Configuring a Hidden Email Server

Onion hMailServer

In this post, I will talk about configuring an Email server which is accessible using TOR. Using TOR will make its IP to be hidden, also accessible if it is behind NAT (inside a home computer without a public IP). But the main question is why one should use this kind of scenario?

Many people may not trust messaging services such as Telegram or WhatsApp but want to have their own private communication system. In this tutorial, you can run your own mail server in your home LAN and access it through Internet without spending money for public IP or VPS.

For the email server part, I will use hMailServer, an open source email server developed for windows.

Installing Email Server

hMailServer is a straight forward email server with built-in SQL Server. I’ve installed it and shared the screen shots below.

Configuring Email Server

In this section, I configure the hMailServer with the following configuration:

  1. Creating a self-signed certificate (for IMAPs and SMTPs)
  2. SMTP with SSL/TLS (port 465)
  3. IMAP with SSL/TLS (port 993)
  4. Disabling hMailServer access to Internet (Only has access to 127.0.0.1)
  5. Creating a fake domain (tajbakhsh.fake) for email accounts

Creating a self-signed certificate

Using this link you can create certificate and private key which will be used in hMailServer:

openssl req -newkey rsa:4096 -nodes -keyout key.pem -x509 -days 3650 -out certificate.pem
Adding Certificates to hMailServer
Adding Certificates to hMailServer

SMTPs and IMAPs

The configuration for ports, certificate and protocols are depicted below.

Disabling hMailServer Access

You may follow this link for disabling a program (hMailServer.exe) from accessing the Internet. Just add an Outbound rule for hMailServer.exe and select block in connection section.

Creating Fake Domain

The Email server is accessible only in the LAN (but from Hidden Service of TOR), therefore domain is not important, but hMailServer needs for distinguish between the users. Therefore I added tajbkahsh.fake as the domain of Email server.

Configuring Hidden Service

As I described before in this post, you can run a hidden service. In this scenario, there is one onion address with two ports: One for IMAPs and the other for SMTPs. The configuration are below:

Conclusion

In this post, I’ve configured hMailServer as email server behind TOR as a hidden email service. In the next post, I will describe how to connect to this hidden service from PCs.

Your email address will not be published. Required fields are marked *

*