Desperately Seeking Secure and Reliable Email?

mkcmkc asks: "I've recently switched to my local monopoly (ugh) provider of high-speed Internet access, and discovered that their email reliability is about as good as my previous ISP's--i.e., -not good enough-. Who provides the kind of email drop that Slashdotters would drool over? I want: secure access (SSH+POP, or something as good), drop dead reliability (meaning a setup designed and administered by a sharp crew that really cares), timely status reports on outages, a shell account (accessible via SSH), an organization that has respect for the principles of privacy and liberty, and that will at least consider not just rolling over at the first subpoena (if not before). I'd certainly pay several hundred bucks a year for quality. Any suggestions?"

DIY

[Greg+W.]

Do it yourself. Get a static IP, a reliable Unix installation and a UPS. Host your own mail. You'll have your own mail, domain name, ssh access, shell account, you name it.

Re:DIY

[Chiasmus_]

And if you don't know anything about security, you'll become a prime target for skript-kiddies who want to use your box to send mail bombs to other skript-kiddies!!

Re:DIY

[ignorant_newbie]

yep. this is exactly what i do. as long as you can rely on your connection (avoid pacbell/southwestern bell like the plague, they don't like to do static ip) it's much nicer. you get as much security as you want, and it's very satisfying to have easy access to /dev/null :)

Re:DIY

[vsync64]

This is what I do, and I'm planning to give free shells to friends I know. You might consider doing something similar: get together with some friends of yours, hook a box up with DSL or possibly stick it in co-lo, and you now have your very own mail provider.

Re:DIY

[Bob+McCown]

As a follow-up to this, what would I need as far as software to do this myself? Where can I get the info, actually (teach me to fish, dont give me a flounder)

-=Bob

Re:DIY

[osjedi]

Just about all of us in our local LUG do this. You get a static ip, register a domain (it's cheap and easy), and you're up and running. Because you are running Linux or BSD or another real OS you can easily run your own servers for mail, http, ftp, IRCII, SSH, DNS, Quake, or whatever. You can even set up mail accounts for friends and family, or whatever you want. You have total freedom. You're no longer just connected to the Internet, you are part of it.

Re:DIY

[slickwillie]

Then use OpenBSD.

Re:DIY

[swifticus]

this is a very good idea. i started a mail/telnet/ssh server for my own use (mostly to play nethack), and it's reliable and fun. think 486 + linux, and you'll have a server; it's cheaper than several hundred a year by far.

Re:DIY

[VValdo]

turn off relaying.
-------------------

Re:DIY

[michellem]

The basic software you need generally comes standard with any Linux distribution. You can find pretty much any other software you need (like ssh) either in binary form or source form on sites like freshmeat or the site that your distribution is from, like RedHat or Debian for example.

Documentation for this stuff is all over the net - try the Linux Documentation Project for a start. A good site for Linux newbies is LinuxNewbie.org

I think it would be far easier to implement this using a linux (or unix) solution than with WindowsNT/2000. All the basic funstionality for an internet server (e-mail, web, basic network stuff, firewall) is standard in most distros.

Re:DIY

[ignorant_newbie]

pick the free unix of your choice, it will come with everything you need. read lots about securing it, if you get a linux. elsewise, if you get *bsd, make sure your hardware is supported. configure sendmail (you _need_ a domain name for this... smtp doesn't work with ip's ) have fun

Re:DIY

[casret]

My set up: postfix as the MTA. Courier IMAP to provide IMAP. I actually tunnel my IMAP connection over an href="http://www.openssh.com">OpenSSH connection, but courier IMAP supports SSL as well. The guy that writes Courier, also writes SqWebMail,(webmail) and maildrop(pleasent alternative to procmail) which I have found to be useful. FWIW I use mutt as my mail client.

Re:DIY

[Alan]

Ok
- get yourself a linux/*bsd/*nix box. Set it up.
If you don't know how, get your local geek to help you. Paymet is normally accepted in pizza and/or coke.
- software needed: openssh (for ssh/scp), sslwrap, apache+mod_ssl + a webmail client setup (if you want to set up webmail), qpopper (for pop3) smail/qmail/exim for smtp. A client like mutt/pine/elm. GPG or PGP (if you like text based clients mutt integrates very nicely with GPG/PGP) for signing.
- get cable/dsl and set it up so that you have a static IP (even though cable/dsl uses dhcp you can generally hardcode your IP).
- hook up your new *nix box to the dsl :)
- register a domain. Beg borrow or steal a dns server to use as the primary (gandi.net offers free dns hosting I think when you reg a domain).
- set up the dns records properly (your geek or a search on the net will give you some set ups so that your mail gets to your domain)

Then (theoretically) you have all that's needed! This is pretty much what I did, and it works great!

Re:DIY

[Jordan+Block]

I strongly recoment one of the the BSD OSes for this task, particularly FreeBSD or OpenBSD, they're very secure, and very fast. Linux is not as secure out of the box, and will take a bit of doing to make it secure.

Re:DIY

[snubber1]

What if you are connected to one of the many notoriously unreliable high-speed providers. Often times you can have outages ranging from a few minutes to weeks without notice. It cost money to not have outages.

Re:DIY

Doing it yourself sounds like a good idea - at first. It helps some of the human concerns: the privacy policy, your amount of access to the machine, etc. But running a single machine isn't a good idea at all in this situation, for the following reasons:

• It won't get you the reliability you want. You just can't get absolute reliability from one machine, no matter how well it's administered. Read my other post for my idea of good reliability.
• It could also be prohibitively expensive. I've looked at colocation costs...they are $70-$120 for the basic one-machine, one-IP deal. If you want more bandwidth, addresses, rack space, etc, the prices go up. Having someone else just provide you mail is a lot cheaper.
• It requires a lot of knowledge and work. You have to be on the security mailing lists to see if there are any new exploits out, etc. It's not easy to maintain a server with the kind of security he wants.

Running a single machine isn't enough. To do the job right, you have to have more than one machine. You have to have a few different machines and they can't all be in the same place, rely on the same power, or rely on the same network connection. To be really reliable, they should have someone always physically nearby to fix problems. You can accomplish this yourself (I'm well on my way toward doing so) but it's not as simple as throwing Linux on a box and throwing a DSL link at it. ISP services really are worth it.

Get your own domain and to be the administrative & billing contacts. This way, if you switch ISPs, you keep the same email address. You have final control. Most people have to change email addresses when they move, switch local ISPs (modem->cable, for example), switch employers, etc. If you don't tie yourself to a specific ISP, you don't have to. Never use an address tied to a specific ISP if you're concerned about reliability.

Re:DIY

[Fist+Prost]

That's what I use, I have a DHCP address, and that, combined with a yi.org account, and a script that updates my IP every once in a while...I haven't had any problems at all. Hell, if you're only doing email a 486 or low pentium would probably be sufficient.

Fist Prost

"We're talking about a planet of helpdesks."

Re:DIY

[srichman]

Ug!!! Did you folks read the original question? "Drop dead reliability" was requested.

If any of you claims to be able to offer "drop dead reliability" in a DIY mail setup, you're lying. What happens when your power goes out? UPS? What happens when your power goes out for a day and a half? What happens when your hard drive crashes and you lose every email you've received in the last year? What happens when your house burns down?

Highly reliable data centers, like those that handle email for large national ISPs, often cost millions of dollars, are redundantly connected to multiple backbone providers, are protected against fire, are redundantly connected to multiple independent power grids, etc.

I would never choose my home computer to be the single point of failure/destruction for all my email. Give me MSN Hotmail over that any day.

Re:DIY

[JWhitlock]

Excellent - you said everything I wanted to say, and more. But why did you post as an AC? None of the moderators will lay eyes on it, and the "DIY" message will end up being a +5, while this one sticks around 0.

Re:DIY

[ahknight]

Exactly. One such provider has

• 6 backbone connections
• UPS/generator backups
• Controlled environment colocation (inc. humidity)

Their DSL offering ALLOWS SERVERS if you DO want a DIY offering. No portscans and no policies against it. I use 'em right now for my own mail server. If you're in Texas, that's Jump.Net.

And they have a 100% uptime guarantee...
--

Re:DIY

Whatever MTA you choose, try to make it identify itself as something else -- at least a different version of itself if nothing else. Let attackers try bugs for the wrong program...

Re:DIY

[dattaway]

I have used yi.org for several months when I started using cable modem in this area found the yi.org domain hosting service to be most reliable. Unfortunately, the cable modem service was'nt an any respect.

My old ISP eager to get my business back, offered me my old static IP and fixed up my dns MX records so mail gets routed to my home box. If my home computer is ever down for any reason, my virtually hosted account at the ISP gets the mail instead. I could say I have redundant mail servers.

As an added bonus of having the mailserver on my own computer, I can block any spam network for good immediately and for good. Since the IP address is logged, I just ipchain the whole class-c network of the problem site. That puts an end to spam nonsense quick. To the spammer, my site appears to be down. I now get about one spam a week, compared to dozens a day.

Re:DIY

I just ipchain the whole class-c network of the problem site. That puts an end to spam nonsense quick. To the spammer, my site appears to be down.

Yeah, none of this REJECT stuff. DENY them and just quietly discard their packets. Be sure to send lots of "unsusbscribe me" emails back to them first, and then firewall them. If they remove you fine. If they treat your mail as proof the address exists and spam you more, then unsent mail piles up in their mail queues. And it's their own fault. Woo hoo!

Re:DIY

[rpseguin]

> Highly reliable data centers, like those that
> handle email for large national ISPs,
> often cost millions of dollars, are redundantly
> connected to multiple backbone
> providers, are protected against fire, are
> redundantly connected to multiple
> independent power grids, etc.

And still they seem to find ways of going down and being unreliable...

-Ralph

Re:DIY

[srichman]

The ISP may be down, the IMAP server map be down, but I doubt mail is getting lost. How many yahoo mail messages have you lost, Ralph?

Re:DIY

[spRed]

The primary problem, IMO, is uptime on your network connection. I have mediaone and get regular outages. Sometimes the connection gets flaky for an hour, sometimes it is hosed for half an hour.

Yes, you couldn't get to your uber ISP during this same period either, but at least the mail wouldn't bounce and have to be resent, (which might not happen for hours) arriving long after it was supposed to be delivered.

DIY doesn't work unless you have connections to multiple backbones & redundant power. If you do you might as well start your own ISP.

-spRed

Re:DIY

DHCP does not secure anything. All DHCP means is that it is easy for your ISP to change your IP address. This is an administrative convenience, nothing more.

It is possible to have a static IP address through DHCP. Look at the dhcpd.conf manual page if you don't believe me. I run a house's internal network this way. You get the advantages of having a static IP and the advantage of a computer just knowing its IP address when it boots. Very nice. Your ISP can switch your IP address around quite often,through DHCP. But they don't have to.

Even if your IP address changes often, you are no more secure. All someone needs to do is find your box once. Script kiddies can portscan it (and they routinely scan insanely large blocks of addresses...if you don't believe me, log all incoming TCP SYN packets). Once a vulnerability is found, it does not take long to use it, especially from a canned exploit. Once your system is cracked once, they own it forever, unless you do a really thorough job of scanning all your binaries, comparing their checksums to known ones (or just reinstall altogether). They can make it automatically send packets to them when your IP changes, telling them what it is.

DHCP as security is a common misconception...and DSL/cable providers promote it, since it makes it seem that they give you security. It's just not true...

Re:DIY

[Leghorn]

That's what I did, and I'll never go back.

Re:DIY

[micahjd]

Never use an address tied to a specific ISP if you're concerned about reliability.

Definitely. For the longest time I had my e-mail on my own DNS, (homesoftware.com) but since I'm trying to get rid of that domain name and the expensive hosting, I turned to a more flexible alternative.

I like Sourceforge a lot (they host all my projects now, which is why I no longer need my old domain) so my 'primary' email address nowadays is the forwarder they give me. Any suitable forwarder will work, but my point is if you're planning on changing services soon, use a forwarder.

Right now the "back end" to my email is just a free webmail service that supports POP3. Whenever I get DSL though, it will be even better.

I don't see the point of getting rack space when there are so many things you can host with an old 486 or pentium and a broadband connection. Heck, I host webmail (not the delivery, just the frontend) http, https, and SSH though my 56K modem and a dynamic DNS from yi.org!
Equipment, software, and DNS: Free
Internet connection: $20 / month

Re:DIY

[Osty]

(Note: Emphases added by me)

- get cable/dsl and set it up so that you have a static IP (even though cable/dsl uses dhcp you can generally hardcode your IP).

Using a cable connection for running a server is generally a Bad Idea (tm), considering

1. you typically must use DHCP, which means you won't have a static IP (no matter how satic that IP appears, it can go away quite easily at any time), and thus makes it hard to handle DNS for your domain and point it to an IP, and
2. Most cable providers restrict the running of services on their networks, unless you upgrade to a business plan. You certainly don't want your mail server to disappear some day simply because the administration caught on that you were Breaking their AUP.

- register a domain. Beg borrow or steal a dns server to use as the primary (gandi.net offers free dns hosting I think when you reg a domain).

Okay, now that's just plain wrong. You don't own the IP you're using -- your ISP does. Therefore, it's theirs to do with as they please, not yours. That means pointing domains to that IP, among other things. As well, you won't be able to do reverse DNS for your IP pointing to your domain unless you have your ISP's blessing. Try talking to your ISP before you go and do something silly like registering a domain to an IP owned by them. I think you'll find that 90% of all ISPs are quite willing to help out, and will typically even offer DNS services for free.

Please, people, try thinking before you follow advice like this.

Re:DIY

[adolf]

By making some deals with my ISP in exchange for various services, I'm able to park boxes at justabout any of their facilities. The following may not apply to anyone else, but It Works For Me.

What happens when your power goes out? [...]

When the power goes out for longer than the UPS can stay up (45 minutes), another box handles incoming mail. This box is some distance away (~35 miles), and has completely different (not just seperate) connectivity. This is stupid-easy to do, given multiple hosts and access to your own DNS records. Additionally, many people are willing to trade secondary MX entries for mutual benefit in the event of a failure of some sort at either end.

When a hard drive crashes, a DAT backup will restore the system.

When a building burns down, the tape that was thoughtfully stored off-site weekly is brought in. Note, that if your HOUSE burns down, email will be the least of your concerns.

When the backup machine goes up in flames at the same time as the primary, I'll have to punt, which is fine - how many layers of redundancy might a "large national ISP" have, anyway?

Machines break. All you can do is slap another diverse failover system in, and hope that it doesn't break at the same time the primary system does.

Re:DIY

[Cyb3r]

my ISP is a real ass.... i asked them and wanted me to pay 500$ a month for a 1Mbit connection both ways... its a small server... I run like sendmail for around 5 people... and HTTP just for the fun of it!!! I use a friends of mine DNS server... so my IP adresse is not reversed... And I pay every month for this IP adresse to!

Re:DIY

[pete-classic]

Read to the end for the "real" answer.

As I understand it, we are talking about a small number of users (1).

A single system behind DSL is an AMPLE solution.

Why? Two reasons.

1. It "looks" like his mail server is up 100% of the time that he could tell if his ISP is up or not. (In other words, if his mail server is off the net, he must be too, so what is the difference? (In other, other words, his connection is the limiting factor anyway.)

2. Internet mail is VERY fault tolerant. An HOUR OR THREE of downtime is no biggie for a mailserver in terms of receiving mail.

I know what I am talking about, I ran my own behind a 56k modem for six months and it worked flawlessly.

Anyway, if you want an easy, secure, reliable way of doing it, just get a cheap domain or web hosing account (which is really determined by what you want besides mail, and how much control you want) and park your own domain on it.

Oh, and you are definitely going to want to run SquirrelMail on it. Check it out.

No, first spend two or three days (each) trying to get the some of the "other" webmail programs working, then check it out.

