Configuring a Hidden Email Server

Onion hMailServer
Onion hMailServer

In this post, I will talk about configuring an Email server which is accessible using TOR. Using TOR will make its IP to be hidden, also accessible if it is behind NAT (inside a home computer without a public IP). But the main question is why one should use this kind of scenario?

Many people may not trust messaging services such as Telegram or WhatsApp but want to have their own private communication system. In this tutorial, you can run your own mail server in your home LAN and access it through Internet without spending money for public IP or VPS.

For the email server part, I will use hMailServer, an open source email server developed for windows.

Installing Email Server

hMailServer is a straight forward email server with built-in SQL Server. I’ve installed it and shared the screen shots below.

Configuring Email Server

In this section, I configure the hMailServer with the following configuration:

  1. Creating a self-signed certificate (for IMAPs and SMTPs)
  2. SMTP with SSL/TLS (port 465)
  3. IMAP with SSL/TLS (port 993)
  4. Disabling hMailServer access to Internet (Only has access to
  5. Creating a fake domain (tajbakhsh.fake) for email accounts

Creating a self-signed certificate

Using IBM Knowledge Center , you can create certificate and private key which will be used in hMailServer:

openssl req -newkey rsa:4096 -nodes -keyout key.pem -x509 -days 3650 -out certificate.pem
Adding Certificates to hMailServer
Adding Certificates to hMailServer


The configuration for ports, certificate and protocols are depicted below.

Disabling hMailServer Access

You may follow wikihow for disabling a program (hMailServer.exe) from accessing the Internet. Just add an Outbound rule for hMailServer.exe and select block in connection section.

Creating Fake Domain

The Email server is accessible only in the LAN (but from Hidden Service of TOR), therefore domain is not important, but hMailServer needs for distinguish between the users. Therefore I added tajbkahsh.fake as the domain of Email server.

Configuring Hidden Service

As I described before in “Control your home IoT” post, you can run a hidden service. In this scenario, there is one onion address with two ports: One for IMAPs and the other for SMTPs. The configuration are below:


In this post, I’ve configured hMailServer as email server behind TOR as a hidden email service. In the next post, I will describe how to connect to this hidden service from PCs.


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *