[Freedombox-discuss] Idea for cross freedombox email system not leaking metadata
I got this idea for how to set up a system to exchange emails between
freedobox boxes without having to develop much ourself. Is this
already done by someone else? Anyone here know enough about the
involved systems to make a proof of concept quickly?
The idea is based on the fact that a Tor hidden service is just a
process listening on some port somewhere, and the fact that exim can
be told to use any transport to send email. If we set up exim to send
all addresses of a given format (say
<user>@<hidden-service-id>.freedomboxmail or similar) via a transport
delivering the mail via SMTP over Tor to the address given in
<hidden-service-id>, and set up SMTP on each freedombox to listen as a
Tor hidden service. This would allow emails to be injected into the
freedombox using normal mail clients (to the local SMTP port), and
forwarded via Tor to any online freedombox without leaking metadata
about the mail exchange to anyone listening on the network segments
betwheen the freedombox machines.
For additional protection against spammers, one can add a check in
exim to require all email to be GPG encrypted, or perhaps only accept
GPG signed emails. But that is mostly to reduce the amount of
unwanted email, and not to be able to send email without leaking
metadata to prying eyes.
What do the rest of you thing about this idea? Possible to implemnt?
Something to put in the FreedomBox?