Re:DIY

[toast0]

you know...
if your isp does backup mx for you, the spammers will send mail to you there if it doesn't get to you directly

Re:DIY

[nsushkin]

A useful advice:

Get an easily configurable DNS service as in register.com or easydns.com. This way you can easily flip your domain name to a different ip address. If you register your domain at register.com or easydns.com, they will resolve your name to your IP address for free. Network Solutions will force you to use your DSL ISP for DNS. It could be hard to convince your ISP to resolve your DNS name if you're on a cheap service plan.

Also, easydns provides a backup MX, and they will even store your mail for something like 5 days if your primary MX is down. It's a very good idea if you're your own MX and your DSL connection tends to go down once in a while. Easydns also provides dynamic dns services, but I don't know if it works well if you're your own MX. Concentric web hosting cnchost.com and others usually provide good uptime and a few or unlimited number of POP boxes and even shell access. However, they rarely provide IMAP or SSH. Nick.

Re:DIY

[kernelistic]

Ok, I'm trolling, sue me.

Recipe 1:
Ingredients:

- 2 Dual PIII-800s with 72 gig 10k RPM SCSI-3 disks and 256MB of RAM each.
- A T1.
- A 100BaseTX switch.
- FreeBSD.
- 2 hours of your time.

Mix and stir...

Recipe 2:
Ingredients:

- A shaggyass 386 with a 80 meg MFM disk, 24 megs of RAM.
- Cable or xDSL(A or S works).
- Linux 2.2 with ipchains.
- A 10BaseT hub. - Steal, barter, extort, obtain, get, acquire, buy, seize or rent DNS.
- A few hours to burn.

Mix, brew, hack and secure.

Re:DIY

[matman]

Sorry, but openBSD doesnt magically fix all security holes in all software. If you install an MTA or something that openBSD team hasnt audited, then you're in the same boat as everyone else. Even if they have audited it, there's no proof that it doesnt contain ANY undiscovered holes. Then there's ip spoofing and trust based attacks, civil engineering, insider attacks, privacy based attacks, etc etc. Remember that nothing fixes everything - and there's no such thing as a totally secure system (ie anything that you can be sure that only you control TOTALLY).

Re:DIY

[TGR]

er. sendmail is notorious for having exploits. don't use it.

Re:DIY

[TGR]

(1) sendmail is notorious for exploits. I'd say avoid. postfix or qmail would be a much safer bet.

(2) qpopper has a few exploits against it... that makes ME think it isn't safe enough.

(3) don't hardcode your IP. you will give yourself (and your ISP) a headache when that IP is assigned to someone else, just like some other (don't remember who it was, offhand, but he replied to your post)... and an ISP that gets a headache because of a user == an unhappy ISP :)

Re:DIY

[TGR]

sendmail? a win2k-based server? *cough* recipe for disaster, both of'em.

Re:DIY

[cadfael]

If you can get an IP address where you are at. Here, unless you are willing to sell your firstborn and your right arm, you can get an IP address. If you want to run servers behind it, a couple of fingers on the left arm are required as well.
-- The Hollow Man

Re:DIY

[zrgn]

You mean Windows 2000 Advanced Crasher....

Re:DIY

[c0sm0]

hey...........I was gonna say that!

Re:DIY

[stab]

Or use just use qmail, and let the world know you are using a secure MTA :-)

Re:DIY

[Bryan+Andersen]

OpenBSD may not magically fix all holes, but it does provide a very nice secure starting point. Even though OpenBSD is very secure right out of the box I still wouldn't drop it directly on the net. I'd have a firewall between it and the net. Both my OpenBSD boxes that are on the net live behind a firewall. I wouldn't do it any other way.

Re:DIY

[JacobO]

If you live in Wellington, New Zealand. I highly recommend Telstra-Saturn's Cable modem service using Paradise as the ISP. The performance is great, in the year I've had the service, there has been no downtime I'm aware of. The real clincher is that they give you a static IP and have no problems with you running services on your system, or running masq/NAT. They are even Linux friendly. Although it is unsupported, the installation guy was happy to just give me the information I needed and go.

Re:DIY

[Stephen+Samuel]

I've got a system that's completely secure. Ain't no hackers getting into this one.. and it was SOOOOO easy!

Firewall??? WHO NEEDS IT? I've got 140feet of water!

It's sitting at the bottom of the Georgia Straight. in the trunk of (what used to be) my car.

Stinkin' ferry corp....
`ø,,ø`ø,,ø!

Re:DIY

[ncc74656]

Using a cable connection for running a server is generally a Bad Idea (tm), considering

1. you typically must use DHCP, which means you won't have a static IP (no matter how satic that IP appears, it can go away quite easily at any time), and thus makes it hard to handle DNS for your domain and point it to an IP, and
2. Most cable providers restrict the running of services on their networks, unless you upgrade to a business plan. You certainly don't want your mail server to disappear some day simply because the administration caught on that you were Breaking their AUP.

For the first problem, dyndns.org handles that pretty nicely. You can even set up a backup MX as part of your record so your mail gets routed elsewhere if your server goes tango-uniform. Changes get propagated through quickly on the dynamic service (static IP changes take longer).

As for the second problem, Cox has been pretty cool about it. There's nothing that says you can't run a server, and since your connection is rate-limited to whatever you bought (I pay $40/month for 512 kbps downstream/128 kbps upstream), they don't have to worry too much about k1dd13z setting up warez/pr0n sites and bogging down their network. I still use their SMTP server for outbound mail, but inbound mail goes straight to the K6-2 box in my coat^H^H^H^Hserver closet. (Reverse DNS still looks something like dhcp085.18.lvcm.com, but that hasn't been a problem for anything that I can recall.) I suppose Cox isn't like most cable-modem providers...don't know what they're like in other markets, let alone what other companies are like (they bought the system here in Las Vegas when they bought the local cable company), so YMMV.

Re:DIY

[rhino777]

it. ISP services really are worth it.

Yeahhhhhh, I'm going to have to ask you to move your desk as far back to the wall as possible....yeahhhhhhh.....
rhino

Re:DIY

[jbarnett]

If you don't know how, get your local geek to help you. Paymet is normally accepted in pizza and/or coke.

Most geeks I know shy away from hard drugs. Pizza and jolt are almost always accpeted though.

Re:DIY

[robocord]

I disagree completely about running your own mail server. Most cable/DSL connections are hopelessly lame as far as reliability is concerned. On top of that, you will almost always be directly in violation of the ISP's terms of service agreement and thus liable to lose your connectivity without notice.

On top of all that, then you have to start worrying about crackers, backups, bounced e-mail, keeping up on patches, and all sorts of other crap.

I had an idiot friend who thought he'd run a domain for us on his host connected to a cable modem. It was about 90% reliable (which all of us in the industry know is unacceptable), mostly due to his lame attempts at being a security wonk. To make matters worse, the moron posted on the usenet security lists quite a lot, thus throwing down the gauntlet to every script kiddie in the world.

Running your own server is to a Linux user what writing your own text editor is to a programmer...it's something that seems like a great idea and something that everybody has to try at least once. After that, you can move on to something useful and more enjoyable.

Re:DIY

[envisionary]

Gahhhh, what are you thinking..... I can easily get FreeBSD 3.5-Stable loaded and setup to do NAT & Firewall with about 200mb of diskspace on a 486/25.

But what's really interesting is the picoBSD project which can do all this AND fit on a single floppy. So you can keep your MFM disk to pull apart and make frisbees/rearview mirror decorations/ or whatever else fancies your imagination. And it will run on a 386...

Re:DIY

[dattaway]

if your isp does backup mx for you, the spammers will send mail to you there if it doesn't get to you directly

That's the sad part. On the box virtually hosted at the isp, I have mail forwarded to a nonexistant bit bucket /dev/spamtrap. If I plan to take my computer down, say try out a new kernel, or if there are phone line problems, etc., I'll disable the forwarding. At that moment in time, I am guaranteed to see the landslide of spams come rolling in. It is then I know how well ipchains DENY really works.

The best way to deal with spammers is to take them all out back and...

Re:DIY

[Syberghost]

It won't get you the reliability you want. You just can't get absolute reliability from one machine, no matter how well it's administered.

Yes, but if the goal is to always have access to your mail, and you're accessing it from the machine that's hosting it, then any time that machine is down you wouldn't be accessing it anyway. :-)

-

Re:DIY

[cyways]

All my mail servers use the Obtuse smtpd proxy to listen on port 25. The proxy runs as an unprivileged user (usually uucp) in a secure chroot jail. A daemon process collects mail from the secure directory and hands it to sendmail for delivery. The Obtuse proxy has a number of other nice features like a rules to prohibit relaying, block spammers, etc. It can also use the RBL and ORBS for more robust spam blocking if you like.

Re:DIY

[boedicker]

> undiscovered holes. Then there's ip spoofing and
> trust based attacks, civil engineering, inside
> attacks, privacy based attacks, etc etc.

yeah those civil engineering attacks are heinous. why just the other day some script kiddies built a subway tunnel with a terminal right in my machine room! i was owned!

Re:DIY

[Chiasmus_]

No - he honestly expects that a team of civil engineers will come to his house and dynamite a canal through his kitchen.

Then evil crackers can enter and access his hardware directly through the hole in the wall.

Re:DIY

[DaRelliK]

Wow....some people are really worried about email. Have man of you forgotten what mail servers commonly do (yes, many do actually do this!) if they can't reach a mail box the first few tries? Most will try for up to FOUR DAYS before it gives up on the message. If your that worried about your email messages why are you even reading them at home let alone storing them on your ISPs server anyway? Download your mail and write it to DAT tapes, burn cds, etc... If your really into it go pay a grand or so a month to have a computer (or two since you want a backup) in a verio, uunet, etc. server rack with those kind of "drop dead reliability" standards. For the normal people out there...storing your email on a home server usually isn't a problem. I've personally have had a private mail server for several years on the same laptop (it has a 6hour battery back up is why I used a laptop for your interested people...) without problems. It can be done and it works fine for normal people out there. Drop me an email if you want help setting up something like that. At the very least I'll point you in the right direction.

Re:DIY

[matman]

oops hehe. I meant social :)

Re:DIY

[kernelistic]

That wasn't exactly the contrast that I was going for. The high-end and the low-end was what I was trying to portray.

On your comment, I somehow doubt that your hard-diskless floppy-booted BSD would make that great of a mailserver... Would you trust your /var/mail directory to a RAMdisk? I send 2 meg emails more often than I like to admit. :)

definition of security

[SideouT]

It would reallly depend on what you are trying to be secure from...

Speakeasy?

[dbretton]

I think speakeasy.net might provide this...
DSL provider. They come highly regarded on dslreports.com

-Dennis

Re:Speakeasy?

[mighty+jebus]

i have them. they are good.

Re:Speakeasy?

[BlowCat]

I hate to post comments like "me too" but in this case I have to.

Speakeasy.org rules.

They even have finger:

finger proski@speakeasy.org

Re:Speakeasy?

[MicroBerto]

doesn't finger sometimes have security holes? Just wondering..

Mike Roberto
- GAIM: MicroBerto

Re:Speakeasy?

[mrsam]

Anything can have a security hole. That doesn't mean anything.

---

Re:Speakeasy?

[BillWhite]

I use Speakeasy. They are a dream to work with. They are tremendously reliable, whenever they have any kind of a service interruption I get (bulk) email from the president of the company apologizing, and explaining in great detail exactly what happened, and what steps they are taking to keep it from happening. I have never had a significant service interruption. They also have the best technical support staff around. I have had only one occasion to ask them, but they were able to trace my line to the last router right from their desk. (The problem was my misconfiguration.) Finally, they give me 4 static IPs and let me host whatever I want except for the reverse DNS domains. They will let me specify what values the reverse DNS mappings should have, but they want to control them themselves.

All in all I am very happy with Speakeasy, and would recommend them to anybody.

Re:Speakeasy?

[Rudolfo]

I'll add a thumbs-up to Speakeasy. I no longer use them for DSL (not due to any problems with them), but I maintain a $10 a month shell account which has ssh access (and I still use pine for my personal email). You can access your email through the web, too.
===

Hotmail.com

I hear hotmail.com is very secure and also extremely reliable.

Re:Hotmail.com

[Hasues]

Requirements aren't met:

SSH access, and I assume POP that you don't have to pay for among the few.

Haues

Re:Hotmail.com

[PnkPanthr]

Very reliable... except when they forget to renew their domains... ;)

Re:Hotmail.com

[jedstr]

Thank you to whomever posted this remark. It really brightened what otherwise would have been another dull day. I am still laughing... :-)

Re:Hotmail.com

[TGR]

this comment cracks me up just as much as people saying "sendmail is secure now... honest!", only to have a root exploit the next day.

granted, the last time THAT happened, it was a local root exploit, but it still makes me chuckle.

Re:Hotmail.com

[XtAt]

My Hotmail Sucks Page

Speakeasy

[lennon]

I think dsl from speakeasy.net is exactly what you want. You can get ssh, they will not allow Carnivore, they warn about outages.

Re:Speakeasy

[MikeTheYak]

And what, exactly, would they do if confronted by an FBI agent with a Carnivore system in one hand and a court order in the other?

Re:Speakeasy

[lennon]

I meant to say "no plans for Carnivore". I was misquoting this page.

Based on Speakeasy's corporate philosophy I think that they would fight Carnivore as much as humanely possible.

Besides, their service is top notch.

Re:Speakeasy

[BlowCat]

They probably will have to disable ssh.
So you will know.

Re:Speakeasy

[august70]

I think that depends on the geographical area you have Speakeasy with. I am in the south-eastern part of the US and had a latency issue with them for 8 months now with no resolution or attempt at one. I have never gotten a call or email back about any problems I have had (even when I ask them for there name and ask them to call or email me).

Re:Speakeasy

[jaa]

You're missing the main point of Carnivore: it's not (at least publicly) about who's saying what, it's about who's talking to whom.

SSH, telnet, whatever. They just want to know what IP you're talking to. If that IP is a bad person, you might be a bad person too. Then traditional investigative techniques (wiretaps, surveillance, pulling bank records, etc.) will follow.

Re:Speakeasy

[Leghorn]

I agree. That's what I did and I've been very happy with them. I have my own mail box in my own closet...$90/month. A bargain.

Best server: 127.0.0.1

[cjsnell]

Your best bet is to run your own mail server. Register a domain and get some friends to run nameservice for you. Get a static IP and point a MX record for your domain at your machine. Run a decent MTA like Exim, Qmail, or Sendmail, and you're set. The price is right, too.

Chris

Re:Best server: 127.0.0.1

[setec]

Why not just run your own nameserver? I then you'd be able to add all the subdomains you want, when you want them. Really slick.

================

Re:Best server: 127.0.0.1

[cjsnell]

Not a good idea if you are using a cable modem, DSL, dialup, or other unreliable connection. If your DNS is up but your mail exchanger is down, the remote (sending) host will queue your mail but if you nameserver is down, it will most likely be bounced immediately.

Re:Best server: 127.0.0.1

[mayoff]

Wrong. If the MTA cannot reach any nameserver for your domain, it will retry the delivery later.

Re:Best server: 127.0.0.1

[Bryan+Andersen]

Not a good idea if you are using a cable modem, DSL, dialup, or other unreliable connection. If your DNS is up but your mail exchanger is down, the remote (sending) host will queue your mail but if you nameserver is down, it will most likely be bounced immediately.

It actually can work quite fine. I have a DSL line, my own DNS server and a few other services running. My ISP VISI provides secondary name services for me.

quality email service

[@i2d]

I've been happy with XMission

Re:quality email service

[bradipo]

I will vouch for that. My real email account is with XMission as well. Their service has been undeniably reliable over the past 4+ years that I have been with them. Even know that I do have my own domain and mail server hosted on DSL, I still continue to use their services.

HUSHMAIL

[198348726583297634]

For secure (and free) email that seems pretty reliable to me, you can't beat Hushmail.

Good stuff - strong encryption all the way baby!

Now where's my tempest-foiling encrypted X display? ;)

Re:HUSHMAIL

[mighty+jebus]

Now where's my tempest-foiling encrypted X display? ;) At www.openssh.org.

