What is OnionMail
OnionMail is an open source SMTP/POP3 compatible mail server with some functions designed for Tor hidden services. OnionMail use filesystem cryptography and some extended functions. This server also allows you to use the email in the tor network without losing the ability to communicate with the Internet.

«In the future, maybe we will implement the anonymous coffee!
Today, only OnionMail
;) »

OnionMail functions:

  • Multiple instances of server. (multiple indipendent hidden services).
  • Native PGP integration for subscriprion and server`s message.
  • Subscription via PGP encrypted email.
  • VMAT Protocol (can use normal mail address without .onion).
  • SSL cryptography by default. (STARTTLS 2048 bits)
  • Multiple encryption everywhere, RSA + AES +  RSA + AES with salt.
  • Support unicode password (UTF-8 password and 2048 bits keyfiles).
  • Inhibition of store any message in relay server.
    (Only direct connection is allowed without multiple connections).
  • Metadata protection. NSA or GCHQ can't read your metadata.
  • SMTP Compatibility.
  • Internet normal email compatibility.
  • AntiSpam, blacklist and realtime filters.
  • Decentralized trust system for SSL certificate and public keys and exit list.
  • Native mailing list support.
  • Garbage collector to remove automatically old messages.
  • Clock and time zone spoofing.
  • Server services and operations:
    Add / Remove mail address or mail server in blacklist.
    Mailing list Subscribe / Unsubscribe.
    Request of server "rulez". (Server help).
    (All via mail message to the server directly "server@ xyz... .onion ")
  • JAVA Implementation for all platform.
  • Native version compiled with GCJ.
  • Localhost control port and server API.
  • Protected server password and keys (optionaly not saved).
  • IP BlackList
  • Onion BlackList
  • RSA Server and Tor connection authentication.
  • Connections via Tor Network.
  • Enter/Exit server to connect Tor to Internet and viceversa.
  • Statistics in csv format.
  • TorDNSLocalProxy to work with Exim4 and transprent SOCSK4A Tor Proxy.
  • Strong cryptography (RSA 2048 bits, AES 256 + AES 256 + AES 256 ).
  • Password key derivation via multiple keyfiles and passwords.
  • Deleting files with wipe by default.
  • Message headers filtering to hide informations and sigint.
  • POP3 TLS Access.
  • SMTP TLS Access.
  • User's parameters.
  • Exit node selection to connect to internet.
  • M.A.T. Protocol to connect correctly Internet, Tor, email and OnionMail.
  • Server identification request via email to obtain the ssl certificate fingerprint.
  • Self headers rebound to verifiy the client's mail headers and OnionMail filtering.
  • AntiSpam system.
  • And much more.....
Why OnionMail
The real question is: «Why not???».
OnionMail defends the right to confidentiality of communications.
OnionMail prevents clandestine espionage “otherwise democratic” governments.
How it works?
Usually other mail systems all mail messages pass through different SMTP servers often the connection is not encrypted.
With OnionMail the connection is always encrypted and the server does not saving data to disk. Only the recipient's server stores the messages.

The message files into the server are encrypted with asymmetric key, which is encrypted with the password of the user and the server keys. In the event of theft, the system does not reveal any sensitive data.
It always advisable to use PGP or GPG to encrypt e-mail messages.
When a message is sent from the Internet it passes through the server Enter / Exit. These servers are the entry and exit nodes of Tor for e-mail. The user can choose which node to use to communicate to the internet.
Spam is short-lived because there are the custom blacklists. So each user can set their own spam filters.
All servers are federated to create a check system for SSL server certificates.
With systems like this X-Keyscore and similar technologies have big problems to intercept your mail messages.

Rules of Use
  • Messages with multiple recipients are allowed.
  • There aren't Delivery Status Notification. If there are any problems email client responds with an error directly.
  • The message headers are filtered.
  • The hostname and ip addresses in the mail headers will be deleted or replaced with [].
  • It compulsory to use TLS. (STARTTLS).
  • You can manage the Blacklist and block individual addresses or entire hidden service to block spam.
  • The messages are automatically deleted after a number of days even if unread.
  • You can request services and information to the server by sending a message to the server@xy ... z.onion
  • Always follow the rules of the server. For more information please send a message with subject RULEZ to your server.
  • The SysOp, admin or root user can't read your private email messages. 
  • You can use anorma mail address via VMAT subscription to the exit/enter OnionMail server.
How to use
To use OnionMail you must use a Tor connection. We suggest to use Tails and GPG or PGP to encrypt your email messages.

There aren't any webmail to use your OnionMail. To read your email use the POP3 with TLS protocol.
(ClwawsMail and Thunderbrid supports this protocol).

