EthACKdotOrg/fogmail

Distributed mail service

Fogmail

Because we don't want our mails to be in the clear.

Security, decentralization, opensource

Fogmail intends to be an opensource, community driven mail service. With security in mind.

Wow, that's a lot of buzz-words so let us explain the concept.

Opensource

All the softwares are open and free. Among them, we can name:

• dovecot
• postfix
• spamassassin (maybe, not sur to use it)
• tor
• tahoe-lafs or Ceph with BTRFS encryption
• EncFS with either XtreemFS or GlusterFS or anything like that
• puppet

Also, all the configurations will be open. Well, you won't get hand on the private keys for SSL certificates, of course. But all the other parts will be accessible. Here.

Community

If the entry points will be managed by a couple of people (@SwissTengu mostly), the design will allow people to help. Mostly for mail storage. Using decentralized filesystem, anyone wanting to give some giga to the project will be able to do so. We will provide a simple receipt allowing you to just apply it, and you're done.

Decentralization

Mail aren't good for decentralization. And it will most probably never be. But still, we do have ways to do some nice things:

Dovecot supports master-master replication. This allows us to build several entry-points for your pop/imap access; as well, building several entries for postfix isn't a problem. We will just get "some" DNS entries for the MX field ;).

As previously stated, the main decentralized part will be for the storage. Probably the most important part in fact: mails are growing, we send more and more stuff through it. Thus we need storage. Using decentralized filesystem, we will be able to provide an infinit-storage, provided you, the community, participate and provide some spare gigas.

Security

Probably the most interesting part. We want your communications to be encrypted. All of them. Even if you don't send them encrypted.

There are already hacks on postfix in order to encrypt emails — we will use them. Process will be simple: upon account creation, you might either provide a public key, or a new pair might be generated (locally, provided there actuall are efficient javascript libraries). We won't get hand on the private key. Ever. (Meaning: if you lose your key, well, you lose all your old emails… duh.)

Also, each node will be secured at the best possible. Running on closed environment, with no remote access. Updates will be followed closely (that's @SwissTengu job for years now).

Also, all communication between nodes will be encrypted.

Access to emails

Well, yes, this may be interesting for you as well ;).

Mostly, we will focus on imaps/pop3s/smpts services. This will allow you to use Outlook (with some PGP plugin), Thunderbird (with Enigmail), Mail (with GPGTools). We will also have a look at existing webmails in order to provide an access. But we're not really happy with that. For your private key will be available in some way from the browser. And this is bad. Really.

So, maybe, no webmail. We do not trust the html5 local storage thing. You shouldn't as well.

In short

We want to provide a really secure, strong, community managed service. As it will be fully open, anyone wanting to build his own infra will be able to do so.

Mails are important. Really. We write anything in them, we send them accross the Web. This project isn't just a "I had an idea this morning". We thought about it for months. It's time to get your privacy back, to get hand on probably the most valuable thing: your private communications.

Want to test the stuff?

Great, we need people for tests/validation/ideas!

Get Puppet and Docker

In order to get a reproducible environment, this is built using Docker and Puppet. This allows us to do really fast tests and validations.

Get sources

Clone this repository. As we're using submodules, you'll need to initialize them:

$ git clone https://github.com/EthACKdotOrg/fogmail
$ cd fogmail
$ git submodule init
$ git submodule update

Or update them:

$ git pull
$ git submodule init
$ git submodule update

Start a Docker

First, you need to build the base box:

$ ./build base

Once the base image is ready, you might build the introducer:

$ ./build introducer

Once the introducer is ready, run it:

$ ./run introducer

Get its IP, update the common.yaml file (in puppet/hiera directory), and build the two other boxes:

$ ./build storage
$ ./build mailserver

And run them:

$ ./run storage
$ ./run mailserver

Note: docker images will be flagged as follow:

• Repository: ethack
• Tag: introducer|storage|mailserver

Also, if you want to run "cleanDocker" script, ensure you don't have any of your images with "none" in its repository/tag… Else it will be dropped.

Contribute

Please feel free to contribute, using pull-requests.

Support

We accept Bitcoins: 1Ht3t5yqqN7bADWWFCvhFDLXc4niLM3Ttc

Contributions will most likely be redistributed to other opensource projects. Or use for some hosting. Or beers ;)