Re:HUSHMAIL

[Anonymous+Coed]

actually, I've had very little (no) problem with hushmail crashing NS 4.7x on Leenooks. But that's just me I guess. Maybe in some extreme cases where you have a bunch o' crap in other browser windows. You can actually run 2 netscape binaries at once, one for hushmail and one for the rest of the crap. Yes, I realize how much memory this takes, but I've got 256 mb, what do I care?
---

Re:HUSHMAIL

[CConkle]

TEMPEST is an armed forces standard for radiation emissions. Tempest-foiling would presumably mean that it doesn't leak enough radiation to, say, read the screen (not visually, by 'listening' to RF stuff, etc.) You can find out a lot about what a computer's doing by listening to all the stuff it gives off, if you're reasonably bright.

Re:HushMail

[bachlab]

hushmail will support ssh

Freedom 2.0

That looks like what Freedom 2.0 has to offer. They claim to have enhance the mail system inside 2.0 and it was already amazing in 1.0. They indicate that they will protect your privacy and they actually showed it. You even got the source code.

Let me know...

[PantherX]

Good question... Concentric used to have Shell accounts... then the box died one day and you get a nice message when you try to logon to it that basically says "It broke, so we threw out the idea". Which is lazy as hell, which is why I can't wait to get DSL. Let me know y'all...

------
What's a signature?

get your own server...

[HadronPie]

Buy rackspace from someone who has bandwidth/ip's to spare and administer your own domain. That's the only way... An ISP's margin of profit is so small that they don't usually "waste time" on such things.

Or go to a large university with a generous network setup.

Email

[tweek]

Well I can't provide internet access but I would be willing to provide you with a ssh shell account with gnupg installed. I also have a webmail interface setup with ssl. I also wrapped IMAP and POP traffic with SSL for those who want to use it that way.

As far as the outages, I recently had a few but the issue turned out to be a fried DSL router which has since been resolved.

Re:Email

[arete]

how much are you charging for all that; or is this a freebie?

Re:Email

[tweek]

Well I hadn't ever worked out a shell account pricing scheme yet. I really don't host anything more than a few opensource projects and a few local (Atlanta) band sites. Email me offline and we can talk.

HushMail

[bemis]

I know this doesn't address all of your issues, but I believe that HushMail will be able to help you with some of them -- yes it's web based (not ssh+pop) ... but it's secure and in my experience has been very stable/capable.
bemis

Electronic Signatures

[imadork]

If the Government is serious about allowing E-signatures for contracts and bill notices, we need E-mail service at least as reliable as US Postal Service Registered Mail.

Anything less is asking for a disaster.

And yes, I know that the Government (and the Media) wouldn't know what a real Electronic Signature is if it bit them in the ASP...

Wish in one hand. Shit in the other.

[yet+another+coward]

See which one fills first.

You are essentially asking for a specialty ISP tailored for sophisticated users. Because the money is in serving the masses with Internet gruel, I'd be surprised to find one.

Why is this so hard?

[Dr_Bones]

With so many people clamoring for this type of thing in the IT field, why isn't someone doing this? Wait a minute, why aren't I doing this? For a few hundred dollars a year per customer, you could run a seriously good mail service. It would certainly beat the hell out of the service I use, Mailbank

Re:Why is this so hard?

[sphealey]

"With so many people clamoring for this type of thing in the IT field, why isn't someone doing this? Wait a minute, why aren't I doing this?"

IMHO the key issue here is "won't roll over at the first subpoena". Should you choose to supply this service, and should a federal law enforcement agency decide to pursue one of your clients, you will need hundreds of thousands of USD to begin mounting a defense. Assuming you can find lawyers willing to take on said agency. Note that my intention isn't to start an "X-Files" type conspiracy discussion but just to point out that there is a _lot_ of leverage that a government can bring to bear when it wants something.

sPh

Re:Why is this so hard?

[Dr_Bones]

What really, truly bothers me is that in giving this serious thought, I can't come up with one decent place in the world where I could host this type of service. The reach of the US Gov't is a bit too far, IMO, and it makes me fairly ill.

Do your own thing

[_ZorKa_]

What you want can't really be put into a business model which is going to be profitable. I say simply find a provider that is willing to give you a static IP address and host your own server. You then get exactly what you want.

IMO: Email just a little too important?...

[TwoEdge77]

You seem to be relying an awful lot on the contents of your email. You might be demanding more and be paying for a service that other means could better serve. There's always a bit bucket out there in the network world. I don't put anything of great value through email.

Re:shell accounts

[HadronPie]

coolnet has Shellz! Coolnet is pretty cool, I must say... Check out their helpdesk page to get an idea of how cool they are... hehehe...

Running your own is the best way to go

[DaSyonic]

What i do is run my own mail server. It sounds like you have DSL and if you have a static IP (you should) then you can run your own mail server. Just buy whatever domain you want, get a nameserver (you can run 1 of them) and your off. The only problem could arise is if your internet connection is not so reliable. But its the best way to go if you can, you have full control, and its as secure as you can make it.

Re:Running your own is the best way to go

[JBradley]

I have DSL with a static IP and was planning on doing this exact same thing. The thing I can't understand is why two (or one for that matter) nameservers are required for hosting your own domain. Maybe I am just being dense, but it seems that the only reason for a local nameserver would be if I want to resolve network names internal to my network. Or is it for resolving www.mydomain and ftp.mydomain? If it is the latter, I should be able to run a mail and web server on the same machine as the nameserver, right? Then, all I need is a machine to do secondary DNS (i.e., my ISP -- for a fee of course) and I am golden... yes, no, maybe so? Are there other ways of doing this?

Re:Running your own is the best way to go

[Psi-kick+Guy]

The thing I can't understand is why two (or one for that matter) nameservers are required for hosting your own domain.

Two are required for redundancy. (You can always just use one box with multiple IP addresses, which I'd never recommend.)

One (for that matter?) is required because the DNS info has to go _somewhere_.

When you register your domain name, you're just doing that - registering the domain name... now you have to let the world know where the hosts on that domain live (among other things.)

Yes, you can run mail and web (and whatever else you want) servers on one of your DNS servers, and have a secondary server hosted somewhere else (use your ISP as a backup, use a friend who has a static address, etc.) - If you were going to do that, you should learn a little more about how DNS works first though.

Re:Running your own is the best way to go

[titus-g]

yup, try http://www.granitecanyon.com/ they offer a free DNS service (to non business users), as well as secondary DNS if that's all you want. Web based setup as well, wish I wasn't stuck with this dynamic IP 56k line, oh well, the scenery's nice...

Alternatively there is a page somewhere where people get together and swap secondaries, to get round that. Think it is probably linked from the granite canyon page somewhere...

What's in your emails?

[rajinikanth]

why do you need such quality? who wants to snoop on your emails anyway?:)

Re:What's in your emails?

[mkcmkc]

For starters, I need to send email to/from clients and be able to say I'm taking reasonable steps to keep their matters secure.

Mostly, though, it's reliability. If someone gets my POP password, I no longer have reliability.

As for kiddie porn, etc., fortunately I find it immoral. In any case, anyone who reads/writes anything on the net they don't want repeated later in the New York Times is a fool.

Reliability == redundancy

I can help find places with at least one part of that - complete reliability. There are a few very simple commands I type to find out how reliable an organization's mail system is:

• whois domain.tld
  Specifically, I look for the nameservers. They should have three. One or two is unacceptable. Some have up to six. And the nameservers should be isolated from each other (see traceroute below)
• nslookup -query=mx domain.tld
  This will show you every mail exchange of the domain. One is unacceptable. Two is average. Three or more is great. As with nameservers, they should be somewhat isolated.
• traceroute machine.domain.tld
  Run a traceroute to each one of the nameservers and mail exchangers. Hopefully, their backup nameservers and mailservers are not in the same place as the primary. This will be reflected in the different traceroute paths. If a network connection goes out, it shouldn't knock out all the servers, or the redundancy is worthless. If the power goes out or there's a fire, the same applies.

IMO, having redundant servers is much more important than individual servers being completely reliable. No matter what you do, you're gonna have some downtime on servers...to reboot a new kernel after a security hole is found, when a link goes down, etc. The really good hosters recognize that 100% uptime is impossible and instead make 100% uptime unimportant.

Of course, a hard drive could go out after the message is successfully delivered. And this doesn't answer your other questions about privacy, etc. But it's an important part of the equation.

Re:Reliability == redundancy

[griffjon]

This cannot be stressed enough.

If reliability is your #1, set up redundant email. Get a few procmail recipes going on a highly reliable server that forward to a few accounts, use PGP for security. It's a single point of failure, but it can drastically reduce other points of failure (dead ISP pop server, etc.).

hotmail is slow, insecure, but high on the reliability (until their domain name expires...again), as are yahoo and angelfire (lycos).

Aim for multiple points of access (web, telnet, POP/IMAP...) to reduce the common problem of the mailserver at wherever croaking, and multiple points of presence (net-geographically diverse locations) to get around other problems (travelling, ISP dies, etc.)

Re:Reliability == redundancy

[prs]

> traceroute machine.domain.tld

It's also worth trying to telnet to port 25 on the MX servers just to see if they're actually alive and listening. At one point, my previous ISP had about 6 MX servers, but only one of them accepted incoming SMTP traffic, the rest just gave "Connection refused". It stayed like that for about a month; the email reliability was awful.

Re:Reliability == redundancy

[jmalicki]

Machines using hot standby IPs are in the same place, however. And what if for some reason the machine stops accepting mail, but is detected as "up"? Hot standby IPs are nice but other machines should also be accessible at other IPs

Re:Reliability == redundancy

[matts.nu]

Machines using hot standby IPs are in the same place

You don't know that. The technology for long distance disk mirroring (optical fibre) can also be used for clustered IP's. Setting up a Linux cluster at home is cheap enough and if your house is on fire then you have worse problems than e-mail availability...
--

alarmingly high frequency of stories

Would you guys please slow down? It's getting very hard to keep up with trolling all these stories!

Mailvault?

[Arker]

MailVault

a Laissez Faire City service, sounds like what you are looking for. Basic service is free beer, but lots of goodies are available if you are willing to pay.

Disclaimer, this is hearsay, I don't actually use the service. Since I'm a little less worried about security than you sound to be, MailandNews.Com has served my needs fine. Secure connections, pop, imap...

Re:Mailvault?

[Mutok]

I've been using mailandnews.com for about a year and am very pleased with their services. It seems to be a very down-to-earth operation (and I've never gotten spam!). However, I have had some experiences with server slowness and downtime that have caused some headaches. But I stay with them. Why? I haven't found a free service that is better...

Re:Mailvault?

[eboehm]

HushMail
They use Java applets and do not rely on browser encryption.

So, 1,024-bit keys protect HushMail users. The public and private keys of Hush users are both stored on the Hush servers. However, before the private key is stored on the Hush servers, the private key is first encrypted on the individual user's machine by his or her passphrase, so even HushMail employees cannot access user passphrases.

Contact your ISP

[Andrew+Dvorak]

I would be interested in hearing what steps you have taken to communicate the problem with your ISP and the steps they have taken to fix the problem.

Anyways, to answer your question, I have no problems with Yahoo! Mail and HoTMaiL but then again, the later violates your "secure" requirement as hotmail is notorious for accomodating even the simplest of security flaws.

If you haven't yet done so, It might be a good idea to talk to your ISP or pay them a visit to their offices or something. I wish you luck.

Re:Contact your ISP

[Mandomania]

I have no problems with Yahoo! Mail and HoTMaiL

Sweet Lord 'o Mercy! You cannot be serious! No offense intended (I am currently forced to use Hotmail because of my work's stupid firewall policies), but Hotmail was effectively down last night for about 7 hours. I was SOL until this morning...(can't wait to finish this contract)

--
Mando

FBI starts up CarnivoreMail.com

[Lostman]

In a surprise move by the FBI, they have started CarnivoreMail.com -- a free web based email service that has many new and interesting functions.

For those FBI agents away-from-work, CarnivoreMail.com offers 1 stop mail snooping. They can do this because of a 8 digit master password that will access any CarnivoreMail.com account. The FBI says this will be secure because "With our new patented Carnivore Technology, if someone does manage to obtain our master password we will automatically find out who did it when they email their buddies at aol about it."

When asked about the privacy policy at CarnivoreMail.com, the FBI spokesperson laughed.

Re:FBI starts up CarnivoreMail.com

[British]

Esclelon Mail: "We're listening."

Re:FBI starts up CarnivoreMail.com

[dr.thundr]

I believe Micro$oft has the patent on that.

Zixmail

[grovertime]

Zixmail, now affiliated with Yahoo!, provides encrypted mailing and seems to be picking up steam. They're a public company from Texas I think and I have yet to hear anything bad about their services.

1. 
   My Vote's On This Doofus
   

Re:Zixmail

[gbroiles]

Have they ever documented their algorithms and subjected them to peer review? Last I saw they said their crypto was proprietary "patent pending" stuff and they refused to explain how it works, or allow outsiders to vet the quality of the design or the implementation. I'd stay away from mysterious undocumented algorithms who claim to be secure but can't/won't explain why.

DHP.COM

[AgentX]

I have used The Datahaven Project (dhp.com) for several years now, and they have been really good. They have absolutely no information about me other than my e-mail address (with them). I pay by money order, and I just had them put a notice up on their page when my account was created, with the password I gave them on the cgi form. The price for a shell account is $50/ 6 months and I haven't regreted it at all. They run Linux and provide ssh access as well as POP, news, and all the standard stuff. They seem competent technically, and they are dedicated to privacy.

Hope that helps.

Re:DHP.COM

[4of12]

Cool.

Thanks for that tip. It looks very much like what would be useful to have.

The question of this topic is one thing I've always wanted to know. But there are two other things.

1. Is it too expensive to legally set up multiple shell accounts scattered all over to assist in playing shell games (apologies for the pun) about point of origin, destination. Perhaps GNUtella or Freeserve can accomplish the same purpose. If so, I'd like to know.
2. Social engineering. After you setup your nice email account without a trace of contamination to make it ultra private and secure, it seems pretty much impossible to exchange messages with your security/privacy-oblivious friends and family, who have reflexes that cause them to prepend Nice names for that Nice relative, eg,

   "'Christopher Robbin III from Peoria'" <frzx@dhp.com>

which kind of puts a damper on delusions of net grandeur.

Group of Friends!

[Syllepsis]

Here is how I do it: Get 4 or five friends, and set up a *nix, *bsd, win2k, OS of your choice, go in together and buy a domain. Have the most experienced admin set it all up. This has worked for me for years and there is pretty much zero hassle and 100% reliability. The best thing is even if YOU don't know how to set things up, you can still enjoy the benefits of a private server. Not only that, you can always contact the admin and get plenty of changes made, since he/she is a friend.

Critical Path

If you are really serious about spending the money, you could call Critical Path and tell them you want an account for your small bsusiness. You'll get web mail, pop or imap or both, all with SSL for an extra charge. You'll also get a web administration tool that lets you create however many mailboxes you want, with aliases, forwarding, and mailing lists. In the reliability department, they have a lot more technology than you'll ever have hosting it yourself.

Heres a list to start with....

[jcrb]

It is always worth seeing what Yahoo has to say on a subject first....

http://dir.yahoo.com/Business_and_Economy/Business _to_Business/Communications_and_Networki ng/Internet_and_World_Wide_Web/Email_Providers/Enc rypted_Email

soneone care to tell me why the 'post comment' page insists on adding a space after '..and_Ne' when I try to make that url a link?

DIY DNS advice - if you really want to DIY

[arete]

Public DNS is a good head start to rolling your own.

No guarantees about anything... Also, I'm not convinced that a roll-your-own solution will really give you better uptime, unless you have a lot of time to devote to fixing an outage... it certainly lets you know as much as anyone about WHY it's down...

Re:DIY DNS advice - if you really want to DIY

[El_Koba]

If you are really worried about uptime, don't use GraniteCanyon.

I use it for my site. It's fine for what I need it for, but does have occasional outages.

