In this post, I will talk about configuring an Email server which is accessible using TOR. Using TOR will make its IP to be hidden, also accessible if it is behind NAT (inside a home computer without a public IP). But the main question is why one should use this kind of scenario?
Many people may not trust messaging services such as Telegram or WhatsApp but want to have their own private communication system. In this tutorial, you can run your own mail server in your home LAN and access it through Internet without spending money for public IP or VPS.
For the email server part, I will use hMailServer, an open source email server developed for windows.
Installing Email Server
hMailServer is a straight forward email server with built-in SQL Server. I’ve installed it and shared the screen shots below.
hMailServer Installation Process 1 
hMailServer Installation Process 2
hMailServer Installation Process 3
hMailServer Installation Process 4
hMailServer Installation Process 5
hMailServer Installation Process 6
hMailServer Installation Process 7
hMailServer Installation Process 8
hMailServer Installation Process 9
hMailServer Installation Process 10
Configuring Email Server
In this section, I configure the hMailServer with the following configuration:
- Creating a self-signed certificate (for IMAPs and SMTPs)
- SMTP with SSL/TLS (port 465)
- IMAP with SSL/TLS (port 993)
- Disabling hMailServer access to Internet (Only has access to 127.0.0.1)
- Creating a fake domain (tajbakhsh.fake) for email accounts
Creating a self-signed certificate
Using IBM Knowledge Center , you can create certificate and private key which will be used in hMailServer:
openssl req -newkey rsa:4096 -nodes -keyout key.pem -x509 -days 3650 -out certificate.pem
SMTPs and IMAPs
The configuration for ports, certificate and protocols are depicted below.
Configuring SMTP 
Configuring IMAP
Disabling hMailServer Access
You may follow wikihow for disabling a program (hMailServer.exe) from accessing the Internet. Just add an Outbound rule for hMailServer.exe and select block in connection section.
Firewall #1 
Firewall #2
Firewall #3
Creating Fake Domain
The Email server is accessible only in the LAN (but from Hidden Service of TOR), therefore domain is not important, but hMailServer needs for distinguish between the users. Therefore I added tajbkahsh.fake as the domain of Email server.
Adding Domain #1 
Adding Domain #2 
Email Account #1 
Email Account #2
Configuring Hidden Service
As I described before in “Control your home IoT” post, you can run a hidden service. In this scenario, there is one onion address with two ports: One for IMAPs and the other for SMTPs. The configuration are below:
torrc file 
Adding ports to torrc 
After running TOR, the address can be found in Hidden directory
Conclusion
In this post, I’ve configured hMailServer as email server behind TOR as a hidden email service. In the next post, I will describe how to connect to this hidden service from PCs.
