Rolling your own secure comms

So you’re finally fed up with hearing about big brother is snooping on all your stuff without your consent and you’re ready to take a stand and defend your privacy? This article should help you to wean yourself off free and fed infested email providers systems and get you running your own secure email/jabber exchange server with syncing contacts webmail imap etc.

What you will need:

  1. A domain (We sell domains if your looking for one also available for purchase via bitcoin)
  2. Kvm virtualized vps(offshore preferably) Specs:2-4GB ram 25-50GB hdd and stable connection or you can also host from home granted your ISP has given you a static ip.
  3. time
  4. zextras mobile license(If you desire having activesync contacts tasks calendar syncing) or Zpush zimbrabackend

 

First off you should have chosen a fresh vps(remember you have to have kvm virtualized vps so you can run the Full disc encryption and be able input pass via vnc if rebooted) or home desktop to install Centos 6 x64 latest on(to).

Ideally you will want to use a netinstall iso as its smallest and when running through the install you will want to select to use encryption for your complete OS…. you should have an encrypt system option when you run through the partition wizard in Centos. Also ensure you set a memorable but secure long pass as this will be your preboot encryption passkey to protect your computer/server in event of seizure/loss/theft etc.

This is how to do a Centos minimal install via netinstall iso here > http://www.if-not-true-then-false.com/2011/centos-6-netinstall-network-installation/
Once that is done and you’re all booted up login with the root user.
Then run
yum update -y
yum install nc libstdc++.i686 screen nano wget perl -y

Once that is complete we are going to disable some services so there is not a conflict with the zimbra server install.

service postfix stop

chkconfig postfix off

iptables -F

service iptables stop

Use any text editor to comment  ’Defaults requiretty’ out in sudoers. You can find the file in /etc/sudoers or by typing visudo or use ‘nano /etc/sudoers’ to open the file and then add a “#” at beginning of that line

Now we need to setup the hosts file

nano /etc/hosts

 

ensure you have a line that shows

ip hostname.domain.tld  hostname

 

Now we are ready to install zimbra 8

 

Zimbra 8 install here is a video here as well for those who prefer videos( not my video)  > http://www.youtube.com/watch?v=GERuhVYevqk

Run these commands one at a time

wget http://files2.zimbra.com/downloads/8.0.4_GA/zcs-8.0.4_GA_5737.RHEL6_64.20130524120036.tgz

tar xvf zcs-8.0.4_GA_5737.RHEL6_64.20130524120036.tgz

cd zcs-8.0.4_GA_5737.RHEL6_64.20130524120036

./install.sh -–platform-override

Then visit https://hostname.domain.tld to see your install

 

Once you got your server all setup you will want to login to your admin area first and setup a normal user account. You will use the admin account you setup along with the password from the install wizard above.

https://hostname.domain.tld:7071

 

If you want your email to be using a valid ssl cert I highly recommend getting a free one for your hostname hostname.domain.tld  from startssl or  buy one via WhatTheServer for like 10$

It’s really easy to install you login into admin area then click manage certs install cert then generate csr and use that to get your cert issued(use type “other” when asked what kind you need)  once issued walk through the wizard and browse to all 3 files from your CA and finish and refresh and your webmail and services are secured by the legit ssl so no warnings in your email clients for the domain if you use the hostname for the incoming and outgoing email servers.

 

Ok now that we got all that done if you wish to have your contacts and calendars tasks sync with your mobile like what Gmail or exchange servers do. This is real nice and will ensure only you have your contacts not some db Google has all of your stuffs on and can index and see who knows who and how via relationships etc you will need a zimbra add-on from zextras.

 

Zextras mobile can be found here.

 

Please note zextras is not free but it’s not that expensive either. It comes with a 30 day trial so give it a whirl… they do have a minimum requirement of 10 user bundle for licensing then you can add individual ones after that so it’s nice if say you and a few friends pitch in to share the cost of the yearly license bundle and the domain if your family it will work out fine. 🙂

 

They have a guide on their site that shows you how to install it it’s very easy once installed and activated you can then add your new email account into your mobile devices as an exchange active sync account and shazam you got syncage of all your contacts calendars from your private server. 🙂

 

How to export and import your contacts

From Google Export to VCard and then import into Zimbra inside your account > Preferences.. Import/Export

 

Ok now that you got your contacts moved and synced into your account you will ideally want to migrate all your imap emails into your new email account and eventually wipe it out of Gmail/etc and stop using it.

 

The easiest way I find to move email is to login to both your old and new email accts via imap inside of thunderbird/outlook then drag the old email from the inbox into your new email inbox after it syncs then do all the other folders and your email will appear in the webmail etc all migrated over.

 

There are also some cheap and very dummy proof migration services like movemymail that will do your whole account for like 5$ small price to pay 🙂 if you prefer something simple and cheap.

 

The other really nifty thing about zimbra is you can add external imap accounts like Google or etc work accounts so all your email is in one place in your web browser along with signatures etc real sexy.

 

Jabber Time

Alright so now we got your email squared away but what about your gtalk your so fond of? Got to have your chat server right?

 

No worries we got you covered were going to install what’s called openfire for a jabber server.

login to your server via the shell

wget http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.8.2-1.i386.rpm
rpm -Uvh openfire-3.8.2-1.i386.rpm
yum install java-1.6.0-openjdk libldb.i686.
service openfire restart
chkconfig openfire on

 

Now to setup follow the openfire installation in your web browser by going to http://hostname.domain.tld:9090 the installation is really straightforward and use the embedded db if asked.

Now you will want to ensure you setup the ssl certificate for the jabber so its signed for your users and you.

Go to the server main tab then server settings then server certificates then you should see an option to generate a csr for use to obtain an ssl certificate. Do that and copy the csr.

 

Now you will need to go to startssl and verify your domain and then generate a jabber cert for the domain.tld it will ask for secondary name after that use the hostname for that so it will generate.

once you get the crt you just simply paste in the thing and update till it shows its signed then restart the openfire server and the cert will be valid.

Now if you want your jabber server  to work with all the others you need to create jabber srv records.

There is a real cool tool to help you generate them here > http://www.jms1.net/jabberd2/srv.shtml once generated add them into your dns settings at your registrar or wherever your control your domains dns and allow them to propagate.

You can check if there working by using this online tool after the changes are propagated > http://kingant.net/check_xmpp_dns/?h=jabber.org

 

Well congrats you got yourself nearly complete Google replacement.

 

If you miss Google voice and sms you can sign up at voip.ms for super cheap and get a nice new voip +sms supported number to use as well 🙂

 

Will add screenshots later to this.

 

If your interested in this complete setup and install please contact our sales department for a quote. sales (@) whattheserver.me

 

We also sell domain hosted email on our Zimbra server which allows you to buy or bring your own domain so you do not need to setup your own server for just a few accounts.

Security