dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1098
share rss forum feed


Guest

@teksavvy.com

the need to legally have a full email server from home

»www.reddit.com/r/politics/commen···t_major/

the usa is so wound up on spying and from what i can glean its storing password in non encrypted form is going to lead to a real security nightmare one day....

I know bell canada has issues , i know of spammers but is there not some way we all can EARN a right to have port 25 unblocked....
IS IT some reason you all dont want to push this....that you then could say we are doing this for security and privacy of our users...and that its easy to do you just let people do it and if you get complaints you investigate and if some guy is using every bit a upseed to spam out email....then you know hes not cool and under terms you block his port 25....

I say this cause i really want to be free of 3rd party email and services....even your email no offence well i just don't trust anyone anymore with my privacy...

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
It was my understanding that Static IPs were not blocked.

It also might only be Port 25 outgoing, you can still run a server from home with Port 25 incoming unblocked, but you would still have to send your email out your ISP's server.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


jmck
formerly 'shaded'

join:2010-10-02
Ottawa, ON
Reviews:
·TekSavvy DSL
·Start Communicat..
you'd nee a static IP and also a proper hostname and matching reverse hostname that doesn't indicate you're on a DSL connection since most mail servers drop connections from DSL/Cable/dialup hostnames.

also most mail ends up being transmitted in the clear to other mail servers (port 25, no TSL). you can enable TLS but if the other mail server doesn't understand it then it will just fall back to a non-encrypted protocol.

also the Canadian gov is 99% likely doing the same thing or allowing the US to do it to Canadian providers.


BTC Kevin

join:2011-10-01
Nepean, ON
kudos:1
reply to Guest
said by Guest :

»www.reddit.com/r/politics/commen···t_major/

the usa is so wound up on spying and from what i can glean its storing password in non encrypted form is going to lead to a real security nightmare one day....

I know bell canada has issues , i know of spammers but is there not some way we all can EARN a right to have port 25 unblocked....
IS IT some reason you all dont want to push this....that you then could say we are doing this for security and privacy of our users...and that its easy to do you just let people do it and if you get complaints you investigate and if some guy is using every bit a upseed to spam out email....then you know hes not cool and under terms you block his port 25....

I say this cause i really want to be free of 3rd party email and services....even your email no offence well i just don't trust anyone anymore with my privacy...

This said, the way email works is a server-relay system. so even those emails on ya personal email server at home. can still be log'd as they pass through out the networks, because they jump between servers to get to destinations. you'd have to use a heavy end 2 end encryption system if ya wanted them safe. Other wise it's all pretty much a mote issue.


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
reply to kevinds
said by kevinds:

but you would still have to send your email out your ISP's server.

Or setup a VPS with a mail relay. There are also paid relay services that will typically allow non-standard ports.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
If you are going to setup a VPS as a mail relay, just setup your VPS as your mail server... Rather than running it from home.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.


jmck
formerly 'shaded'

join:2010-10-02
Ottawa, ON
this is a pretty good guide for self hosted and securing it as much as possible:

»sealedabstract.com/code/nsa-proo···2-hours/

Neo

join:2012-03-16

1 edit
reply to kevinds
But any VPS will hand out your info to your government if they ask. How can you trust them?
Edit: Nvm I read that as VPN. The NSA can't break into a VPS if you take the necessary precautions right?

taraf

join:2011-05-07
Stittsville, ON
said by Neo:

The NSA can't break into a VPS if you take the necessary precautions right?

I think you greatly underestimate what a skilled hacker can accomplish if they want to. If they want your details and e-mail, they'll find it. With the resources that the NSA has at their disposal post-9/11, it's a fairly safe bet they already have everything they want on you.

Besides which, if you're only securing one end of the equation, then there's no point in even trying. You still have to worry about securing the e-mail servers you're sending and receiving e-mail from. If they aren't secure, and the tunnels between them aren't secure, then your e-mail is still readable to them. And that's without even discussing the possibility of brute forcing your crypto keys using a rainbow table and a supercomputer....

You're much better off to operate under the assumption that they're reading your electronic communication, and have been doing so for years. A sudden change in your habits is likely to attract their attention, where they probably would have ignored you otherwise. Unless you're doing something "interesting" they don't care: they don't have the manpower to actually investigate everybody on the planet.

There simply isn't a way to guarantee secure communications when the Internet is involved.


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
reply to Neo
said by Neo:

But any VPS will hand out your info to your government if they ask. How can you trust them?
Edit: Nvm I read that as VPN. The NSA can't break into a VPS if you take the necessary precautions right?

Secure it and buy from a provider overseas.


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
reply to taraf
said by taraf:

There simply isn't a way to guarantee secure communications when the Internet is involved.

PGP is one solution.


Guest

@teksavvy.com
reply to jmck
thanks everyone , my only other question is if they have port 25 outbound blocked then why not make a client and server that uses a differing port , then just build this heavy encryption into it ....

the point being that i get why they block 25 cause of spammers but on htis type a system it woudl be mainly for actual use not some spam cause other email servers woudl then not get it as its all using differant ports....perhaps evne one that can be changed at will much as a sftp can shift its ssh ports


Spike
Premium
join:2008-05-16
Toronto, ON
reply to Guest
If the other end doesn't support TLS then its pointless regardless of where you're sending from.
You're best just restricting sending of sensitive information to email services that you know support STARTTLS and not a large megacorporate thats part of PRISM, etc.

I'm finding a lot of my email is going through TLS, especially with other smaller providers or small company shops, meaning its easier to just run the server from home.

Your lawyers office or whatnot for instance is likely to support it.
Simply send some test emails and check the logs to actually know who and who doesn't support TLS and act accordingly.

As was said, TSI doesn't block ports on Static IP's with proper reverse hostnames.

quidnunc

join:2011-03-03
Richmond Hill, ON
reply to Guest
you can use a rule in your email server to forward through your teksavvy email account if you've got one. i do that with my linux box (running postfix).

e.g. for my specific email server I've got relayhost_map with lines like:

username@myemail.com [out.teksavvy.com]:1025

then in the sasl_password

username@myemail.com myusername@teksavvy.com:teksavvyemailpassword

that's per sender authentication which requires an entry for each address but you can do more general (depending on the functionality of your email server). so i make an email which is sent to my linux box and the email server forwards it through out.teksavvy.com using the username and login on my teksavvy email account.