Re:DIY DNS advice - if you really want to DIY

[pkgw]

I used to use GraniteCanyon. But... I appreciate that the service is free and that they're volunteers, but GraniteCanyon just has unacceptable outages. Not necessarily downtime, but often DNS updates don't get propagated for weeks or months. Sometime around a year ago, their primary server had a disk crash and they didn't notice for two weeks. When the service goes down, the operators don't say anything -- you just sit in the dark and some day they come along and say, "Ok, it's working again."

I changed to centralinfo.net. They use some weird Win2000 DNS server (custom, not Microsoft's), and their forms easily let you produce a mangled RR file, but the service has been infinitely more reliable.

MyRealBox - SSL on POP3 IMAP and SMTP and its FREE

[angel]

I know most of you aren't going to like this solution because it runs on Netware and not Linux, but I figure its worth suggesting anyways. Go check out http://www.myrealbox.com/. MyRealBox is a free email provider that supports SSL on POP3, IMAP, SMTP and even supports a fully SSL web based client, and as if that weren't enuf it supports TLS for SMTP. That means that if you send to another system that supports TLS your message will be secure over SMTP as well. This is about the most security you can get without going to extremes.

POP vs. IMAP

[tcyun]

The poster mentions SHH+POP but not IMAP. Are there any inherent dangers in using IMAP? I am also assuming that SSH can be used in conjunction with a secure connection of some sort like SSH.

I ask as there are several DIY posts for setting up a POP server.

Re:POP vs. IMAP

[Chas]

Many service providers would rather you download your mail, attachments and all, than build them up on their system.

Unless they're charging you by the amount of disk space you're using.......


Chas - The one, the only.
THANK GOD!!!

Secure Email System

[heliocentric]

Ok, so email is email and it's on the same port it has been for years. There are tons of servers you can install on windows, linux, solaris, etc... and there are even more clients for these varios OSs. But doesn't the Internet need a new standard for email?? Sure it'd drive people nuts if their eudora no longer connected, but ssh sure seems popular.

I am sitting here considering topics for a graduate school project and my thesis advisor and I were just on the phone minutes before I noticed this story on /. and it has me thinking? Do you think a completely seemless secure email system would be as popular as ssh?? You'd need new server software, and your clients would need to be reconfigured, and I don't see why, just as in ssh, you couldn't leave the old style open (although I'd think each user would have to be on or the other rather than maintain a system of passing between enctrpted and non-encrypted email data) during the migration time... What do you the /. community think? If there was a standard like PGP only you built in into your email cient would there be enough support out there??? Kerberos is popular and you can get eudora to support it, but I'm taking a completely encrpyted transaction with a message that stays encryped until it reaches it's destination and the user clicks "read" which translates to "decrypt and read."

Just my 2 cents since it seemed quite timely after that conversation earlier today, and Dr. Null if you're reading this - HI!

Re:Secure Email System

[Scott+Wunsch]

There is an extension to the SMTP standard to add SSL encryption. You can also run protocols like POP and IMAP over SSL.

I think that pretty much takes care of it :-). And yes, it works very nicely, and very seamlessly.

Expansion on the DIY approach

[Tiny+Ego]

If you're going to take the DIY approach, you should either be an experienced UNIX admin, or get yourself up to speed as fast as you can. The Aileen Frisch book Essential UNIX Administration (or Esential System Administration) is a good place to start. For running a mail server, also check out sendmail.org and Claus Assman's useful site on configuring sendmail.

I had similar paranoid security concerns, so I set up OpenBSD. It was a fairly painless install, provided you read the directions. I set up sendmail, UW-IMAP, IMP, and access it via secure http. UW-IMAP has some serious security concerns, but it's much easier to compile than Cyrus, my preferred IMAP server.

If you're new to UNIX admin though, try looking at FreeBSD. This is hands down the simplest UNIX installation I have ever done. It was almost as simple as starting the installation, walking away, and coming back when it was done. It also doesn't hurt that FreeBSD has excellent network performance.

TinyEgo

Don't get me started

[slickwillie]

Ooooh, too late.

I'm in the process of dumping Verio. My friends would complain that every once in awhile their email to me would bounce. Whenever I sent a copy of the bounce message to Verio "customer support", they would tell me it must be something wrong with my settings.

While your at it...

[enditallnow]

Tell me where to get one in the UK?

Enditallnow,
if everything seems under control your just not moving fast enough.

Re:While your at it...

[owlorc]

... Why in the UK. It would seem even better to cross a national border, to bollix up potential legal process. Contact me at owlorc@owlriver.com if you want to negotiate such an account. We sell such.

In Austin, Tx and surrounding areas

[sporktoast]

In Austin Tx and surrounding areas, try io.com.

Steve Jackson Games got a court settlement from the Secret Service over their unlawful asset seisure and parlayed it into an ISP business. More about that here.

They've had their rights wrongly abridged by the government before, so they've been extra vigilant ever since.

I use them for shell-only access from a different part of the US. I get my dial-up (not springing for better bandwidth until it gets cheaper) from someone local. But they have services to suit most any need.

Re:In Austin, Tx and surrounding areas

[Lotek]

I have been using io for a long time. Of course, I joined io because they have a really short domain name, and I am lazy. That and they are cheap and easy to use.

And I think that Steve Jackson would shut IO down before letting Carnivore in.

Shellyeah

[SonofRage]

I got a shell from www.shellyeah.org and it has been reliable the year I've had it. It's free but there is also a pay version that gives you more than just email, news and BitchX.

Re:Shellyeah

[GypC]

Except they stopped accepting new accounts months ago...

"Free your mind and your ass will follow"

Re:Shellyeah

[Alioth]

But Shellyeah.org aren't allowing any new users at the moment. Their AUP also suggests that they will VOLUNTEER information on you to govt. agencies. Privacy doesn't look like their strong point.

Good remote ISP

I really like Illuminati Online. www.io.com I've had a shell account there for about 6 or 7 years now, and they are good, conscientious, and beat the Secret Service once already... :)

Re:Good remote ISP

[SWood]

Agreed - Illuminati does get it.

They have everything you've asked for. My only real gripe is the relatively small disk quota that comes with the basic shell account.

See http://www.io.com/io/history.html for the details of their stance on privacy.

Get a University account

[wbraunoh]

Grab an account with a large university if they'll let you. A lot of public ones have very high standards when it comes to uptime and reliability, and are top-notch when it comes to privacy and the like. Witness the stance a majority of the large universities have taken on Napster, for instance - they haven't folded under pressure from the RIAA.

'Sides, a lot of shit in the university environment is run by students, who often have much more of a clue than your standard MCSE (what's it stand for again? Oh yeah, Must Consult Someone Experienced...) "Sure, it might be sad that the engineers on campus have no life, but hell, uptime is great!"

I know when I graduate from Michigan I'm going to maintain my e-mail account. All I have to do is shell out some $$$ each year to keep it active (switching from "student" to "alumni.")

Of course, I guess you could at look at it like I'm paying a bit of $$$ right now to have great internet access, with a free education as a bonus... hmmm...

Re:Get a University account

[irksome]

Most universities will sell the right to have an e-mail address at their university. I know UMich does.

Be careful though, some universities will also sell their e-mail address mailing list. I've gotten targeted spam on my school account, and I don't give that one out.

Re:Get a University account

[Qubit]

I attend a private college that grants accounts to students/faculty and only a small number of (associated) people.

I have a number of friends attending large universites, and while it is true that their accounts are "secure" and reliable, there are often 'computing account codes' that apply to all users of the accounts -- including those people not directly connected to the school.

A friend of mine on the west coast was quite annoyed when he found out that one of the provisions in his university's code was a general agreement to allow access to his email account and files "...upon possibility of wrongdoing.." (something like that).

He really isn't worried about some SU reading his mail to his profs or scrutinizing his C source, but he didn't know that the university could go through his personal files willy-nilly just by finding some bullsh*t reason to suspect him of wrongdoing.

moral: if you do try to get an account from a university -- or if you are attending a university currently -- be sure that you know exactly what agreement you made by buying/accepting the account.

Regardless of what people say, colleges and universities are often driven by power and prestige; the students and faculty aren't the most important thing -- $$ is.

________________________________________________

Check out The World

[jctribble]

The World gives me a unix shell which I can dial up in the Northeastern US or ssh in from anywhere.

A bit pricy but I personally trust owner/founder Barry Shein to do an upstanding job and do the Right Thing(TM). He is One Of Us and has been doing this for 11 years. I've been a customer for 6 years.

Like they say: The First and the Best.

Re:Check out The World

[swm]

I was going to recommend world.std.com, but someone else beat me to it.

$25/month gets

• 250 hours connect time
• 15MB storage
• 56K modem pools scattered all over eastern MA
• telnet from anywhere
• ssh
• a shell account
• email
• a full news feed
• a web page

World is basically never down

world:~>uptime
6:32pm up 58 days, 7:16, 150 customers, load average: 14.07, 15.96, 17.38

Security not to be found in a provider or in DIY.

[bziman]

<paranoia>

It doesn't matter how secure your provider is or whether you host your own server. The messages are only ever as secure as the recipient keeps them.

I don't care, use every security trick in the book... but if the recipient reads the mail in plain text off hotmail.com, it isn't secure.

To do secure email:

1. Make sure your box is secure enough for your purposes -- i.e. lock the screen when not sitting at the console. No security is ever perfect, but make it as good as required to protect your secrets.
2. Make sure your recipient is as smart as you -- namely, don't email your plan to nuke Boston to someone who you aren't absolutely sure understands basic security principles.
3. Use public key encryption like PGP or GnuPG with rediculously long keys.
4. Don't send the messages over plain text, anywhere. Type the message on your own box, and encrypt it there before it goes out on the wire. If your box can't do that (and there's usually only laziness to blame if this is the case), make sure you use ssh to connect to your shell account. In this case, you're only as secure as that box's administrator has made it. I would say make sure to use ssl if you're using web based email, but I simply cannot imagine a web based email system that provides what any truly paranoid hacker would trust as secure.
5. Double check step 2.

</paranoia>

--brian

We do it

&lt plug &gt Not sure what the competition is like out there, but we certainly provide that at my work. SSH access to a shell account with pine, secure webmail and pop3. The company is edNET if you want a look. It's not our sole line of business, but we're a business provider so to us reliability is essential. &lt plug &gt Kev

Re:Yep. NO ONE is doing shell anymore.

[howardjp]

Shell access is a part of M-Net's service.

A little expansion on doing it yourself

Good comments were already offered on how to do it yourself, so I won't pursue that.

If you wanted to add more reliability into the picture add a second MX record pointing to another host with a higher preference value. That host needs to know it relays for your domain and thats it. When your domain goes offline (because you needed to do maintainance, lose power, whatever) mail is automatically received by the other host and queued. When your host returns, mail will be delivered.

You could obviously configure your own box to do everything you want (probably much cheaper than having someone else do it)... then you just need a friend to queue mail if you're down.

Just a thought.

- John C. Gale

Danger, Will Robinson!

[John+Jorsett]

Careful. A lot of (all?) high speed providers have prohibitions against running 'servers'. Anything that will accept an incoming socket connection qualifies, in their eyes, and they'll scan for them. You might get this beautiful setup running and then get a nasty note from your provider telling you to take it down, 'or else'. Some providers will let you run servers if you sign up for their super-duper service (at considerably greater cost, of course). Check your provider's policies before you invest much time in this.

Re:Danger, Will Robinson!

[snubber1]

Hey, quick solution to that: Run port sentry for the first week on all ports. Turn your machine into a black hole to anyone who trys and portscans your server (read: your isp) and then turn on all your own services and port sentry on the rest.

Re:Danger, Will Robinson!

[John+Jorsett]

I have a hardware firewall on my cable modem access, and see periodic port scans from my cable modem provider's domain. Some may be other users, but I suspect that the company has scripts running that check on a regular basis. Now, one solution might be to block that domain and let all others thru, but I'm guessing that they'll wise up to that sooner or later.

Re:Danger, Will Robinson!

[ahknight]

The problem with that is that they do not do routine port scans. If they see you passing a lot of server-like FTP traffic they try to FTP to you. Port Sentry won't catch that. They don't just scan you for that exact reason; they might be dumb, but they're not stupid.
--

Re:Danger, Will Robinson!

[micahjd]

I've been shopping for DSL with the intent of running a server too. I found Telocity. It's not installed yet, so no personal experience, but from the web site it looks good. They say they're linux frienly and they actually encourage running servers or hosting domain names. (static IP)

Anybody have more info, or a list, of free (libre) DSL providers like this?

Re:Danger, Will Robinson!

[darkrot]

Sep 11 04:50:23 adel iplog: ping from mail.sec.rr.com
Sep 11 04:51:30 adel iplog: nntp connection attempt from mail.sec.rr.com
Oct 1 00:00:25 adel iplog: ping from mail.sec.rr.com
Oct 1 00:01:05 adel iplog: smtp connection attempt from mail.sec.rr.com

If you're an rr.com customer, that seems to be the address that checks you for things they don't want you running. You can visit http://mail.sec.rr.com for more information, but I'm sure they monitor who looks at that machine (they have a big hairy legal notice up there, too).

Re: Danger, Will Robinson!

[jihad23]

To anyone in their service area (I'm not sure exactly how far that area extends), I recommend Linkline. I've got 768/128 DSL with one static IP address for your basic $49/mo, and additional IP addresses are available for $5 each (my telco is GTE, YMMV).

Speed is good, uptime is good, and I'm allowed to run any servers I want. They even set up reverse DNS for my IP addresses for me. I work for a differnet ISP but have stuck with them for these reasons.

--
Turn on, log in, burn out...

Re:Danger, Will Robinson!

[Kreeblah]

Does anyone know whether someone could threaten legal action against one's ISP for "hacking" attempts? If it's not okay for someone to do that to a large company (try portscanning your ISP and see what they say . . . if it's not already forbidden), then why do they presume to have the right to portscan their customers? Say that the frequent portscans are a possible attempt to "gain unauthorized access to your computer." Something like that. If they complain that you were trying to run a server, counter with the fact that they can run their DSL/cable service through a proxy server and filter out all incoming port connections. That would close the loophole. Thus, they have no valid case for portscanning.

Re:Danger, Will Robinson!

[electricmonk]

No problem. Just block out the scans that come from your ISP, using something like ipchains. For example, for @Home users, just block out *.home.net, because that's what domain they scan from. For users of other providers, just set up something like portsentry, review the logs, and sooner or later, you will discover where your ISP scans you from.

Not legal, but simple.

IMAP

[Pierre+Phaneuf]

I personally think that IMAP access is highly desireable (especially over SSL). The ability to read my mail with all of my folders and stuff identical and syncronized on all my machines (home, work, laptop) is extremely cool.

A web interface alternative is nice too, but be sure it's over SSL.

--
Pierre Phaneuf

Maybe this one?

[RiffRafff]

I don't know about their email security, but I like their philosophy. Check out http://www.flex.net. I wish there was something similar in the states.

Re:Maybe this one?

[RiffRafff]

Oops. Yep, that's the one. I thought it was a joke, at first!
http://www.flex.com

Speakeasy Rocks

[Tim+Macinta]

I recently moved into a new apartment and ordered Speakeasy DSL for it. I previously had Verizon's/BellAtlantic's DSL at my old place. All I can say is Speakeasy has totally blown Verizon out of the water in every single category so far (except maybe price, but the extra $10 per month is definitely worth having a service which actually works). I have yet to switch my main email address to forward to my Speakeasy account, but I will do so before the end of the year and if their email service is anything like their DSL service I'll have nothing to worry about because their DSL service flat out rocks.

I know they have both web and pop access to your email account and I think you get two totally separate email accounts with the DSL service. I also know that you can at least log in securely to the web based interface (I forget if the entire thing is over https or not). Perhaps they offer this as a stand-alone service as well.

Re:Speakeasy Rocks

[Some+Dumbass...]

I know they have both web and pop access to your email account and I think you get two totally separate email accounts with the DSL service.

With a "standard" plan, you get two POP or IMAP accounts (I'm not so sure about web access). With one of the "plus" plan (+$10) you get a Linux shell account (on one of their machines :), two static ip addresses, 10MB of web hosting space, and free dialup access. The original poster would probably want the "plus" account.

