Candidate stack for Edgeryders' community crypto setup

Introduction: We try to patch together a VERY SIMPLE solution for edgeryders who, while they don’t want or need to encrypt all their email, still occasionally need secure email; or who are simply curious about secure communication, but have limited time or skills.

A candidate stack would be, basically:

  1. an edgeryders.eu email address for who wants one – a mailbox dedicated to encrypted stuff.
  2. Mailpile (simple installation and setup, great user interface).
  3. A carefully written, rookie-friendly step-by-step guide to setting the whole thing up.
  4. Community help, with more skilled edgeryders up for helping less skilled ones.

Dreaming it up now at 31C3 with @msanti. :slight_smile:

(Introduction from former category added by @matthias 2017-09-10 when reorganizing content.)

3 Likes

Mostly works – but SMTP error

Everything works except outgoing mail (what Mailpile calls “Send Routes”).

A successful Send Route test (through GMail) returns the following log:

SendMail: from alberto.cottica@gmail.com  (), to [u’alberto.cottica@gmail.com ', ‘test@mailpile.is’] via smtp.gmail.com:587

SMTP connection to: smtp.gmail.com:587 as alberto.cottica@gmail.com

connect: (u’smtp.gmail.com’, 587)

reply: ‘220 mx.google.com ESMTP l9sm40919136wic.21 - gsmtp\r\n’

reply: retcode (220); Msg: mx.google.com ESMTP l9sm40919136wic.21 - gsmtp

connect: mx.google.com ESMTP l9sm40919136wic.21 - gsmtp

send: ‘ehlo mailpile.local\r\n’

reply: ‘250-mx.google.com at your service, [151.217.212.176]\r\n’

reply: ‘250-SIZE 35882577\r\n’

reply: ‘250-8BITMIME\r\n’

reply: ‘250-STARTTLS\r\n’

reply: ‘250-ENHANCEDSTATUSCODES\r\n’

reply: ‘250-PIPELINING\r\n’

reply: ‘250-CHUNKING\r\n’

reply: ‘250 SMTPUTF8\r\n’

reply: retcode (250); Msg: mx.google.com at your service, [151.217.212.176]

SIZE 35882577

8BITMIME

STARTTLS

ENHANCEDSTATUSCODES

PIPELINING

CHUNKING

SMTPUTF8

send: ‘STARTTLS\r\n’

reply: ‘220 2.0.0 Ready to start TLS\r\n’

reply: retcode (220); Msg: 2.0.0 Ready to start TLS

send: ‘ehlo mailpile.local\r\n’

reply: ‘250-mx.google.com at your service, [151.217.212.176]\r\n’

reply: ‘250-SIZE 35882577\r\n’

reply: ‘250-8BITMIME\r\n’

reply: ‘250-AUTH LOGIN PLAIN XOAUTH XOAUTH2 PLAIN-CLIENTTOKEN\r\n’

reply: ‘250-ENHANCEDSTATUSCODES\r\n’

reply: ‘250-PIPELINING\r\n’

reply: ‘250-CHUNKING\r\n’

reply: ‘250 SMTPUTF8\r\n’

reply: retcode (250); Msg: mx.google.com at your service, [151.217.212.176]

SIZE 35882577

8BITMIME

AUTH LOGIN PLAIN XOAUTH XOAUTH2 PLAIN-CLIENTTOKEN

ENHANCEDSTATUSCODES

PIPELINING

CHUNKING

SMTPUTF8

send: ‘AUTH PLAIN AGFsYmVydG8uY290dGljYUBnbWFpbC5jb20gAGJwZndoZnZoeXplcXRscXM=\r\n’

reply: ‘235 2.7.0 Accepted\r\n’

reply: retcode (235); Msg: 2.7.0 Accepted

send: u’mail FROM:<alberto.cottica@gmail.com>\r\n’

reply: ‘250 2.1.0 OK l9sm40919136wic.21 - gsmtp\r\n’

reply: retcode (250); Msg: 2.1.0 OK l9sm40919136wic.21 - gsmtp

send: u’rcpt TO:<alberto.cottica@gmail.com>\r\n’

reply: ‘250 2.1.5 OK l9sm40919136wic.21 - gsmtp\r\n’

reply: retcode (250); Msg: 2.1.5 OK l9sm40919136wic.21 - gsmtp

send: ‘rcpt TO:<test@mailpile.is>\r\n’

reply: ‘250 2.1.5 OK l9sm40919136wic.21 - gsmtp\r\n’

reply: retcode (250); Msg: 2.1.5 OK l9sm40919136wic.21 - gsmtp

send: ‘DATA\r\n’

reply: ‘354  Go ahead l9sm40919136wic.21 - gsmtp\r\n’

reply: retcode (354); Msg: Go ahead l9sm40919136wic.21 - gsmtp

SendMail: from alberto@edgeryders.eu (ugrazyd_xfa6mcsvx36pwasaamq), to [‘alberto@edgeryders.eu’, ‘alberto.cottica@gmail.com’] via mail.edgeryders.eu:143

When I try the same with mail.edgeryders.eu, I get:

SMTP connection to: mail.edgeryders.eu:143 as alberto@edgeryders.eu

connect: (u’mail.edgeryders.eu’, 143)

reply: ‘* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.\r\n’

reply: retcode (-1); Msg: [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.

connect: [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.

send: ‘ehlo mailpile.local\r\n’

reply: ‘ehlo BAD Error in IMAP command received by server.\r\n’

reply: retcode (-1); Msg: BAD Error in IMAP command received by server.

send: ‘helo mailpile.local\r\n’

reply: ‘helo BAD Error in IMAP command received by server.\r\n’

reply: retcode (-1); Msg: BAD Error in IMAP command received by server.