When you send an email to the internet your address is changed by the M.A.T. (Mail Address Translator) protocol.
The onion address in moved before the character "@" and is append after"@" an intenret domain name of the exit/enter node.
If your mail address is: test@123456789abcef….onion
The exit node is: onionmail.info
The address will automatically translated: test.123456789abcef….onion@onionmail.info

When you actviate a VMAT subscription your mail address is changed automatically to a normal Internet mail address without .onion tld.

To use the servers services, send an email message to your server.
The address of server is "server" and all the same before character "@" of your OnionMail address.
If your mail address is: test@123456789abcef….onion
Your server is: server@123456789abcef….onion

The SysOp is the owner/administrator of the server. The address of sysop is "sysop" and all the before character "@" of the server address.
Your SysOp mail address: sysop@123456789abcef….onion

To use the server's services send an email message to the server, the subject of the messages is used to select the function.
If you want tho read the server rules send a message to your server (example server@123456789abcef….onion) with the subject "RULEZ"
The server will reply to you with the rulez file.
How to Activate an OnionMail server
Warning: To enable the VMAT protocol in your server
Add these lines to the /etc/onionmail/servers.s/xxxxxx.conf configuration file (in your EXIT server section)
VMATAllow {
Without this policy the server recjects all VMAT subscription by default.
How to activate an OnionMail account quickly
  • Create your PGP public key.
  • Send a message to the server ( server@address.onion or server.address.onion@onionmail.info ) with subject NEWUSER followed by the username. If the username is ANONYMOUS (uppercase) the server will generates a random username. Put your PGP public key into the body of the message.
  • You will receive an encrypted message and account informations.
How to activate VMAT address widthout long characters.onion
Send a message to your server with subject VMAT. Put into the body of the message a line contains the new address of an exit domain with word register:
From: MyAddress@123456789abcdef….onion
To: server@iam.onion
Subject: VMAT

REGISTER test@example.org
The server will reply the account data to you.
How to activate an OnionMail account into the OnionMail's project deep network
  • Generate a PGP key associated to an email or an existent OnionMail address.
  • Paste your PGP public key and enter your email (or current OnionMail) address.
  • Choose the server.
  • Choose the username.
  • Click on the button “subscribe” and wait for 150/200 seconds. Do not leave the page.
  • Read your email. You will receive an encrypted message and account informations.
Server Functions
As described in the previous section, to use the server's functions send a message to your server.
  • Get server informations:
    Send a message to the sever width subject: IDENT
    The server will reply to the SSL and server informations.
  • Manage your SPAM filters:
    To read the SPAM filters senda a message to the server width subject: SPAM LIST
    To add an address the subject is: SPAM ADD maildaddress@xyz.onion
    To add an entire server the subject is: SPAM ADD *@spamexample.onion
    To remove an entry, read the number from SPAM LIST. The subject is: SPAM DEL (number)
  • Subscribe to a mailing list:
    Send a message to the mailing list's server (server@ all the same after "@" of list address).
    The subject is: LIST example.list@serverlist.onion SUBSCRIBE
  • Unsubscribe to a mailing list:
    Send a message to the mailing list's server (server@ all the same after "@" of list address).
    The subject is: LIST example.list@serverlist.onion UNSUBSCRIBE
  • Get the exit node list:
    The subject is: EXIT LIST
  • To set the default exit node:
    The subject is: SET EXIT exitnode.example.org
  • To get help, rules and manuals:
    The subject is: RULEZ
  • Tho get the rulez file of a mailing list:
    Send a message to the mailing list's server (server@ all the same after "@" of list address).
    The subject is: LIST example.list@serverlist.onion RULEZ
  • To check your headers:
    The subject is: REBOUND HEADERS
Using NTU (Hybrid system)
If you don't want use tor for all your mail accounts, there is a little solution named NTU.
NTU (Network Termination Unit) is a little local proxy that connect some email accounts to OnionMail.
The usage is very simple:
  • Run tor
  • When you first run the program ntu enter data easily from the command line.
    NTU request to you only the number of hidden services and the .onion addresses.
    All configurations are automated.
  • NTU is a small implementation of TORDnsLocalProxy (without DNS server and with static SOCKS proxy).
  • NTU tell to you how to connect to the hidden services:
Service 1:
Service 2:
NTU can be used to reconnect hydden services via tor network to increase the anonymity of the hidden service.
Eample: ntu.conf
    NTU    20110    z373bxyt6zhmxepx….onion    110
    NTU    20025    z373bxyt6zhmxepx….onion    25
    NTU    20080    z373bxyt6zhmxepx….onion    80
The keyword NTU starts a new local SOCK proxy.
This line configure a proxy that rebounds all connections form to z373bxyt6zhmxepx….onion:80
    NTU    20080    z373bxyt6zhmxepx….onion    80

(CC) by OnionMail Project

Licenza Creative Commons  Contatore per siti