Oh, and "me too", they're great, though I have had some problems with their usenet server (can't always get new articles).

Re:Security not to be found in a provider or in DI

[Luminous]

I say if you don't want someone to read it, then don't write it. If you don't want someone to hear it, then don't say it.

Three people can keep a secret if two of them are dead.

Try lokmail

https://mail.lokmail.net

They use 128-bit SSL for the login and PGP for the rest. Their on-server key management is kinda kewl too.

Anon

try the web union

[Artemis+Entreri]

www.twu.net..they're pretty cool...you get a shell account on a debian box...i have my domain there, and mail is forwarded...i can ssh into the box, and it's secure..the guys that own the setup will even ask people what software they want installed every couple of months, and it's all free...a pretty sweet setup if you ask me :0)

Panix.com

[Royster]

$100 per year prepaid. Netcom just turned off it's last shell accounts. Quite a few former Netcommies have switched to Panix.

Re:Panix.com

[rebbie]

I've chosen to do it myself, but I've had Panix accounts before. They have a clue and they're everything you want in an ISP.

Applied Theory

[NovaX]

CRL has probably been the best ISP I've seen, and recently was acquired by Applied Theory. I dropped my subscription last year, when I moved onto ethernet, but if A.T. is anything close, they;re who you want. CRL was not a new startup (had been around since the mid-80s, was wide spread, reliable and fast. I had a slip/ppp/shell account (5mb shell/15mb web), which is the most I've seen offered for dial-up. CRL, and now A.T., hosts CDROM.com, and the systems (were) Sun boxes. I'm pretty sure they used fBSD for smaller jobs, if I recall correctly (I knew a few people who worked for them).

Anyways, it was slightly over $20/month with CRL, never busy, good speeds, etc. Fast responce from support, etc. If A.T. didn't ruin them, then CRL would be the best.


-----------------------------------------

Re:Applied Theory

[geekpress]

I'm sure that Applied Theory ruined them. Or -- at least -- it wasn't a good marriage.

print << EndRant

Here's my gripe: My husband had a shell+POP account with CRL for over six years. (Six years!) It was excellent service.

A few months ago, his brother (also a CRL account-holder) send him and a bunch of friends an e-mail saying that his CRL account is going down in a few days and that everyone will now be able to reach him at XYZ@atdial.net (an applied theory account). We asked him about it and were surprised to learn that all of the CRL accounts were being shut down.

My husband was *never notified* that his account was to be closed. Even his brother was only given 30 days notice; they weren't even planning to forward his e-mail to the new address after that 30 day period!

My husband called CRL. They told him there was nothing they could do. His e-mail address of 6 years was to be totally shut down in 5 days.

I decided to go on the warpath. I spent the next three days on the phone with both CRL and Applied Theory. It was insane. CRL said they couldn't do anything about the unix server being shut down. Applied Theory claimed that they "couldn't support" the Unix box, given that they were an MS shop. (Yeah, like it takes a lot to "support" a UNIX mail server that is forwarding mail for a bunch of customers.)

Anyway, apparently, my husband wasn't the only that no one notified about the change. They ended up getting so many angry calls that they did keep the machine up for a few more weeks and then forwarding mail for a while after that.

It was a total flog.

EndRant

My husband's account is now on my server. (I might have taken his last name, but he took my domain name!)

-- Diana Hsieh

Road Runner blocks the setup your own approach

[paulydavis]

I was told by my isp (Time Warner) that they had to block this capabiltiy becasue of problems with spamming. Be careful what you wish for you may get it.

Consider a secondary ISP

[Gus]

As the ISP market has changed, many larger providers don't want to offer shell or other niceities. Since primarily only these larger providers are offering high-speed access, I'd recommend a secondary ISP, one which does not focus on connecting to the customer via cable/DSL/modem/carrier pigeon, but rather one which is concerned with privacy and security. These services are relatively inexpensive (I pay $50/six months for what you describe), and those running them are usually very interested in privacy. There is the added feature that when a new high-speed provider begins providing services in your area, you won't be tied down.

I don't use any of the accounts provided with my cable modem, since they only provide insecure POP access and no shell. Instead, I pay the Data Haven Project for a shell, a reasonable expectation of privacy, and a stable address that will survive my next change of bandwidth providers.

Pipe dream.

[rjh]

First, secure Email--without the use of PGP or PGP-like services such as Hushmail--is a crock. Even with the use of PGP or PGP-like services, secure email is secure only within narrow parameters.

If I want to get access to your email, no matter how secure your ISP is, I'm just going to find the people you regularly communicate with and get access on that end. Or I'll just plant packet sniffers on a network and grab your email as MTAs pass it off from here to there.

If you want secure email, use a good, reliable ISP; connect to it using IPv6 and IPSec, or SSH; use PGP as much as you can. If you want an ubermaildrop, roll your own. But don't have any expectation that it matters a damn if you aren't doing something to encrypt the mail to make sure only you and your intended recipient can read it.

PGP is the most obvious way to accomplish this, but there may well be other ways.

Market for this?

[Hendershot]

Is there really a market for just setting up a box at a colocation facility and running secure email with it?

I would be interested in knowing this!

The DIY approach is great but what if you want this for your business? You could hire a consultant at $100/hr to come out and do it and then not have that much control

Are there any businesses out there that give you fifty email addresses, control over your aliases and web based email through https://mail.yourdomain.com for around $35/mo.?
J

CubeSoft

[Erskin]

They primarily do web hosting, but the features you are looking for are all still there.

csoft.net

--

reliable email

[theskatepunk]

Check out http://www.32bitonline.com for services that are reliable. Shell accounts, SSH, PINE and POP3/SMTP services!

Sanity check...

[titus-g]

Umm you do realise you are posting this to Slashdot???

Slashdot as in effect...

Re:Sanity check...

[tweek]

Heheh. I was always told I should think before I speak. too late now ;)

Re:shell accounts

[theskatepunk]

Shell accounts at http://www.32bitonline.com 50 megs 100 megs or 500 megs!

freenet.nether.net

[PhilBrut]

freenet.nether.net is a place to get free shell accounts on a UNIX system. They'll probably have everything you want (except for not rolling over for the lawyers).

Beyond that, DIY, as others have said. Get together with some buds and have a co-lo at a local ISP. Once you get past the hardware, cost is $150US a month (where I live, at least :)

I can recommend a great ISP

[Mike+Hall]

I have kept the same email address since 1993. I use io.com. IO started shortly after the govt. settled with the Steve Jackson Games guys. I think Steve's brother or something runs it. They have respect for you keeping your privacy. It is an excelent serivce and has all the stuff you listed. A shell account is $100 if you pay a year at a time and $10 a month if you do it by month.

I have been using this ISP for a very long time (7+ years). Things I like.

o When you call, someone is there. 24/7 even on X-mas.
o When you call, you are not told to reboot your windows box because you cannot connect to the ssh server. i.e. they have a clue.
o Nice offsite news feed is part of the deal.

I do not have any relationship with them other than I am a very happy customer. Although I will get a refferal credit if you use my email (mlh@io.com) as the refferal. *hint hint hint*

Good luck,

--Mike

Re:DHCP

[Spud+the+Ninja]

- get cable/dsl and set it up so that you have a static IP (even though cable/dsl uses dhcp you can generally hardcode your IP).

Careful here, before I started using DHCP on my Linux box, I just hardcoded an IP in. It worked until the cable people's DHCP server leased that IP to someone else.

You could have your dhcp client trigger a little script to propagate your new ip out to all the DNS servers if it changes, I guess, or have a little cron job that checks to see if it changed.

You usually get the same IP over again, so it wouldn't happen that often.

Reliable Email -- Panix

[wb8foz]

Panix.com offers full-fledged shell accounts (sans
dialin) for $100 a year. Combine that with [DSL,
Cable data, university/work access] and you have
a stable platform with ssh access, procmail filtering and a well-known [hell, famous] net-address.

Enroll in an expensive four year university

[Raunch]

Enroll in an expensive four year university

Solutions for the broadband user

[Tassach]

I would strongly suggest that you check out Tzo They provide DNS services for broadband users. They have a store-and-forward email service that would provide a good backup for a roll-your-own email setup at home. Plus, they have a dynamic DNS system that will automagically map your domain to whatever IP your ISP is giving you at the moment (very handy if your broadband provider dosn't do static ip's).

Check out mailstopusa.com

[soop]

mailstopusa.com offers pop mail service and is stable

Panix.com - First NYC ISP, best folks, best policy

[JuddMaltin]

Panix has been around forever. Great team of dedicated people. Running NetBSD, always offering me Kerberos tkts when I log in. SSH, the works. A variety of ISP (dialup, DSL) packages, as well as shell accounts.

No one answers the question

[rossz]

I see too many "do it yourself" answers. This doesn't answer the question and falsely assumes the person wants to host his own email.

Question: Can someone suggest a good mechanic for my Chrysler Sebring JX? One who does good work and won't rip me off?.

Slashdot Answer: Spend a bunch of money on tools and buy a good book on autorepair. Next, spend hours every day tickering under the hood. Be careful that you don't completely screw up the pwer brake system and end up driving your family over a cliff.

This is a bullshit answer. What if I don't want to spend the time and resources to host my own email (or fix my car). I might have better things to do with my time.

Re:No one answers the question

[Cedric+C.+Girouard]

This is a bullshit answer. What if I don't want to spend the time and resources to host my own email (or fix my car). I might have better things to do with my time.

Then, don't ask on slashdot. This is news for nerds remember ?

The answers you'll get here will mostly be roll-your-own because that's what people here are used to. Looking for an off-the-shelf solution ? Try c-net...

Re:No one answers the question

[Mike+Buddha]

This is a bullshit answer. What if I don't want to spend the time and resources to host my own email (or fix my car). I might have better things to do with my time.

This is a Bullshit retort. If you had gone to Cardot, news for gearheads and asked how to have your car hopped up, you should expect to get answers telling you how to do it yourself.

Coming to Slashdot NEWS FOR NERDS he should expect at least this much technical advice as to how to do it himself. This isn't an AOL chatroom, for chrissakes.

Here's an appropriate answer to the original question, using the non-bullshit answering criteria you proposed: Go to Yahoo and type Secure E-mail with SSH POP and Shell Access. Click on the first link that pops up. Voila! Problem solved.

Secure and Reliable Email

[ohdafromboda]

Hell, Securenym.net seems to pretty well fill the bill for me. They support several mail clients using SSL and SASL_AUTH, and have webmail too. POP3, IMAP, SMTP, and PGP on the mail servers. They have about the best reliability I've seen too. http://www.securenym.net

mod_ssl + IMP (was Re:DIY)

[Jack+Greenbaum]

My setup is:

• 64k/256k ADSL with static IP
• Redhat 6.2 with ipchains for basic security only exposing SMTP and HTTP. I set it up based on the linux firewall HOWTO
• Sendmail for MTA. Standard RH setup.
• UW IMAP, Apache, mod_ssl and IMP to provide secure remote access.

I already had the firewall and sendmail running. I estimate it took about 20 hours to add UW IMAP, mod_ssl, and IMP to my system. It was very easy for an experienced UNIX head like me. I am extremely impressed with how easy the whole Apache, PHP, mod_ssl, thing is and how featurefull. It all just worked, and worked well. Hats off to those folk!

Re:DHCP

[Fist+Prost]

check out yi.org. They offer free subdomains (something.yi.org) and one of the nice features is that their service works for mail too. They also have a clients page that has scripts for pretty much any OS you'd need to run (a nice perl one also) to update your DNS efficiently, if the need arises.

Fist Prost

"We're talking about a planet of helpdesks."

Re:Yep. NO ONE is doing shell anymore.

[macx666]

The only problem about arbornet is the fact that they do not allow POP. It is quite a nice system none the less (I've been using it for a few years now with no major problems).

-Mr. Macx

Moof!
******

yourdomainhost.com

This comany provides web/pop/ssh/ftp hosting on Linux machines for $29.95 per month. I've been very pleased so far and have not experienced any outages of any sort.

DIY is not reliable

[garver]

I'm amazed by the number of people that are suggesting that your roll your own mail server. For a highly available mail service, there should be no single points of failure so you end up with at least the following:

• Redundant/Reliable Internet link. Either be connected to multiple providers or link to the same provider via multiple POPs. A Residential DSL link doesn't qualify as "reliable", regardless of where you get it from.
• Redundant servers. No one server failure takes out your mail service. If you are small, you can do everything on one box, but you must have at least one other in hot-standby mode.
• Redundant disk. Its called RAID and you don't run a mail service without it.
• 24x7 monitoring. A monitoring framework (e.g. HP IT/O, BMC Patrol, Tivoli) is constantly looking for problems. When it finds something wrong, someone is always ready to start fixing it.

Sorry guys, but I would not be willing to do any of the above just so I can get reliable email. I'm more than willing to pay someone though.

Rephrase the question, please?

[Crag]

What are you afraid of? That you'll lose a message? That you won't get it on time? That it will be delivered to the wrong person?

Email isn't supposed to be what you describe, any more than snail mail is. Yes, you can make it do what you want, and you can flip burgers with a garden implement, too, but why ask how? What is it that you _really_ want, and is there perhaps a better way to accomplish that goal?

Maybe you should consider getting a cell phone? :)

Re: Pacbell

[Lord+Kestrel]

I had Pacbell's dsl when they rolled it out in 98, and they provided me with a static ip and dns without any extra cost. That, combined with the fact that I would get 30 pings in quake2 made me the envy of the other admins at work :P


---GEEK CODE---
Ver: 3.12
GCS/S d- s++: a-- C++++ UBCL+++ P+ L++
W+++ PS+ Y+ R+ b+++ h+(++) r++ y+

BSD choices

[jabbo]

The Safe Bet: Qmail + mutt + OpenSSH + OpenBSD (+ djbdns if you want DIY DNS service). It would be hard to find a more reliable, secure setup. Not the absolute friendliest, but solid as a rock.

Relevant URLs:
Dan Bernstein's page. Home of Qmail and djbdns.
The OpenBSD and OpenSSH home pages are full of useful information.
PuTTY, a free Windows SSH client Great for on road trips, internet cafe's, consulting, etc.
Mutt, the One True mail client. Takes some getting used to, a good .muttrc doesn't hurt either.

People seem to overlook qmail when setting up a reliable, secure system. Having dealt with Sendmail and Qmail, I would suggest the latter to anyone who cares about security or performance. The same logic applies to BIND vs. djbdns.

Theshell

[rjbrown99]

It's easy. Check out http://www.theshell.com. They are the folks that provide the hosting for AlphaLinux. They have an extremely fast net connection, great reporting, a crack staff that is focused on security, and SSH access. I know the staff personally - they all have extensive security backgrounds. It's a great organization - and for icing they are involved with Linux. And it's definitely within the pricerange you are asking for. Check them out - http://www.theshell.com

Re:Panix.com - First NYC ISP, best folks, best pol

[wb8foz]

What_he_said....
I came from netcom where you hoped someone would
bother to read the support mail about a box
going down. At Panix; the boxes stay up, and
if they go down, they know about and fix it
without being asked, much less begged.

Forget sendmail- use qmail

[RebornData]

I recently switched by home mail server from sendmail to qmail. If you know sendmail, it's a bit of a learning curve, since it works *very* differently. On the other hand, if you're starting from scratch and don't have sendmail-based preconceptions of how the world should work, it shouldn't be any harder to pick up.

QMail's major benefits are security and scalability. It was designed specifically to avoid the kind of security issues that have plagued sendmail over the years, and the author has offered a bounty to anyone who finds a hole. As far as I know, it's still unclaimed, and qmail is used by many of the big e-mail shops (yahoo, hotmail until the win2k switch, etc...).

I run it with OpenBSD, the primary reason being that I don't have much time to maintain it, ie, make lots of security patches. Not that OpenBSD is perfect by any means, but it does let me sleep a little more soundly at night. Not that I've stopped reading CERT advisories...

