Specialist advice sought

[liv]

So my brother is trying to set up his own mail server as an act of resistance against the NSA. I have some doubts as to whether this is actually a worthwhile trade-off of political effect compared to effort, but anyway. He says:

I don't think I need massive expertise. I have a plan to set up a server and host email for myself and a few others and store stuff. I figured if I could teach my computer to send and receive email through mutt or sendmail, I'd have the skill. but before I start destroying people's lives by fucking up their emails, I thought I ought to learn how to do it.

Does anyone have any advice or can point Screwy to some relevant resources? I believe his computer dual-boots in Debian and Windows, but I wouldn't swear to that.

This is only related in the sense that I'm asking for advice from people with a particular area of expertise, on behalf of someone else. I have a really awesome new neighbour, who invited me in for a cup of tea and we ended up chatting for hours. Turns out her previous post was in Sweden so we had plenty to talk about comparing experiences. (Living here is a bit like being on a college staircase, in that all the other residents are also members of staff at the same university, so there's a strong assumption we will have a lot in common. I never really got to know my neighbours in my old place.)

Anyway, this neighbour is a bit disillusioned with academia, and is thinking of moving to the Civil Service. I know a few of you have made that leap, shreena and lavendersparkle come to mind, and there's probably a couple more I've forgotten. Can you offer any advice for my neighbour? Please email or PM me if you don't want to comment on a public post. She's particularly interested in whether the Fast Stream route makes sense or even applies if you're 30 rather than straight out of uni. She's a geologist and would be interested in energy policy related stuff, and also wants the chance to travel to or even work in Europe.

Comments

[siderea]

(At the risk of hijacking Liv's journal -- Liv, do we need to move this elsewhere?)

Hi, I'm back. I was inadvertently delayed, sorry.

1) Oooh, thanks for the tip.

2) I'm a regular TrueCrypt user at the desktop. My primary threat model has not been the NSA -- I'm a healthcare professional with highly confidential and prejudicial medical files entrusted to me, so mostly I was worried about someone stealing the device they were on for the value of the hardware, and then discovering the data bonanza; I also have to be a little concerned about PIs (possibly highly-skilled amateurs) engaged in espionage in the service of legal proceedings or stalkings. Sometimes I handle information of supposed relevance to divorce and child custody proceedings, and sometimes I handle information of supposed relevance to divorce and child custody proceedings of computer scientists. I would like to, let us say, reduce temptation: if you want what's on my HD, you can damn well explain it to a judge and do the Dance of the Subpoenas.

Here, I am primarily concerned with providing increased security for my patients, and providing them with secure-er ways of emailing me.

So I started thinking, "wouldn't it be groovy to have my email files actually live[*] on a TrueCrypt volume"; I looked into it. And I stopped. Because... how would that work exactly? Mail comes in via SMTP, and, well, how does it get into the TrueCrypt volume? The TrueCrypt volume just lives mounted on the device? How is that any more secure than not bothering to use it? Doesn't that then reduce the security of the TrueCrypt volume to the security of the server? It is wide open to anyone who can get into the server, and doesn't keep anyone additional out, yes? Isn't it like having a splufty un-pickable locking file cabinet, that one props open all the time?

Or does the TrueCrypt volume somehow get opened just for an MTA to write into? If so, how is the password managed? If the password is known to the MTA, isn't that like putting the key on the top of the file cabinet?

I don't really get encryption, so I'll readily confess I may be missing something here.

Have you actually tried doing this?

[* Where "live" means "in either a nice /var/mail spool format, and/or in nmh format after running through my ~3000 lines of procmailrc.]

Meanwhile, the whole Virtual thing has me twitchy. I have no sense whatsoever of how secure a VPS is against (1) the nice sysadmins of the company that is selling me the VPS, or (2) the nice sysadmins of the company (e.g. Heroku) selling the cloud space to the nice sysadmins in (1).

I realize I may be stuck colocating if I get serious about this.

[lovingboth]

Typically, with a server you get the equivalent of a terminal attached to a serial port. Exactly how it's done varies, but for this it means you can enter the required passwords on start up. This is a reason to have an alert system set up, something that goes 'Erm, I've tried talking to the server and it's not answering', because if the server falls over for any reason, you need to do something to restart it.

Yes, you need to trust the providers of any VPS. If they wanted to read your disk / RAM / etc, they could. Even with your own locked up hardware somewhere, something could be sniffing the network connection, able to read any unencrypted email. Because of these, I don't bother with TrueCrypt on my VPSes.

