Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Running a mail server, or not



On Mon, Jun 25, 2018 at 04:07:23PM +0000, Rich Braun wrote:
> Derek Martin <invalid at pizzashack.org> raised a couple more interesting points:
> > The fact is your
> > e-mail is already being consumed by the great government surveillance
> > machine regardless, since both incoming and outgoing mail has to
> > traverse multiple ISP backbones 
> 
> Not mine, at least not in clear-text. 

What Rich said.  Somewhere along the way, your message is plain text.

Years ago when Paul Lussier and I were the lead sysadmins for Mission
Critical Linux, we interviewed a guy for a junior position who openly
told us he snooped their pipes for all sorts of incoming traffic, and
read people's incoming mail, as a matter of course, if he was bored.
It struck us both as insane that someone would think this is OK,
enough so that they'd brag about it in an interview...  But if you
find one guy who does, there are undoubtedly dozens of others just
like him.

> In order to assemble all of my email traffic as plaintext, an
> intruder would have to specifically target my mail server

Or the servers of your recipients.  Or the pipes in between.  You
simply can not trust the privacy of e-mail.  Period.  If you want to
communicate something privately, DO NOT use e-mail, at least not
without encrypting the text itself.

> One place where I worked blocked port 22 but not 443. 

It happens... but so far, it's never happened to me. =8^)  Web mail is
an option but I deal with a lot of e-mail, and frankly I can't imagine
having to do that with something that lacks the power of Mutt or
similar.  

[FWIW I'm interested in finding a more modern mailer that has similar
power but with modern features that Mutt lacks.  So far, I haven't
found anything good enough to make switching seem worthwhile, but then
I haven't looked much recently, either.]

> > And to be honest, now that I'm getting older, I've started to think
> > about what happens if I should die. Frankly, no one will be able to
> > figure out my hosted server details
> 
> Estate-planning is part of why I overhauled my systems to the
> current state-of-the-art. 
[...]
> Create a doc explaining your tools, make as much of it public as you
> can

This is part of the problem.  I have encryption protecting everything
of value--mostly my vast collection of account credentials, but a few
other things.  If I create a document that contains the keys to
unlocking all those things, then I create a really nice target for
attack.  Granted, this would require me being targeted specifically...
But in any case, my family members would have to know about this
(easy), and then know what to do with it (hard), and as far as I can
tell I'm the only technical person any of them know (weird, I know,
but nonetheless true).  Even with that, they'd still be lost I think.

Also, I'm probably too paranoid for my own good... =8^)

> Arguably, having most of your private data (pictures, videos,
> writing, art, whatever) on your own private systems makes it
> more-accessible to your heirs: 

I agree, and there are worse things that can come with putting your
photos in the cloud, like the provider deciding to use them in their
ads, without your permission.  Read your ToS agreements... most of
them include such provisions (though TBH I haven't heard of any cases
where it's actually happened)...

I don't use the cloud to store my personal documents of any sort,
ever.
 
[one address per provider...]
> > to stick with my current scheme, I'd have to create an e-mail for
> > them on the fly, and find a way to actually create it before
> > they're going to use it.
> 
> Containerizing makes it easy to script generation of domains/aliases
> for deployment (to your postfix, spamassassin, dovecot, email
> client, anything else in your tech-stack) in seconds.

The trick is usually access.  Like I have no way to SSH into my
server at the moment...  Technically I can do it from my phone, but
I've found trying to do anything non-trivial on the phone is extremely
tedious and time consuming, so while it can be done, not in the amount
of time that wouldn't be extremely awkward while you're dealing with a
sales clerk or whatever...

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org