Installing Modoboa, Let’s Encrypt & Ubuntu 16.04

Over the past month or so I’ve been trying out running my own email server. This has come about due to warnings from Mailchimp giving warnings about our newsletter emails potentially being marked as spam because we used a Gmail account and they could not verify the domain or identity of our email address. Thus the desire to try one of these self-hosted solutions that I could potentially use for friends and family needing email. Obviously I could have gone with a hosted solution and just setup my DNS per Mailchimps requirements, but what is the fun of that.

My first choice was using mailinabox.email which runs well and is fairly easy to setup.  It consists of Postfix, Dovecot, Z-Push, Roundcube, ownCloud, Spamassassin, PostgreyNginx and runs on Ubuntu 14.04. I opted to run this on Digital Ocean. The server handles all DNS for the domain you specify as the root domain to handle your email. It allows you to also setup many domains on the server with unlimited users, issuing of Let’s Encrypt certificates, etc. For me a couple of things were lacking in regards to user management. Mailinabox website recommended two other platforms that had a little more advanced feature set so I checked them both out. I chose Modoboa I honestly liked the admin and user interface and management a little bit better as well as the statistics for traffic and spam.

Read more

Protonmail and 1Password

I was an earlier adopter of Protonmail and have had my account maybe for a year or so now.  Protonmail is a swiss based email provider that offers true secure email through your web browser (and mobile app). This email service lets you send encrypted emails and attachments to others on other email systems like Gmail, yahoo, etc. They are a little slow in releasing new features but are methodical in their development and provide a solid product. They have started offering some great tools like custom domain names and iOS and Android Apps, and providing additional storage and a great user interface.

A good friend of mine always says security and convenience are always in tension – it is very difficult to have both. We must evaluate the level of security needed in relation to the ease of use which is often diminished.  Protonmail would likely be troublesome for some as they requires two (2) passwords. One for account login and one to decrypt your mailbox. This means you should use two unique passwords that you don’t use for any other website logins…right?

Read more

Secure Email vs. Encrypted Email

I often find there is always this misunderstanding when it comes to the security of email. The term, secure email, is often over used and often mistaken for something it’s not. Many email services use this as a selling point, and don’t really explain what it really means.

To use some simple analogies, I hope to show you that secure email really isn’t secure. Email was never really designed for secure communications between sender and receiver and the technology behind it doesn’t really support the protocols to make it secure either. In recent years, email providers have taken steps to help improve security, but it has created a false sense of security for its users.

Read more