Host your own email with projectx/os and a Raspberry Pi

This open source project helps protect your data privacy and ownership with a low-cost server setup.
302 readers like this.
We don't make software for free, we make it for freedom

Opensource.com

There are plenty of reasons not to want to hand off the tasks of storing your data and running your services to third-party companies; privacy, ownership, and avoiding abusive "monetization" are some of the top ones. But for most people, the task of running a server is just too time-consuming and requires too much-specialized knowledge. Instead, we compromise. We put aside our worries and just use cloud-hosted corporate services, with all the advertising, data mining and selling, and everything else that comes with them.

This project aims to eliminate that compromise: projectx/os makes hosting services at home cheap and nearly as easy as creating a Gmail account. All you need is a $35 Raspberry Pi 3 and a Debian-derived OS image—and very little technical knowledge. There are only four steps:

  1. Unzip a ZIP file onto a Secure Digital memory card.
  2. Edit a text file on the SD card with your WiFi password (if you're not using wired Ethernet).
  3. Place the SD card into the slot on the Raspberry Pi 3.
  4. Use your smartphone to choose a subdomain and install the "email server" app on the Raspberry Pi 3.

Server applications (such as email servers) are broken into multiple containers, which can only communicate with the outside world and each other in declaratively specified ways, using fine-grained isolation to improve security. For example, incoming SMTP, SpamAssassin (anti-spam platform), Dovecot (secure IMAP server), and webmail are all separate containers that can't see each other's data, so compromising an individual daemon does not compromise the others.

In addition, stateless containers, such as SpamAssassin and incoming SMTP, can be torn down and recreated after each incoming email, so even if someone finds a bug and exploits it, they can't access previous emails or subsequent emails; they can only access their own exploit email. Fortunately, the services that are most exposed to attack are the easiest to run isolated and stateless.

All storage is encrypted using dm-crypt. Non-public services, such as Dovecot (IMAP) or webmail, listen on a private, encrypted overlay network provided by ZeroTier One, so only your devices (phones, laptops, tablets, etc.) can access them.

While emails aren't encrypted end-to-end (unless you use PGP), the unencrypted email never crosses a network and is never stored on disk. It is present in plaintext only on the two parties' private mail servers, which are secured in their homes and on their clients (phones, laptops, etc.).

One other advantage is that personal devices secured with a passcode (not a fingerprint or other biometrics) and devices in your home receive far stronger Fourth Amendment legal protections in the United States than data on a server in a third-party data center owned by a company that wants to avoid downtime or be seen as uncooperative. Of course, if you email with a Gmail user, for example, Google still gets a copy.

Going forward

Email is the first application I've packaged with projectx/os. Imagine an app store full of server software, packaged up for ease of installation and use. Want a blog? Add a WordPress app! Secure Dropbox replacement? Add a Seafile app or a Syncthing backend app. IPFS node? Mastodon instance? GitLab server? Various home automation/IoT backend services? There are tons of great open source server software that is as easy to install and use as the proprietary cloud services they replace.


Nolan Leake will be presenting A cloud in every home: Host servers at home with 0 sysadmin skills at the Southern California Linux Expo in Pasadena, March 8-11. To attend and get 50% of your ticket, register using promo code OSDC.

User profile image.
Nolan has been a Linux user since 1995. Nolan loves systems software, hardware and high-power rocketry. In a previous life, he co-founded Cumulus Networks, that built a Debian-derived Network Operating System for data-center switches that powers some of the biggest clouds in the world.

8 Comments

In your article, you were mentioning about a ZIP image file to download and put on an SD card. Where can I find this file ? I looked at the link of the projectx/os but I find files for what seems to be the build files. Would you have the link for this ZIP file? Although I'm comfortable with Linux, if I can avoid recompiling and rebuilding the image, this would be great.

Thanks :-)

I should have been a bit more clear. I would call the project alpha level at the moment, so we aren't building images just yet.

If you'd (or anyone else reading this) would like, I can email you when we have something approximating beta quality and are building images. Send me an email at prjx@sigbus.net if you're interested.

If you do decide to build an image yourself, please let me know how it goes, and if I can help.

- nolan

Hi! Can you please add some more details to #4 'Use your smartphone to choose a subdomain' ? Do I need to install an app on my WIndows phone? Do I need to purchase a domain name (GoDaddy??)
Thanks,
Tom.

I should have been more clear about the current state of the project. Right now, account creation is hard-coded in the source tree, because I didn't have time to get UI in place for it before my presentation at SCALEx16 on Saturday.

The first UI to be in place will be a web UI, which you can access from a mobile or desktop browser. Eventually I plan to build real mobile apps.

You can buy a domain name, and use that, but to make for a cheaper/easier on-ramp, you can also use a subdomain off of one of my domains.

In reply to by Tom W (not verified)

How does this handle or get around having a home dynamic DNS and an ISP blocking common SMTP/mail ports?

Dynamic IP address DNS is handled with the usual Dyn DNS techniques. Currently I'm wired up to a 3rd party DynDNS service, but I will be implementing my own soon, to reduce the number of accounts you have to create/manage.

Most ISPs block outgoing port 25, but relatively few block incoming, so receiving mail is rarely a problem.

For outgoing mail, right now if the port is blocked you're out of luck, but I am working on a proxy that will preserve TLS encryption from SMTP server to SMTP server. The proxy will not see the plaintext SMTP session, only the TLS encrypted stream.

For the smaller number of folks whose ISPs block incoming port 25, I think I can do a similar proxy that demultiplexes for multiple SMTP servers using a single IP address, by relying on the "EHLO" string that comes before TLS encryption is begins. This may also help people stuck behind CGNAT.

In reply to by OliverS

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.