Purpose

You all know emails. You all have at least one email address. You should also know some providers aren't that "privy". They read your emails in order to know all about you. This allows them to submit ads. Among other things.
With Fogmail, you can get back your emails, thus your communication privacy. Freely. Securely. Your emails are kept encrypted. By default. And we don't have any way to decrypt them.
You know the email storage is centralized. All in one place. Whenever this place blows up, you lose all.
With Fogmail, this can't happen. Or, if this happen, we're pretty sure the loss of your email might be the smallest problem you might get. Fogmail architecture ensure nothing is kept in one place. Using most modern technologies, we ensure your emails are duplicated and stored across the whole world. Even in your very house. Because our design allows you to give some storage to the community.
Most of you know how uneasy it is to build and manage a mail infrastructure. That's why most of you uses gmail, hotmail and other "mainstream providers".
With Fogmail, installing and managing a mail infrastructure becomes easy. We provide receipts in order to deploy the different configurations so that you just have to use your infrastructure once it's ready.

The whole infrastructure is redundant and scalable. Should you need some more storage? Just add a raspberryPi with some USB drive. Needing some more mail server in order to be able to serve people through the world? Just deploy an instance anywhere, register it to your main infra, and that's it. Replication is working out of the box.

We will soon provide a service you can use. Freely. Securely. So that you can see how it's working. Having the ability to deploy the exact same configuration on your own. We don't want to be alone. Clone this infrastructure so that we get decentralization. The more you deploy Fogmail, the better we will be against mass surveillance.

Key features

Security

We want the content to be fully encrypted. In order to do so, you'll be requested to either create or provide a public GPG key when you create an account. This will allow our mail system to encrypt all your incoming emails. Even if they aren't encrypted when they were sent.
This ensures nobody but you can access your mail content once they are in Fogmail. Does an attacker take advantage of some system flaw? Well, that's nasty, but he won't be able to harm you.

More over, as we're wanting people to provide storage, we also encrypt the data on our side. This prevent any metadata not encrypted by GPG to be encrypted. This means: storages cannot find anything.

We focused on security in order to chose the applications, file system and configurations. The system itself, based on Debian, enables automatic updates from Debian Security Repositories. This ensures Fogmail runs on the latest application available, with the latest patches.

Fogmail is built with security and stability in mind.

Decentralization

Using most modern applications and system features, we are able to (partialy) decentralize email service. We focused on the storage, using XtreemFS. This filesystem allows many things, among them:

  • Native replication
  • Strong x509 authentication and SSL connections
  • Full decentralization
  • Multiple entry points
  • High scalability

And many more features we're using for Fogmail.

Your data are safe. As the connections.

Open source and open to contributions

All the configuration receipts are open source. We only use open source software. This means anyone can deploy Fogmail at home in order to test it, play with it, break it. And contribute.
You found a flaw in the configuration of some application? Submit an issue or a contribution with the correction.
You think a feature is missing? Well, implement it, and submit your contribution.

Even if you don't know how to configure Dovecot or Postfix, you can still help. Supporting the project for example. We take Bitcoins ;).

That's also how a community works: by contributions in all sorts. Giving the possibility to anyone to help makes you important in the system.

You're not just a user. You're a contributor. A part of the whole system.

Community

In order to live and provide a good experience, with a lot of storage, we rely on a community. Anybody can contribute with storage. Do you have some spare hard drive with some low-voltage computer, like a RaspberryPi or Cubie? Great, just deploy the storage configuration on it, plug it on the network and you're done.

We focused on simplicity. So that anyone can participate. Allowing anyone to build his own system. Allowing you, people of the World, to take back your privacy.

Being unit as a community makes us all stronger.

Multi factor authentication

A second authentication factor will be required. Either Google Auth or a Yubikey. And generated per-application password. So your accesses are safe. A connection log will be available from the management interface. Allowing you to ensure only YOU access your account.
Well, even if some nasty guy reaches your account he won't be able to do much due to the enforced encryption…

Providing secure access makes you safer.

Clonable

Fogmail was built with replication in mind. We want anyone (with some basic knowledge) to be able to reproduce our service. Hopefully many Fogmail will be deployed. This will allow global data decentralization.

Being able to build your own infrastructure makes you free. Forever.

Get started

Note

It is still a work in progress. There are still some issues with the receipts, especially regarding XtreemFS.

For now, it's only working as virtual machines/containers. Nothing is production-ready!

Docker

  • Follow Docker documentation for installation.
  • Get the code
    $ git clone https://github.com/ethackdotorg/fogmail 
    $ cd fogmail 
    $ git submodule init 
    $ git submodule update
  • Create the PKI
    • create puppet/ssl/etc/client-ca.conf
    • create puppet/ssl/etc/dir-ca.conf
    • create puppet/ssl/etc/mrc-ca.conf
    • create puppet/ssl/etc/osd-ca.conf
    • create puppet/ssl/etc/root-ca.conf
    • Run the script from puppet/ssl directory
    $ ./create-pki
  • Create some certificates
    • introducer-dir (signed by dir-ca)
    • introducer-mrc (signed by mrc-ca)
    • mailserver (signed by client-ca)
    • storage-1 (signed by osd-ca)
    • Note: for now, all certificates are signed by all CA!
    $ ./create-cert introducer-dir.cnf 
    $ ./create-cert introducer-mrc.cnf 
    $ ./create-cert mailserver.cnf 
    $ ./create-cert storage-1.cnf
  • Edit puppet/hiera/common.yaml
  • Build the base image
    $ ./build base
  • Build the Introducer
    $ ./build introducer
  • Start the introducer
    $ ./run introducer
  • Get the introducer IP
    # ifconfig
  • Set the introducer IP in puppet/hiera/common.yaml
  • Create the two remaining images
    $ ./build mailserver 
    $ ./build storage
  • Start some storage
    $ ./run storage 
    $ ./run storage 
    …
  • Start a mailserver
    $ ./run mailserver

Vagrant

  • Follow Vagrant documentation for installation
  • Get the code
    $ git clone https://github.com/ethackdotorg/fogmail 
    $ cd fogmail 
    $ git submodule init 
    $ git submodule update
  • Create the PKI
    • create puppet/ssl/etc/client-ca.conf
    • create puppet/ssl/etc/dir-ca.conf
    • create puppet/ssl/etc/mrc-ca.conf
    • create puppet/ssl/etc/osd-ca.conf
    • create puppet/ssl/etc/root-ca.conf
    • Run the script from puppet/ssl directory
    $ ./create-pki
  • Create some certificates
    • introducer-dir (signed by dir-ca)
    • introducer-mrc (signed by mrc-ca)
    • mailserver-1 (signed by client-ca)
    • mailserver-2 (signed by client-ca)
    • storage-1 (signed by osd-ca)
    • storage-2 (signed by osd-ca)
    • storage-3 (signed by osd-ca)
    • storage-4 (signed by osd-ca)
    • Note: for now, all certificates are signed by all CA!
    $ ./create-cert introducer-dir.cnf 
    $ ./create-cert mailserver.cnf 
    $ ./create-cert storage-1.cnf 
    …
  • Edit puppet/hiera/common.yaml
    Set Introducer IP to 192.168.50.2
  • Get the base box
    $ vagrant box add vagrant-box-metadata.json
  • Build the whole infra
    $ vagrant up