Setting up an anonymous email service using Tor provides a way to send and receive emails without revealing your identity or location. Tor routes your traffic through multiple encrypted nodes, ensuring privacy and anonymity. You can configure an anonymous email server by using Tor hidden services and a secure mail server like Postfix.
In this guide, we'll show you how to set up an anonymous email service on a VPS that leverages Tor for anonymity. This will involve setting up a Tor hidden service and configuring Postfix to send and receive emails over the Tor network.
Prerequisites
- A VPS running Ubuntu 20.04 or later (or any other Linux distribution).
- Root access or sudo privileges on the VPS.
- Basic knowledge of Linux command-line operations.
- Tor installed on the VPS.
- A domain name (e.g.,
example.com
) that you control, which will be used to send anonymous emails.
Step 1: Install and Configure Tor
Before we set up the mail server, we need to ensure Tor is properly installed and running.
1.1 Update Your System
Ensure your system is up-to-date:
1.2 Install Tor
Install Tor using the official Ubuntu package manager:
1.3 Enable and Start Tor
Enable and start the Tor service so it runs automatically on boot:
You can verify Tor is running by checking its status:
Step 2: Configure Tor Hidden Service for Email
To set up the anonymous email service, we need to configure Tor to host a hidden service for your email domain.
2.1 Edit Tor Configuration
The Tor configuration file is located at /etc/tor/torrc
. Open it for editing:
Scroll to the end of the file and add the following lines to configure the hidden service for email:
- HiddenServiceDir: This directory will store the Tor hidden service configuration and keys.
- HiddenServicePort: These lines forward the email-related ports (
25
,110
, and143
) from your Tor hidden service to the corresponding ports on your local machine (for SMTP, POP3, and IMAP).
2.2 Restart Tor
After saving the torrc
file, restart Tor to apply the changes:
2.3 Retrieve Your .onion Address
Now that your Tor hidden service is configured, you can retrieve the .onion address that Tor has generated for your email service:
This will output a .onion address like:
This is the Tor address you will use for your anonymous email service.
Step 3: Install and Configure Postfix
Next, we’ll install and configure Postfix, a popular mail transfer agent (MTA), to send and receive emails over Tor.
3.1 Install Postfix
Install Postfix using the following command:
During installation, you'll be prompted for configuration. Choose the "Internet Site" option, and when asked for your mail name, enter your custom domain name (e.g., example.com
).
3.2 Configure Postfix to Use Tor
To route Postfix traffic through the Tor network, we need to set up the Socks5 proxy configuration.
- Open the Postfix main configuration file:
- Add the following lines to configure the Socks5 proxy for Postfix:
This configuration routes Postfix traffic through the Tor network by specifying the 127.0.0.1:25 relay (the Tor-hidden service for SMTP).
3.3 Enable and Start Postfix
After configuring Postfix, restart the service to apply the changes:
Step 4: Set Up Your Domain’s DNS
To use your custom domain with the anonymous email service, you need to configure DNS records for email.
4.1 Set Up MX Records
In your DNS control panel (typically through your domain registrar), create an MX record to point to your .onion address.
This directs all email traffic for your domain to your Tor hidden service.
4.2 Add SPF, DKIM, and DMARC (Optional)
To ensure deliverability and to avoid emails being marked as spam, you should also set up SPF, DKIM, and DMARC records.
- SPF Record:
-
DKIM: Set up DKIM (DomainKeys Identified Mail) to sign outgoing emails with a cryptographic signature. You can use tools like OpenDKIM for this.
-
DMARC:
These configurations help ensure your emails are trusted and reduce the chances of them being flagged as spam.
Step 5: Test Your Anonymous Email Setup
After completing the setup, test your anonymous email service to ensure everything is working correctly.
-
Send an Email: Send a test email from your custom domain to a third-party email service (like Gmail) to ensure it's being delivered.
-
Receive an Email: Test receiving an email by sending one to your Tor-based email address and verifying it shows up in your inbox.
Step 6: Secure Your Server
To ensure the security and privacy of your email service:
-
Firewall: Ensure your VPS firewall is configured to allow only necessary ports (e.g., 80, 443 for HTTP/HTTPS, and email ports).
-
Update Regularly: Keep your system, Tor, and Postfix installation up-to-date with security patches.
-
Encrypt Storage: Consider encrypting your email server’s storage to prevent data leaks in the event of a compromise.
-
Use Strong Authentication: Consider using strong passwords and 2FA (two-factor authentication) for any web interfaces you use for managing the email service.
Conclusion
By following these steps, you have set up an anonymous email service using Tor, protecting both your privacy and the identity of your users. This solution ensures that email communication is only accessible via the Tor network, offering a high level of anonymity for both sending and receiving emails. Make sure to regularly update your system and apply additional security measures to keep your service safe and anonymous.