!!! Work in Progress !!!

Hidden Mailserver

This repository deploys a simple SMTP server on the Tor network using Docker containers for the purpose of self-hosting anonymous and end-to-end encrypted email communications without a public domain name or opening ports on one's router. It is based on the instructions provided by ehloonion/onionmx, and is designed to be as easy as possible to deploy.

The goal of this project is to allow individuals to communicate with as much privacy and security as possible. If you and your friend each deploy this and share your .onion email addresses, your subsequent correspondance would be virtually untraceable. Clearnet email providers will reject mail from servers lacking authentication from DNS records, so this is primarily intended for interpersonal communications between trusted parties.

Requirements

• Linux or MacOS (PRs welcome for Windows support)
• 2GB RAM (minimum)
• 2GB available storage for your emails (bare minimum)
• Internet connection
• Docker
• Sudo privileges to change the ownership of directories within this repository (read startup.sh)

Usage

1. Add known .onion addresses to the known_servers file, one per line

2. Run the startup script

./startup.sh

3. Create an initial email account (pseudonyms are more secure)

docker compose exec mailserver setup email create {{ your_username }}@{{ your_onion_service }}.onion

4. Configure your email client to use a SOCKS5 proxy

5. Import the CA cert into your email client

6. Login with POP3 using an email client

7. Configure GPG in your client (optional but highly recommended)

Security

You are encouraged to read startup.sh, docker-compose.yaml, and the provided configuration files. This repository utilizes well-known Docker containers (mailserver/docker-mailserver and dockurr/tor) with minimal configurations to achieve SMTP over Tor. Most users should be able to verify the contents of this repository themselves, and are encouraged to do so.

The startup script will generate keys for encrypting mail on disk; however, it stores these keys alongside the encrypted data all within this repository. You are highly encouraged to take steps to separate your keys from your data.

The encryption keys created in the startup script encrypts all mail stored on the server. GPG encryption establishes true end-to-end encryption between the sender and receiver. Configuring GPG encryption in your email client is highly recommended.

TLS is not used here, and is not needed.

Beware spoofed email addresses. Usernames can be reused across server instances and .onion addresses can be difficult to discern by eye. Make sure the person to whom you reply is who you think they are.

Additional restrictions may be desireable in docker-mailserver/postfix/master.cf and docker-mailserver/postfix/main.cf (not provided) to ensure the server does not reveal its public IP address by attempting to send or relay mail over the public internet. Please submit a PR if you have suggestions for a more secure default configuration.

Notes

A bridge network with static IPs is defined in docker-compose.yaml. This was done so that container IP addresses could be hardcoded into docker-mailserver/smtp_tor/smtp_tor.sh and tor/config/torrc. You can duplicate this repository in order to host multiple email servers at different .onion addresses from a single machine, which will allow you to maintain different identities for different purposes; however, the name of the network must be changed between deployments. Edit lines 2, 15, and 30 of docker-compose.yaml to do this.

You can use Python to generate a QR code an easy way to share your .onion address and GPG public key with trusted parties.

This application can easily run on modern consumer-grade hardware. While it can be hosted on one's own personal desktop or even laptop computer, delivery can fail if your server is offline. A Raspberry Pi is an inexpensive option for an always-on server. The same hardware requirements listed above would apply to a Raspberry Pi (2GB RAM, >2GB storage).