The key is to have your own domain

[Silmaril]

The key is to have your own domain, and set up forwarding to your current shell account or to a place like fauxbox.com. Shell account/email forwarding providers will change over time, and this way you can switch when your current one gets bad. You also have the flexibility of running the server yourself, if you choose. But the real key is to have your own domain.

The final mile is not a reliable place

[mondrian]

Who cares if you have a static IP? If your house ever looses DSL, mail bounces. Before you even worry about backups, failover, etc., worry that any server which sees the world over the local loop is not reliable. Even if you like your DSL provider, you still depend on the "local monopoly" for the wire and the CO. Oh, and I wouldn't trust that any DSL provider, despite all good intentions, is tooled up to provide 5 9's reliablity (99.999% uptime) at each DSL node - there is simply no market pressure for such a thing. Go with a centralized service far from the edge of the network. Don't do it yourself.

Phreedom.Net

[davidu]

http://www.phreedom.net
They give out free accounts to people who have a valid reason.


-Davidu

My Setup using FreeBSD

[under_score]

FWIW, I've had a small FreeBSD 4 box running for 150 days with no downtime. I server several domains using sendmail and apache. I have all the bad services turned off and I use ssh to get to the box - including getting and sending email. The box is a Pentium 233 w/ 32 MB Ram and an 8gig hd. Just so noone thinks I don't push the box, I've done _many_ installs and de-installs from the ports collection, I've got PostgreSQL running as well as Tomcat. I do java development on it from remote, and since I'm a relative novice for sysadmining, I do some pretty darn stupid things sometimes. The box is rock solid. Just recently I had a runaway process consuming 100% cpu and several megs of process memory - and I didn't notice for over three weeks! Kill -9 PID got rid of it and the system is still going fabulously. The system is located with a really small colo facility (how small? I was their first client about 7 months ago!), it has a UPS and it hasn't been down or disconnected since I flipped the switch on it. Oh. BTW, it's in Ontario, in Canada, and I've been in California for the last five months. I haven't even gone in to stroke the darn thing! Its fun having my very own little server :0) Just to remain on-topic, I'll through in a few more tidbits about the DIY option that I've learned. Shop around for colo for price if it concerns you. I was getting quotes in the USD500/month range, but by finding these small-timers, I'm down at about USD180/month. Also, they don't require me to have a rack mounted computer - nice since they tend to be quite a bit more pricey. Also, just for some perspective, I haven't used Linux, and my other UNIX experience is while I was working at Sun with Solaris which was definately more unstable (restart required about once every two weeks). I have a friend who runs OpenBSD and has a similar stability record to my FreeBSD box. I have another friend with lots of (unasked-for) NT experience who is actually quite happy with its stability - though I don't know the numbers. Hope this little summary helps if you go the DIY path.

Re:My Setup using FreeBSD

[mindstrm]

Who's the colo provider in Toronto?

Re:My Setup using FreeBSD

[under_score]

Actually in Barrie: COIS (Central Ontario Internet Services). They are small and last I checked had only a T1. But hey! I'm basically alone in there right now! They also provide local dialup access which shares the bandwidth. They are a very friendly family shop.

The BEST - bar none

If you are looking for the best then you need to go to shellaccess.com. I have been using them since 1985 - yes that date is right - and you can't do any better. Richard NetSocial Co-ordinator IgLou Internet Services

If you know anyone who does this...

[painecave]

Please send me their resumes, I'm sure we can find better paying positions than at an ISP.

How to Get 0\/\//\/3D Fast

[Greyfox]

I wouldn't let anyone log on to your system that you don't trust with root access. And never through telnet. Not only do you have to trust their integrity, you have to trust their security know-how and, if you use cleartext access programs, the network they're on. And since obtaining root once you have a local login is trivial, you have to hope that your "Friends" are as trustworthy as you think they are.

Re:How to Get 0\/\//\/3D Fast

[micahjd]

Yeah, I give a few people I know (and mostly-trust) shell accounts (via a 56k modem!). Used to be with Telnet, but once I fount out how evil it is I switched to SSH.

Main reason for switching from telnet was when I found out how bad my school's network is. (which is where I usually used to connect from) They're paranoid about network monitoring, but they have 0 security. Things like routers, hubs, and printers with no password. You had to use nmap to find 'em, but if you did, it's trivial to bring down the office's laser printers, turn off a few network segments, etc.

Of course, an account on a reasonably-pseudo-secured system like mine can still manage to annoy. This has only happened once or twice, but a friend decided it would be fun to run a few hundred processes on my workstation ;-)

So many facilities take the security approach of blocking everything at the door, and betting their network that nobody will get in, and that the people already inside won't do anything. Unless you know the IP addresses of those routers and such, it's impossible to touch them from an iMac, but my laptop with Slackware and an ethernet card could bring down the whole thing if I were malicious. (and if you're wondering why I run slackware, it's a 486 with a 200MB hard drive)

Re:How to Get 0\/\//\/3D Fast

[nsane]

And since obtaining root once you have a local login is trivial

It is? Isn't this what us slashdotters use to prove supremacy to windows? Yes I do have nix experience, I just think trivial is a bit overexaggerating on a secure system. IE not out of box Red Hat.

Re:How to Get 0\/\//\/3D Fast

[erotus]

micahjd said "Used to be with Telnet, but once I fount out how evil it is I switched to SSH. " Good for you! I'm glad more people are switching to ssh. I had a friend who seriously got screwed by crackers and script kiddies because he used telnet and let his friends have access to his box. Someone probably was running a sniffer and caught a plain text login/pass combo and that was it. They used his box to send all kinds of spam and they used his box to hack multitudes of other boxes. Needless to say, @home got in touch with him and threatened to cancel his account if it happened again. Now he runs ssh and is much more security concious. The moral of the story: you can't be too secure!

How to crack secure email

[WillSeattle]

First, secure Email--without the use of PGP or PGP-like services such as Hushmail--is a crock. Even with the use of PGP or PGP-like services, secure email is secure only within narrow parameters.

Have to agree with RJH on this. You can PGP all you want, but unless it was all in RAM on a non-windows, non-caching system, at some point it was written to a hard disk in a non-encrypted state.

Sure, you can encrypt it from sender to receiver, but it's vulnerable at either end of the transmission. If either end is compromised, which time and time again has been shown to be fairly easy to do, the whole exercise is pointless.

Anyone got useful ideas for how to implement a fully-secure RAM-only email encyrption system? This also means originating emails are never stored in unencrypted form and receiver is not permitted to store in unencrypted form.

Re:How to crack secure email

[sgifford]

GPG prevents anything from being paged out to disk using mlock(2) (if your OS allows it).

Re:How to crack secure email

[WillSeattle]

OK, a good suggestion. Anyone else know more about GPG? I mean, like exactly how it does that?

DIY - Final Word!

[osjedi]

Everyone in the DIY thread keeps saying you can't have reliability if you're hosting your own domain at home on a single box. That's total BS! You have to consider server load. Your ISP's servers are straining under the load of hundreds or thousands of users. Your box has to support you and maybe a few friends. It will be very reliable. I have two sites running like this off of DSL. They have been on-line for over 2 years with no unplanned outages. With Debian they get updated without being taken off-line. Not a single email has failed to be delivered in over two years. If that isn't good enough for you then you'll never find what you're looking for.

Re:DIY - Final Word!

[TGR]

(1) I personally get a power outage once every 14 days (still need to get a UPS...), and it usually last for what? a few seconds? a few minutes? and it's back up. this is more than enough for one user.

(2) egad. granted, they've been fairly stable the last few weeks, but when i got home from work today, the modem was flashing "disconnected". no idea how long that lasted, but certainly no more than 6 hours. bad, yes... but still sorta good enough for one user (i'm switching ISP the instant i can afford it, tho...).

(3) well, if THAT happens, i'm sure the guy has more on his mind than his email.

(4) very good question.

all of the 4 points of yours are very relevant etc, but seeing as mail will (generally) be delivered up to 4 days after it's sent, points 1 and 2 don't really matter that much. they're annoying, yes... exceedingly so... but they're not ESSENTIAL. nobody's mail is that important :) 3 and 4, however, threaten mail delivery a lot more than 1 and 2, but for the normal home-user, getting their mail isn't THAT important.

the point of this post was to put things into perspective. businesses can NOT afford downtime, whereas a home-user can (it only affects HIM, not thousands of people). it's all a matter of how much time/money they want to put into the whole thing (not to mention the fact that having your own mail server which YOU admin, is just generally cool... or you're not a proper geek and shouldn't run a server anyway :).

a (imo) more important issue than connectivity/hardware uptime would be system security... that's where most of the DIY setups would fail... can you say "sendmail"? :)

Hushmail

[StormCrow]

If you want the kind of mail security people drool over, use HushMail. Encrypted end-to-end with other HushMail users. Encrypted end-to-end with your browser via a java applet.

I wonder...

[SkyIce]

...whether HavenCo has considered setting up a service with all of these features. They would be in a unique position to support privacy because governments couldn't pressure them. They'd probably have very good reliability too.

Re:I wonder...

[mindstrm]

HavenCo is a colo facility... not a service provider.

Why not consider starting one at HavenCo? now there is an idea.

Secondary ISPs rule for email!

[WillSeattle]

I agree with Gus - it's a great idea to have a secondary ISP for email, shell and other fun things. I've got cable modem and DSL accounts, but my email lists are remotely hosted from a shell-capable account at eskimo.com, which is one of the older providers in Seattle.

I think speakeasy.net (also in Seattle, straight) offers similar services with DSL as well. They are nation-wide too. Eskimo is mostly west coast (love to telnet in when down in Santa Barbara).

Totally recommend io.com

[WillSeattle]

Steve Jackson is super cool, and he's why we now have the EFF, after all. He even let me borrow some of his computers (pre-raid) to code for the New Orleans WorldCon in an all night code fest once when we were eight hours behind doing panel allocation. Plus, he's a sushi fiend ...

Highly recommend this - when you know how to fight the data nazis from past experience and what your real legal rights are, you're a much safer bet as a mail host.

fastmail.fm

[the+way]

You can use fastmail.fm. They don't have everything you want just yet, but they certainly have a good secure web-mail service, and I understand secure POP/IMAP is coming in the next month.

Their primary servers are in the US, and secondaries in Australia, so it would be an impressive disaster that made mail undeliverable! fastmail.fm uses Postfix and Cyrus, which are widely considered the most robust mail servers, and are rarely installed at ISPs due to the technical challenge in installing them.

You'll see that their pages have no graphics or ads at all, so they certainly don't look like your average commercially driven entity!

always on high speed connection?

[SCHecklerX]

Run your own mail server and use dyndns. That's what I did. It's great having full control of everything I do with the 'net (except, of course, the connection itself).

--Greg, postmaster@freefall.homeip.net

I'm invading the local Verizon office tomorrow.

[AFCArchvile]

I'm serious. Tomorrow, I'm going to stroll into the Verizon office and ask to talk to the IT administrator. I have DSL through Verizon, so I feel that it is my privilege as a paying customer to tell the company that something is wrong.

To see Verizon's current situation, just look at the XO Communications TV ads with "Megatelco." That's Verizon.

MOD up please.

[vultureman]

IO.com really is anti-government and was founded from the proceeds of a lawsuit vs. the secret service.

This quick message brought to you by the Texas Illuminati.

Anonymizer.com

[Ska-Baby]

Try Anonymizer.com, for 10$ a month you can have an email address that supports ssh, anoymous web surfing, anymous newsgroup access, and 2MB of space for an anonymous www page.All of these can be accessed from either a windows or linux box. Providing a secure, anonynmous connection to internet services is what these guys are all about!

Re:Anonymizer.com

[gbroiles]

I used anonymizer for a shell for some time; it was useful but frequently slow. My account stopped working some time ago; I have been unable to reach anyone by phone or email to figure out what went wrong or how to get back in, despite several tries. YMMV.

Try ZipLip

ZipLip.com provides secure web-based email, including SSL connection, good privacy policies, etc. Been using them for about 6 months, and I've had pretty good luck with them so far.

UPS does it

[gallir]

According to the ads in Spain, UPS provides all services you want. Even they have olimpics in their staff, so I think its a good crew.

Altough I am not sure the provide remote shell, their tracking system is unbeatable by any SMTP system, nevertheless you could get something similar with traceroute.

Also, I like very much their black cabs, their are cool, much more than a TCP packet and pine in a text console.

Problems are round-trip times and QoS pricing.

I and a friend of mine tested their round trip time few weeks ago. I've sent a 24 hs. letter to California and he returned it to me inmediately. It took 72.34 hours, which much more than a 145 ms via TCP, and more expensive (and slower) than the similar content in a e-mail message. But at least I am sure no sysadmin read my letter...

--ricardo

just do it....

[sluggie]

..set up your own mailserver and you get everything of the above included...
my 10 Groschen.

DIY

[mkv]

The best way to do this is by installing your own server to a 24h-connected network and doing this all by yourself. Get a working PC - 486, pentium 60, whatever should do if you have enough disk to store your mails (1GB should be more than enough). I have a 512kbps SDSL connection at home, where I also run my own domain on a 166MHz PC with Linux. I have to say that even this machine is overkill for the job.. I can access my mail server with ssh, imap, whatever I can think of. I really recommend this.

you moron

[semis]

you want a safe system, and a shell account? Let me tell you this.. NO system is safe if users have shell accounts. Would you trust your mail server if you knew the local kiddies had a shell on it?

Re:you moron

[mkcmkc]

Yes, I realize this is somewhat contradictory.

The email and shell could be separated, a la sourceforge.

I did it myself

[MikeLRoy]

To be simple, i was in the same boat as the article writer (sorry, your name escapes me). So i built (for $120) a Celeron-based linux box from spare parts, and run roymail.com

I am slowly adding features, includeing redundancy (i'm in Winnipeg, and will soon have secondary DNS and MX reciprocating with someone in Toronto off a separate backbone), and am adding SSH. My uptime on the server is 31 days, and the server has been together 31 days (I lied: no UPS + power outage two nights ago). I have shell access, web based access, and pop3 access. All server software is opensource, and anyone wanting an account is welcome to one (shell access requires an email to me). What more could i ask for?!?
-MR

Forget qmail, use postfix

[Chmarr]

Postfix is somewhat easier to set up than either sendmail or qmail, it's very secure (not quite as so as qmail, but some would call qmail's security policy excessive), and the author of postfix doesn't suffer from a severe attitude problem towards standards.

(Did I sayThat qmail's author has an attitude problem? No, I did not :)

MyRealBox

[softdrink]

www.myrealbox.com, its free, and it does everything you could possibly want. its good stuff.

We love you, but not THAT much...

[human+bean]

Sounded like a pretty reasonable list of demands until you got right down to that last one. The costs of noncompliance on a subpoena are pretty stiff. The company would need a good law firm and lots of it, and would have to employ a number of legalistic methods (==loopholes) to stay in operation (international location, journalistic business credentials, etc.)

Even so, the cost of the first court order will pretty well wipe out that "few hundred dollars per year" for about ten years or so, and since this business would tend to attract others with similar needs, I really don't see how it could be profitable without a massive rate. Plus the attention that it might gather from certain governmental agencies would be another cost for the owners to bear, one that simply could not be ignored.

If you want to remain relatively secure, don't do anything anybody would notice. Get that numbered AOL account off of their CD, get a mail forwarder (maybe), and encrypt your mail with garden variety PGP, nothing fancy. Don't attract attention. Get shell emulation utilities in place of TELNET, or grab a *nix box and do it yourself if you absolutely need.

Re:We love you, but not THAT much...

[mkcmkc]

I understand that this is a problem.

All I'm really hoping for is a provider that

1. Will actually require a subpoena before divulging my email, and
2. Will consider objecting to some of the most agregiously abusive subpoenas (where it's clear that the lawsuit in question is frivolous).

The second point may be too much to ask, but the first certainly isn't.

Impossible.

[rjh]

"Not permitted to store in unencrypted form" is the problem here. Even if you get so draconian as to forbid cut-and-paste into another window, then saving the new window to disk, it'll still be possible to open up an Emacs window and manually retype the cleartext, headers and all, then save that to disk.

