine: http://secmailmzz5xe4do.onion > > > > > > > > > > I haven't had time to add a CAPTCHA yet, because I'm more > interested > > in > > > > > working on getting mail sent to non-onion sites to use the tor > > network > > > > > without leaking DNS and so on. The registration script depends on > > how > > > > you > > > > > are storing your login information, and there are a lot of ways to > do > > > > that. > > > > > I'm using vpopmail, and I hacked vqregister, which is mentioned in > > the > > > > > squirrelmail plugins page. Vqregister is truly horrible, and I had > > to > > > > hack > > > > > it pretty badly to get it to work. If you want it, though, you can > > > have > > > > > it. But probably you're using something else (like > > > > postfix/postfixadmin), > > > > > and so the architecture won't work for you. > > > > > > > > > > This hidden mail service will probably only be useful for mail to > > other > > > > > .onion sites, because most large e-mail providers block e-mail from > > tor > > > > > exit nodes, as I found out during testing. > > > > > > > > > > Harold > > > > > -- > > > > > tor-talk mailing list - [email protected] > > > > > To unsusbscribe or change other settings go to > > > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > > > > > > > -- > > > > tor-talk mailing list - [email protected] > > > > To unsusbscribe or change other settings go to > > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > > > > > -- > > > tor-talk mailing list - [email protected] > > > To unsusbscribe or change other settings go to > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > > > -- > > tor-talk mailing list - [email protected] > > To unsusbscribe or change other settings go to > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > -- > tor-talk mailing list - [email protected] > To unsusbscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