SendMail: from alberto@edgeryders.eu (ugrazyd_xfa6mcsvx36pwasaamq), to [‘alberto@edgeryders.eu’, ‘alberto.cottica@gmail.com’] via mail.edgeryders.eu:143

I triple-checked my settings: I definitely set the port on mail.edgeryders.eu to 587, NOT 143. However, the damn thing definitely tries to connect to mail.edgeryders.eu on port 143 (compare the first lines of the two tries).

Put up an issue on their GitHub

I like this plan

I’m sorry I missed talking with you about this at 31C3. I very much approve – and agree that the problem with security is getting enough momentum that you have somebody to communicate with.

I’m generally very happy to help people trying to use encryption. Incidentally, you (and anybody else) is welcome to send me encrypted mail – key is https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&amp;search=0xCADE22BCDEEBB418

This is why we need comunity infrastructure!

You can find my public key here: https://www.cottica.net/alberto-who/contacts/

BUT we should do a proper key exchange, at least over voice. Maybe we can use the first community call of 2015 for this?

Which is why a community, even a small one as Edgeryders, is essential to get crypto going: there is no point having a PGP key if none of your friends have one. We tried to do a session on easy crypto at LOTE4 (based on Thunderbird + Enigmail, which does work with mailaddress@edgeryders.eu but is a bit more cumbersome), but it fell through the cracks. @Noemi was very interested.

The Community Crypto project means that we bake key exchange parties, how-to sessions for beginners etc. in all major Edgeryders events. This is also a technical task that is accessible to non-engineers like myself – I managed to set up PGP + Enigmail + Thunderbird by myself in about 2 hours, and it worked on the first try. Maybe you, @danohu, could act as the senior skilled crypto guy, and teach people how to teach people how to set up stuff.

I’m still interested

Love the idea, and thanks for giving it another thought after the Lote4 attempt. Being completely illiterate in this subject, I’m excited to have come across one good argument in the post 31c3 wiki:  We should not do it for our own security, which is perceived as low priority by most of us as we have nothing to hide; we should do it for others, like the courageous journalists and whistleblowers keeping our society marginally truer and more free, who need more people to use crypto so they can “get lost in then crowd”: and for ourselves, as a shared learning journey to upskill all of Edgeryders. 

We’d clearly need one of you guys to lead this, but I’d happy to help gather newbies around and have a themed community call or more of an online workshop to work through this. For the first part of your list above, a while ago Matt had started useful wikis for creating and setting up edgeryders.eu email addresses. I found those kind of instructions easy to follow.

Answer received, but no progress :frowning:

Bjarni from Mailpile replied to my issue on GitHub, but I think he did not understand it. No doubt I did a bad job of explaining it.

Can you help me with the explanation, @danohu?

Federated Conversation

Let’s discuss this issue over there.

Your explanation @Alberto was actually right, but you were kind of missing some details.

Since Ecobytes also has as top priority to setup a reliable and friendly MTA, and @almereyda already had proposed MailPile, I would like to ask if there is the possibility of joining some resources and working together on this, providing then a solution that is usable for the enlarged federated community of Ecobytes, Edgeryders, etc.

Do you have someone, apart from @almereyda, that could work on this (@alberto seems at least motivated, @danohu)?

If you agree with this, I suggest building up a multi-skilled team (architects, developers, security experts, users) and driving an own scrum to develop this product, which is essential for a large group of users. And would help a lot us to get finally rid of the old Ecobytes MTA and account management - very efficient and secure, but a management nightmare :stuck_out_tongue:

I think this is great. But I probably wouldn’t be willing to dedicate substantial amounts of volunteer time to it, I’m afraid. There are just too many other things going on :frowning:

Emphasis on “community”

@gandhiano, I think what Edgeryders can bring to the table is the “community” in “community crypto”. We can write instructables, provide help to community members who get stuck, organize key exchange bars in Edgeryders events, and in general lower the threshold for people, in Edgeryders or without it, to use crypto. I don’t think we have either the ability or the interest to get involved in development. Several of us – myself included – supported the Mailpile crowdfunding campaign, and that is our contribution to development proper.

If you think this is in any way useful, this is what this group is here for. A simple idea is:

  1. work out a stack. Mailpile would be great, but if not we'll fall back on Thunderbird + Enigmail, which works already
  2. write an instructable
  3. use one of our community calls to help the first five-six interested people with setup.

Works?