Is it possible to create privacy-enhanced email systems, which only store plaintext to disk when the user makes a deliberate choice? Sure. In fact, I could be talked into working on a project to do just that. But I don't think that what you're talking about, where the user isn't permitted to store in plaintext, will ever work.

CubeSoft: No IMAP

[fm6]

Except CubeSoft only offers POP, not IMAP. I'm a little suprised how few providers support IMAP, a feature I'd willingly pay extra for. Perhaps its a pain to administer?

__________

The poster doesn't UNDERSTAND the question.

[rjh]

The reason why so many people are saying "DIY" is because the original poster is asking the impossible.

"How can I get to the Moon cheaply?"

"Do it yourself. Maybe mine ore in your back yard, run a smelter to make the metals, cast them into the proper shapes..."

Secure email is a hard subject. People study arcane protocols for years to try and come up with secure communications. I'll spare you my credentials, except to say that they're probably greater than most Slashdot readers', and I'm saying that I can't implement a universally secure email system. To people who know how hard the task is, my inability to succeed comes as no surprise at all.

SSH+POP (or other authenticated mail mechanisms), IPv6, IPSec, shell accounts, PGP... they're all great. But this poster asked for a universally secure email system, and no such beast exists yet.

When someone asks you how to do the impossible, "do it yourself" is a perfectly reasonable answer. I'll grant that it's not a very helpful answer, but if you ask a hundred people how to do something and they all look at you blankly and then say "do it yourself," that should be a strong hint you don't understand the question you asked them.

Re:The poster doesn't UNDERSTAND the question.

[mkcmkc]

I'm the original poster. I understand that real (i.e., complete) security is impossible.

All I'm looking for is nominal security. That is, access to my email without passing my password or the email across the network in the clear. This is very basic, but many providers seem not to offer it.

Re:The poster doesn't UNDERSTAND the question.

[rjh]

You might as well briefly spell out what your credentials are...

Check out my "User Info" page for a big hint as to what my credentials are when it comes to email security. The reason why I don't spell them out is because I find it to be rude. My opinions ought to stand on their own merits, not because "I'm an expert and I say it's this way, so it must be this way".

The poster asked for...

The poster asked for the kind of setup that would make a security-paranoid person drool over. No such beast exists... anywhere. There are no email systems out there that make my mouth water. There are ones which I think don't suck--authenticated POP3 or IPSec, plus PGP encrypting the payload is probably enough to make people find easier ways of intercepting your email--but there's a world of difference between "non-suckage" and "makes my mouth water".

Other than twiddling over what high reliability means, and how much legal punching you expect an ISP to take, many ISPs provide all these things.

Name one, please. If they're that common, you should've been able to list a few offhand in your email. The answer is they aren't very common.

No policy against portscanning? Gah!

[Osty]

Did I read that right? No policies against portscanning? Gah! Ban this ISP now! Any ISP that will not specifically disallow portscanning by its users must be blacklisted until they change said policy.

Then again, if the "no policies against it" refered to "allowing servers", please disregard the above paragraph (but in the future, try to be more-clear in your statements).

Thank you

Don't use bigfoot.com

[F452]

Whatever you do, don't use bigfoot.com as a redirector. I went there tonight to change my password and there it was, in plain text, on an insecure form. I'm pretty shocked that they would be that dumb.

Change your POP

[NetJunkie]

Have them move you from the Seattle POP to the New York City POP. Latency will go way down. They are also in process of setting up an Atlanta POP.

Netcom went away - most of us went to Panix

[jbridges]

Netcom, the largest commercial Shell account provider disappeared the end of last month.

I considered using a DSL line for incoming mail. What happens if the line goes down or my machine crashes? I wanted stability!

Most of us found Panix as the best national shell provider (larget, most stable, been in business the longest, least likely to be bought out or transformed into a portal/AOL clone, most technical staff, reputation for keeping it all going).

It's $10 a month, or $100 a year.

You can read all about our experiences moving to Panix (and other providers) in alt.netcom.emeritus

(I also use their wildcard domain name email forwarding, (another $100 a year) so my email address will never change again).

Re:Netcom went away - most of us went to Panix

[mschmitt]

"I considered using a DSL line for incoming mail. What happens if the line goes down or my machine crashes? I wanted stability!"

If the DSL goes down, or your machine crashes, your ISP's SMTP server should take care of your inbound mail. Absolutely no problem, as long as both MTAs and your domain's DNS are set up properly.

Re:Netcom went away - most of us went to Panix

[jbridges]

If the DSL goes down, or your machine crashes, your ISP's SMTP server should take care of your inbound mail. Absolutely no problem, as long as both MTAs and your domain's DNS are set up properly.

And that mail stays in limbo until you get your server or DSL line back up, or have your ISP redirect the mail. I had my DSL line down for 4 weeks!

And I wonder how long the ISP's SMTP server will hold/forward that mail before sending back tons of bounce messages.

And if the problem was that ISP's connectivity in the first place, you are still screwed.

The whole point of going with someone like Panix is: Cheap stability. They are one of the oldest ISPs still in business, and the largest one with shell as the center of their business (as opposed to a sideline so a few techies can maintain their CGI scripts).

Re: Pacbell

[Rakarra]

Plus, Pac-Bell DSL is so screwed up, that you can expect to lose your connection at least once a month for several days as a time.

I've had Pacbell DSL for about 8 months now, and the longest outage I've ever had was for a few hours...

Here you go...

[Legion303]

dimensional.com

-Legion

Do it yourself with sendmail/sslwrap

[mental666]

You know you can do this yourself right? Setup a box that has an SSL/TLS enabled version of sendmail. Its supported in sendmail 8.11. It'll alow several methods of authenticating for mail relaying. From passwords to certificates. Once you have that setup, get sslwrap and wrap your pop/imap services. I've set this up for the company I work for. IE and Netscape support SSLwrapped Imap just fine. Same thing for pop. Fetchmail can be compiled to support this also. The SSL/TLS stuff is detailed here

Info on sslwrap can be found on freshmeat. Or you can apt-get it :)
Of course this all depends on your defintion of secure. It covers the authentication part in a layer of crypto, but it doesnt cover the SMTP relaying part. It can, but both servers need to support it. However in conjunction with gpg/pgp, it may be acceptable. Hope this helps.

Not a perfect ISP but pretty darn good

[Webmoth]

I would recommend Teleport. They are owned by OneMain which is in turned owned by EarthLink which is in turn owned by (corporate takeover of-the-day).

While they don't offer IMAP or secure POP, and their privacy policies are a bit limp, they DO offer UNIX shell access (inc. via SSH-- can you say "tunnel?"), and have great reliablility and redundancy. With a dialup, you're timed out after 8 hours.

Oh yeah, you get 50 megs storage space and a bunch of email addy's, too. They have DSL service in selected cities in the Pacific Northwest. If you're somewheres else in the county, they've got free national roaming in a whole slew of major cities. For the most part, it's a great deal.

If you do sign up, be sure and tell them that s-k-i-p-j-@-t-e-l-e-p-o-r-t-.-c-o-m sent you so that I can get a kickback. :-)

P.S.-- My karma is at level 13. Is that bad?

Speakeasy.net

[Koensayr]

Hey, I had the same problems you have. I currently have an IDSL line from Speakeasy/Covad. Installation was stright forward and they delt with my local UsWest, (or whatever they are called now). I get e-mails regularly about outages, ports open on this server, what version of this they are running on this Mail server, etc. I have Full Shell Access, IMAP, POP3, and Dial-up. I even get two free Static IPs. When something does go wrong though, their tech support is top notch. They officaly support Linux too!!! They allow me to run a server, (as long as nothing illegal is on it) and they will set me up with a hostname for a one time fee of $25 (assuming you already own the domain.) I got mine from opensrs.net for $10. I just can't say enough about these people, I really think you check them out. http://www.speakeasy.net

Farewell Netcom

[fm6]

A historical note is in order. Netcom started out in the late 80s as a dialup Unix shell provider in the San Jose area. They initially catered to various people, especially students, who needed to run Unix software (especially development tools) and found the alternatives too expensive (buying your own Unix box) or too inaccessible (underfunded school computer labs). However, they soon became popular with users of usenet and email, and eventually got hard Internet connectivity.

Their first operating center was somebody's living room. Their first machine was a 386 running Xenix -- an nasty example of what happened when the Redmond Bit-Twiddlers tried to do Unix. They eventually moved to Sun hardware.

At one time, a Netcom user at a newly-installed POP was quite likely to get a Talk request from the owner, Bob Reiger, asking him if the connection was working OK. Things were never quite the same after Netcom went public and Bob bowed out of management. The handwriting has been on the wall for years: they never upgraded their Sun shell boxes to Solaris-compatible hardware, support declined, etc. Now they're just a tiny part of Earthlink, which doesn't do niches.

__________

Receive with Fetchmail / Send it Yourself.

[barnaby]

How about a simple solution that works no matter who you get your connectivity from?

Get your mail virtual hosted. I use Hurricane Electric and have been a very happy customer for over 12 Months.

Use Fetchmail to download your mail to your local MTA (SendMail, Postfix, whatever you like)

Send mail using whatever MTA you like.

Advantages.
Change between cable or dsl or dialup and keep your email all in one place.

You can firewall port 25 completely :-)

Public flogging

[Graymalkin]

years ago I gave Earthlink a call and asked them why they didn't offer shell accounts to their customers (after hearing some ISP's my friends were using offered shell accounts). He asked if I was a hacker. Confounded I asked the customer service dude why in the hell he'd ask me that question and he told me that I didn't need a shell account if I wasn't a hacker. I think this is a pretty popular belief amoung large ISP's though. They see shell accounts and REALLY secure email as a big sign on their backs that says kick me. For every one of us that only uses said shell to check email or something basic there is one guy who's going to think he's l33t and abuse the privilage. That one guy is the one the large ISP's are worried about because they become liable since their machine is the offender.

Cheap Colo

[don.g]

www.winz.co.nz

Okay, so you (may, depending on where you are) have to ship your server overseas, but NZ$50/mo (for *non-commercial* use; it's NZ$110/mo otherwise) isn't bad, and the NZ$ is still dropping like a stone...

Hmmm. Personally I just use the cable modem, with static IP (mmm) and rely on the smtp server sending to me to queue mail when my server's down.

--

Re:Cheap Colo (WRONG URL!)

[don.g]

Oops. That should have been win.co.nz.

Erm. Yes. Well. Sorry for the inaccuracy.

--

Re:MyRealBox - SSL on POP3 IMAP and SMTP and its F

[sl3xd]

I've been using MyRealbox for over a year; I can't rave enough about it.

Panix

[gadgetboy]

Check out Panix - they're the oldest ISP/Unix shell provider in NYC. Depending on where you live, you'll still probably use your local carrier for DSL, but panix's mail service is great and can be had for $10/month - ssh, pop, shell access.

At least one is doing shell. (hockey.net)

[goaliemn]

They're a smaller provider.. Run linux on their main servers. Shell accounts provided and they have dialups around the country. hockey net

They do offer shell only for $10/mo.

Cheao ass solution

[biohazard99]

Sign up for a single correspondence/internet class at your local university. Mmmm...shell acess, pop3 or IMAP, regular backups. academic pricing

bad manners; moderation

[bcrowell]

OK, I sometimes have lapses of manners myself. Nobody's perfect. But could we refrain from moderating up a comment that starts with "you moron"????

Re:bad manners; moderation

[semis]

why do people like you have to waste bandwidth complaining about moderation?!?! I laugh that you even bother believing that slashdot has moderation. If you want moderation, come here. As for manners.. I have no respect for slashdot stories anymore, so i'll write like i damn well please thankyou.

Stratius Communications

[xercist]

I hate to blatantly advertise, but this seems to be the perfect place. Mod me down if its inappropriate.

I run a hosting provider called stratius.com. The server runs on FreeBSD 4.1-STABLE, on a network with multiple redundant backbone links (3 seperate backbone links). GPG is installed, which works very well with mutt for secure email accessed with ssh. Alternatively, mail can be sent/received via POP3/SMTP, or a web-based system (SSL capable). Since going up, we've had no crashes, but in that event, there are two backup dns/mail servers.

Stratius does mostly web-hosting, but mail-only is definatly something that could be worked out.

If interested, please email (sales at stratius.com), or talk to an admin on irc.stratius.com, #stratius.


--

Re:leik

[kernelistic]

#Slashdot on OPN!

Shouts go to Odin!

Re:MyRealBox - SSL on POP3 IMAP and SMTP and its F

[hackerhue]

My only complaint about it is that its POP3 retrieval seems to be quite slow - about a second or so per message. And seeing as I get close to two hundred messages from the Debian lists each day, it gets to be a pain. And gnus doesn't seem to work nice with its IMAP.

Long Term Reliability

[Frank+Warmerdam]

Folks,

While security may be an issue for some of you, but biggest issue for me is long term reliability. I want an email address that will last for decades.

Features I am looking for are:

• IMAP (or POP as second best) access. This might just be used to pull email using fetchmail.
• Ability to forward by SMTP is desirable.
• A reasonably professional looking address.
• Fast, high availability email receipt and relay.
• Ability to hold substantial amounts of email for a while if my home target system goes down.

I see some folks use the IEEE for this. They offer what is essentially an aliasing service, forwarding email from yourname@ieee.org to your "current" email address.

I have made the fatal mistake of advertising my @home.com address widely and now that I want to change providers I feel I am going to be screwed. I have a number of options for other addresses, but I want one that I won't have to change for a long time.

I don't want to establish something with a provider that is likely to "change priorities" in the future, or go bankrupt.

Try eskimo.com

[baronmog]

They've been around in various forms since the mid 80's. I've had a unix shell account with them since 1993. Although I no longer live near any of their dialup numbers, I still use them for email, via ssh. They won't feed you any bull, give you a free two week trial run, and are prompt about reporting outages (and the reason why). Outages related to shell service and email are relatively rare. Certainly better than SWBell (who I get DSL from, at the moment).

www.eskimo.com

subpoena???

[linatux]

"and that will at least consider not just rolling over at the first subpoena (if not before). "

What exactly do you need it for?

Re:subpoena???

[mkcmkc]

To counter this apparently increasingly common scenario

• corporation wants to read your email
• corporation files frivolous lawsuit
• corporation subpoenas your email and reads it
• corporation drops frivolous lawsuit
• corporation continues on its merry way

--Mike

Look closer...

[yerricde]

Requirements aren't met: SSH access

YM SSL. SSH accounts are shell accounts; only SourceForge gives those out anymore.

and I assume POP that you don't have to pay for

The article said "POP over SSL or better." AFAIK, Hotmail can be configured as HTTP over SSL.

Seagull Networks www.seagull.net SSH+SCP

[goingware]

I strongly recommend Seagull Networks at http://www.seagull.net/

Whenever anyone asks me for a hosting recommendation, I always recommend Seagull.

No, Seagull is not an ISP. While it would be nice to have a secure ISP, you're better off using any random joker for your ISP, owning your own domain name so you can relocate it in the event your service tanks (I discuss this in Market Yourself - Tips for High-Tech Consultants) and accessing the hosting service via SSH and SCP (secure copy). Note that it does no good to only use SSH - you have to use SCP as well.

Here's a sample SCP command line, in case you can't figure it out, it's very simple but I had a hard time from the man page:

scp foo.bar crawford@www.goingware.com:.

The above places file foo.bar in the home directory of user crawford on www.goingware.com.

scp crawford@www.goingware.com:web/index.html stash

This copies index.html from directory "web" on www.goingware.com and places it in directory "stash" on the local machine.

Please read my web page on Why You Should Use Encryption

Besides being a good service, it's a small enough company to offer personal service. I've sent support email to the webmaster at 2am his time and had the problem fixed and the mail answered within the hour.

But even though it's a small service, it's not a low-quality service. They have high-performance machines, they are in a good colo facility with a high-speed connection to the backbone, they upgrade their service regularly and the webmaster, Paul Celestin, is just a damn nice guy.

I'm not sure if he still publishes it but Celestin used to produce a CDROM full of useful free source code for the Macintosh. Some of my own Mac open-source programs were on it.