You are already doing more than most, and the most useful thing you can do is get your clients to use PGP to email you.

[siderea]

Typically, with a server you get the equivalent of a terminal attached to a serial port. Exactly how it's done varies, but for this it means you can enter the required passwords on start up. This is a reason to have an alert system set up, something that goes 'Erm, I've tried talking to the server and it's not answering', because if the server falls over for any reason, you need to do something to restart it.

Yeah, I'm familiar with the basics of having a server, both virtual and the one I have under my desk. But, in the scenario you describe:

1) Let's say you have 99% uptime. That means that if your email spool is on a TrueCrypt volume, ninety-nine percent of the time the volume is wide open, unencrypted. The only time a TrueCrypt volume is protected against unauthorized reading is when it's not in use. A server needs it in use all the time. I don't understand, given this, why one bothers using a TrueCrypt volume at all.

1a) Do you have any idea what can happen to a TrueCrypt volume when the host on which it's mounted crashes?

2) If your TrueCrypt-using SMTP/[IMAP|POP] server goes down, and the upstream SMTP server can't pass it its mail through TSL/SSL... what happens to that mail while it's waiting the statutorily-up-to-3-days for you to restart your server? It sits on an unencrypted drive?

So if somebody wants to read your mail spool, they just have to DoS your machine so your mail backs up on a more accessible server?

It sounds to me that even when you own your own hardware, there's absolutely no benefit to using TrueCrypt for a mail server, and quite a lot of downside, in terms of labor and increased risk in disaster recovery.

Now, it seems to me that if you're willing to be typing passwords into the server on every reboot, the best approach isn't TrueCrypt, it's a pub/priv keypair scheme, where your MTA takes every incoming email and lovingly wraps it in your (dedicated to this purpose) public key, and shoves it on a queue, and then it sits there waiting for you to run an intermediary between MTA and MUA which unencrypts the spool for the MUA.

Of course, the very best thing would be an MUA which doesn't need the messages unencrypted for it. Man, I'd love a version of nmh, all the components of which were bright enough to unencrypt message files on the fly. But then, there's the question of whether Every. Single. Command. would then require the user to type in a password, or whether the private key remains in some sense unlocked for a while.

the most useful thing you can do is get your clients to use PGP to email you.

1) PGP can't secure the metadata, which frankly is the most prejudicial information in the message.

2) Ha! That will be a cold day in hell. The vast majority of email users use systems which are fundamentally incompatible with key-management -- they're all web-based, either hosted services like Gmail or web-interfaced IMAP like Roundcube. While there are third-party services who will give you a browser plugin or greasemonkey script or some such to allow you to store your private key(s) on their server so you can read encrypted emails sent to you... holy crap, you're putting your private keys on some random anonymous person's server! :/

[lovingboth]

AIUI, if system encryption is set up correctly, unless you are either logged in with sufficient rights or have very low-level access - like reading its RAM - to the running server, you can't read the contents of the encrypted data. To the point where, AIUI, people running servers containing very dodgy stuff use it and have disposable public-facing sites run encrypted links to it, knowing that the hosting place for the main server can't find out what's on it, even by sniffing the network connection.

But you can't guarantee no-one has that low-level access, especially on a VPS running a hypervisor.

I wonder if you either need to accept that you're doing the best that you can - no-one can read your disk without your co-operation, but they could sniff the network at any point between you and the client - or get clients to use something other than email to communicate with you.

[siderea]

AIUI, if system encryption is set up correctly, unless you are either logged in with sufficient rights or have very low-level access - like reading its RAM - to the running server, you can't read the contents of the encrypted data.

What do you mean by "system encryption"? Do you mean storing data/mail queues on TrueCrypt? Or are you now talking about something else?

To the point where, AIUI, people running servers containing very dodgy stuff use it and have disposable public-facing sites run encrypted links to it, knowing that the hosting place for the main server can't find out what's on it, even by sniffing the network connection.

Ah. If you ever encounter one of those people, do please send them my way so I can ask them some technical questions.

[lovingboth]

TrueCrypt's documentation page on 'system encryption'.

Contacting that sort of person is left as an exercise for the reader :)

Sorry, took a few days to get to this

[liv]

I'm totally happy for you to have this discussion in the comments to my post. I would note that the conversation will probably go better if you assume that lovingboth is equally technically knowlegeable as you and has equally good reasons for being really serious about privacy / security of correspondence. I know this isn't always the case with people trying to give you advice on the internet!