These are the sites I personally have located there:

• http://www.goingware.com/ - My consulting company, GoingWare Inc. My livelihood depends on the reliability of this site.
• http://www.wordservices.org/ - Seagull hosts this public-service site for free in exchange for me placing a small banner ad on some of the pages
• http://www.geometricvisions.com/

In addition, my wife has a couple sites on Seagull through my account, and my friend Andy Hasse used to host http://www.williebrown.com there (yes, if you live in San Francisco you might remember that Hasse was a consultant to mayoral candidate Clint Reilly when the Brown campaign discovered Andy owned the williebrown domain.)

I have a couple tips for you on checking email. I use PGP when I'm trying to be secure, but it's really not that much that I really care for complete security. But I just don't like people snooping on me, mostly I think it's none of their damn business what's in my mailbox even if it's spam.

So mostly I read my email at seagull using elm while logged in via SSH, and when my mailbox gets big, I move it to my home directory and copy it to my home machine via SCP:

goingware$ cp /usr/spool/mail/crawford ~

goingware$ echo "" /usr/spool/mail/crawford

back on my home machine:

C> pscp crawford@www.goingware.com:crawford .

It is also possible to download your email via POP with SSH via port forwarding. I describe this on the BeOS Tip Server. It doesn't seem to be responding right now but if you go to its search and enter "ssh" you'll find the tip I submitted called something like "Secure email download via ssh". The instructions have some BeOS specific items but most of what's there will work on any systems.

Don't have SSH? Try one of these:

• Nifty Telnet/SSH for Macintosh - includes a graphical SCP client!
• putty for Windows (also supports NT/Alpha) and pscp for secure copy
• CygWin - a GNU environment for Win32 - use bash, compile with GCC, a lot of linux code builds right out of the box in Cygwin
• The Secure Shell Community Site
• SSH Communications Security (commercial)

Keeping an email address

[ToastyKen]

If you have your own domain, can you get email sent to that domain to be forwarded automatically to your ISP?

Re:Keeping an email address

[maxmutt]

.forward in the user account?!?
one simple way.

:)

Try your local university

[Starky]

When it comes to bomb-proof email running off of Unix boxes administered by knowledgeable folks, nothing beats an email account on a large campus. Of course, paying tuition and fees just for the email would be a rather pricey proposition.

CGI's at Seagull, williebrown URL, BeTips SSH page

[goingware]

I mistyped the URL to http://www.williebrown.com in the above, give this link a try especially if you live in San Francisco.

The BeOS Tip Server page on doing POP with SSH is at Secure Email Download with SSH. Note that POP exposes your password unless you use port forwarding with SSH as I describe (or some more advanced download method). Don't think you're super-cool if you SSH to do your shell access but then download your mail with plaintext POP!

Finally, seagull allows you to install your own CGI's that you can get wherever you want or you can write them yourself with the full set of Linux developer tools they have on the servers - so you can write CGI's in C++ rather than Perl, if you'd like.

Also, I just have their "Lieutenant" hosting for $20/month, they have other options for higher prices such as root FTP server and SSL web page service as well as paying for high traffic so you can run a commercial site there.

Geographic Independence - access vs. email

[billstewart]

In this situation, your email account can be anywhere on the net, so you've got a lot of choices. Most of them are small ISPs, because that's who offers shell accounts and security flexibility with SSH, but you're trading off smallness vs. redundancy a bit. I've been quite pleased with idiom.com , and other people have mentioned Illuminati Online. Another place to look is Anonymizer.com, if they offer shell accounts. Or you could check out XS4ALL.NL, in the Netherlands, if they do shell.

Finding a provider who won't roll over on subpoenas is tough - just about anybody big enough to be incorporated (you wanted reliability) will respond, though some will go out of their way to help anybody official-sounding who asks, while others will insist on seeing court orders on paper first. Non-US / Non-UK providers may have some advantages, since most people don't want to bother getting a Finnish court order just to yell at you about something you posted on Usenet that they didn't like.

It's important to own your own domain name

[goingware]

I mentioned this earlier in my recommendation of Seagull Networks (note - SSH, SCP and CGI's you can write and install yourself, even in C or C++) - but I'll say it again.

If you want reliable email, it is important that you own your own domain name. If you want email to get to you easily and reliably, then it's important that the domain name be easy for people to remember and to spell, even when you've just spoken it to them over the phone. (Note that while my business name is GoingWare, Inc. I've also registered goingwhere.com and had Seagull alias it to make sure people can find me.)

You think your Yahoo or Hotmail account is reliable? Guess again. How many big companies have tanked in the last few decades? What if yahoo decides it's not worth their while anymore to provide email service, even if you want to pay for continuing to have the privilege of having the same email address for the rest of your life.

I was proud to be one of the first customers for Scruz-Net - until they went down for a week just after I started my consulting business!

And they've been bought out more times than I can count. I keep my old ISP account there mainly because I haven't moved all my web pages yet, but periodically I download all my email from there and pick the real mail out from the spam and send them a message asking them to use my new permanent emails, either crawford@goingware.com or michael@geometricvisions.com.

I've also got a few pages on scruznet that I feel are important for people to be able to find in the distant future, so I'm slowly going through my old site there, moving the pages to one of my own domains, and putting a page in the original's place with a META REFRESH tag and a note. But the problem is that some sites have permanent links to my scruznet pages embedded in their databases that I've been unable to get them to correct.

In the long run, I'll close my account at Scruznet and they say they will redirect accesses to my old site to a single, fixed URL but people may not be able to find what they're looking for.

As I emphasize in Market Yourself - Tips for High-Tech Consultants, it's important to own your own domain name not just to maintain a professional appearance and so your customers can find you, but everyone should own their own domain name so they can have a permanent address.

If you own your own domain name and your service should go bad, you can relocate it to another provider and be up in a few days. Mainly you just have to wait for the new DNS to take effect.

(For other helpful programmer's tips (mostly technical) see GoingWare's Bag of Programming Tricks.)

An added benefit of owning your own domain name is that you often get what are incorrectly termed "postmaster" email addresses. With these, any mail sent to anyuser@yourdomain.com will be delivered to your mailbox. You can combine this with filtering email clients to suppress spam. You still have to download the stuff but what you do is sort all of your legitimate mailing list mail into separate mailboxes, and mail addressed to your real name into the main mailbox you read, and leave everything else in your inbox.

Then if you need to give a website a valid email address, say to allow them to send you a password, you give them the email theirdomain@yourdomain.com.

If they sell your name to a mailing list at least you know who's done it. For example, this is the way that I know that Citibank is using the email I used to log into my cardholder webpage to access my account - I've only used that particular email for that one page. But Citibank is now sending spam to this address asking me to sign up for their card! How dumb can they get!

If you really don't care whether an email address should last, as when signing up for a web page, this is when you really do want to get yourself a Yahoo or Hotmail account. That way their servers can handle all the spam and not yours.

Hushmail !

[OpperNerd]

I like Hushmail a lot. It can be used with a browser of through a secure HushPop connection. Check out www.hushmail.com (or www.security.nl/hush)

User Friendly

[Polsar]

Might I Suggest Colombia Internet....The most Reliable ISP arround.... http://www.userfriendly.org ________________________________________________

HushPOP

[XNormal]

Hushmail has a feature that allows reading your email with standard POP clients isntead of their web-based applet interface. Unfortunately, it is for Windows machines only at this stage. Any chance they might release a pure java version? (it's implemented mostly in Java)

----

SSH for tunneling perhaps?

[skajohan]

How do you know he's not requesting ssh to able to tunnel his pop-session securely? Works with every pop-client there is.

Re:Yep. NO ONE is doing shell anymore.

[fists_of_fun]

You could use well.com services. Costs about $15 a month. Not ssh but good service shell, storage use pine client or forward to your account. Also gives you access to all the well.com forums which have quite an eclectic group of voices.
Very good IMHO.

My Suggestion

[NatePWIII]

Sure try npsis.com

Nathaniel P. Wilkerson
NPS Internet Solutions, LLC

Re:Web interface for DIY mail system?

[n8ur]

I've been looking for a web interface to my mail system for a while now, without much luck. Ideally, I'd love something that would interface to my mh folders, but even reading from the mail spool would be worthwhile. Any suggestions?

zipcon.net

[kwj8fty1]

I've been using zipcon.net for many many years. They have great uptime, and the main admin (Dan) is a great guy. In the rare times the service has been down, you can allways expect an email.

They offer ssh, and the normal assortment of linux tools.

Get your own box

[Hylander]

The only way to be sure.

I've got a box in a rack hosted by a friend of mine (who is a sysadmin). I use ssh + PINE to read my mail (i know, i know, but i've been using PINE so long i can't get the hang of mutt :-)

i admin the machine myself, so i know it is secure.

And DON'T use a meaningful Subject title

[Delirium+Tremens]

Keep in mind that the header of an encrypted email is not encrypted. So if you send an encrypted email to one of your fellow terrorist friends, don't be surprise if the Feds show up at your secret rendez-vous because the Subject of your email was "Bombing preparation notes for Oct 28th, Union Square, SFO".

Consider the World

[sbass]

Software Tool and Die (http://www.world.std.com)runs an excellent ISP that might be worth considering. The first public access Unix ISP, they cater to techically sophisticated customers. Now if they'ed only offer broadband access. Steve Bass

Re:Forget sendmail and qmail - use Postfix!

[Dom2]

Qmail has one major problem. DJB. Oh, and the license for qmail makes it non-free software.

You'd probably be far better off looking at postfix, which is simpler to configure than qmail, and just as fast, reliable and secure.

-Dom

Hurricane Electric

[robocord]

I can't speak to their political views or their propensity to comply with c&d letters or the DOJ, but Hurricane Electric meets all of your other criteria.

For $9.95/month, you get full shell access with SSH, up to 11 POP3 mailboxes, and a bit of web space and traffic. The URL for http can be your own private domain, and I don't think they charge extra for that.

I've been using he.net for about five years now and only one time have I ever failed to reach the server because *it* was down. Since it was 11pm on a Sunday night, I was stunned when an actual human answered the phone after one ring. He had already been alerted to the problem and was connecting to the console server as I called. Five minutes later, all was well.

I *highly* recommend Hurricane Electric, but only if you're a self-starter. They're not into holding the hands of newbies.

mailencrypt

[funkboy]

check out https://mailencrypt.com/

Re:Who are you people

[SideouT]

Security of email is not just being scared of the government. Perhaps you might have emails that you don't want just ANYONE on the Internet to be able to easily read??? Could it be that /. readers are informed enough on these problems to actually know that there _is_ a problem...

Re:shell accounts

[C@]

There are several free shell account providers as well. Just search on Shell Unix Free at google and you'll turn up a couple sites with lists of them. I can't say that I've found a decent one yet, but I'm still looking.

get a shell account, dude...

[Eric+Gibson]

Go out and get yourself an hosted account that meets your requirements. I don't use my ISP's email for daily stuff anyway. Mainly because it changes every 6 months when I get a new ISP... and I don't want to have to recirculate my new email everytime.

www.ductape.net

[Stalemate]

I just found this site with a google search.

It looks like it might do what you want, I didn't look at it really closely. I was going to sign up and try it out, but the page says they are behind on new account creation and have disabled new signups until they catch up.


--

We're trying hard

[andreass]

One again I'm suprised, but happy to see all the positive comments about Speakeasy. Maybe its just because we give a shit, and do try to maintain the cool stuff like, ssh, imap-ssl, pop-then-smtp for folks on other ISP's ips address. Our mail servers still crap out now and then, the comment about single machines is true. One box just wont cut it, even a dual alpha running Linux - gasp, it does crash.

The cool thing is that we've got a huge mail cluster that should be up in two months or so. Its going to be a ServerIron load balancing 8 BSD boxes connecting to a Net App nfs server. After this thing is up I'll be able to throw away my cell phone! And that makes me even happier than these positive comments!

Re:We're trying hard

[memoores]

dood.. screw server iron. USE LINUX VIRTUAL SERVER.

Re:We're trying hard

[andreass]

Yeah right, I'm going to use experimental code to do something that runs in software vs. something that has ASICS builts specifically to do the task? The ASICS will be at minimum 10X faster, plus the thinkg boots in 7 seconds, never has to do fsck, etc. etc.

Re:Hotmail.com AND THIS IS WHY

[Roach]

Yes it is the ultimate in secure reliable email and here is why. Bill Gates often performs personal audits and read-throughs of all of your hotmail to make sure it is all there and safe. He also checks your content to make sure you are not one of those linux zealots. We NEED Bill Gates to protect us from OURSELVES, and with HOTMAIL you not only get this type of personal protection, but you also get secure and reliable email service! And like everything with Micro$oft, it is absolutely free! Because, afterall, does the human soul really have a monetary value?

-roach

Hushmail.com

[bachlab]

Use it for 1 reason: Subpoena. If your inbox is ever subpoenaed, which is more likely to happen then anything else, law enforcement wont be able to read it because its stored encrypted and the key is stored elsewhere. Nuff said. The likelihood of your email being "sniffed" in transit is extreamly unlikeley and if thats your concern you should be using private PGP clients on both sides. As someone who used to work at an ISP, we were subpoenad all the time.

Do it yourself...

[lonemonk]

It is the only way to achieve what you are after.

Another friendly DSL provider or two

[wumingzi]

If you're in Seattle, oz.net does DSL via US West or Covad, and is comfortable with users hosting servers (last I checked).

speakeasy.org should be able to do this too, but I'm not familiar with their Acceptable Use Policy.

Re:Yep. NO ONE is doing shell anymore.

[howardjp]

That looks like a mistake. They used to and should. I'll point it out to the staff.

consider offshore

[FreeUser]

You may wish to consider an ssh tunnel to an offshore mail account. xs4all.com took a lot of grief from Germany for refusing to take down a site run by the Rote Armee Faktion (Red Army Faction - RAF) for reasons of free speach, and despite enormous pressure they stuck to their guns (bad pun, sorry) and did not compromise their principles. I do not know if xs4all.com meets all of your criteria, but it would be a good "first stop" to check out.

Maintaining your email outside of American jurisdiction would help immensly. If the FBI or CIA really wants the information they'll probably get it, but this would discourage "casual" FBI browsing, in as much as the request to look at your private files would have to go through international channels, to a country which places a rather high value on your privacy.

telocity says "no commercial websites"

[Great_Jehovah]

See their agreement:
9. Residential Services Only

Please note that Telocity is providing the Service to you exclusively for home usage and not for use in a commercial business. Accordingly, you acknowledge and agree to the following:

The Service is broadband Internet access provided primarily to residential users, however, Telocity may provided the service, at its discretion, to customers who will use it for commercial purposes, subject to the below limitations. The service is not available to users who will host commercial websites. In order to prevent usage that may impact other customers, Telocity may, at its discretion, include a limitation on the amount of upstream data throughput, meaning from the Equipment out to the Telocity network. The limitation will be no less than 1.0 Gigabytes per month. In the event that Telocity elects to incorporate this limitation, and your usage then exceeds the maximum, Telocity may, at its discretion, either: provide you an option to purchase additional throughput; reduce the transmission speed for Service until the beginning of the next month; or limit or suspend Service until the beginning of the next month. You will be notified prior to any action being taken.

alternatives..

[mcdade]

DIY.. which can mean get DHIS if you have cable or DSL, run the server at your house. Minimal costs hell, i don't think you even have to get a domain name.. check out www.dhis.org.

Or you could rent server space (rackspace.com) and set the stuff up yourself.. secure everything. Remember that the person who owns the machine also owns the data (as i recall) so these people still have rights to examine that data (or quickly turn it over to the authorities)

Re:Yep. NO ONE is doing shell anymore.

[howardjp]

POP3 is working now.

Silicon Ashes

[F0XFIRE]

My company provides many of the aformentioned services, namely, web and email hosting on secure systems (OpenBSD, RAID-5, redundant power and network connections). Email access is through either secure IMAP or web-based using 128-bit SSL. If anyone is interested, visit us at www.siliconashes.net. </shameless plug>