OnionMail is an open source SMTP/POP3 compatible mail server with some functions designed for Tor hidden services. OnionMail use filesystem cryptography and some extended functions. This server also allows you to use the email in the tor network without losing the ability to communicate with the Internet.

«In the future, maybe we will implement the anonymous coffee!
Today, only OnionMail ;) »

OnionMail functions:

• Multiple instances of server. (multiple indipendent hidden services).
• Native PGP integration for subscriprion and server`s message.
  
• Subscription via PGP encrypted email.
• VMAT Protocol (can use normal mail address without .onion).
  
• SSL cryptography by default. (STARTTLS 2048 bits)
• Multiple encryption everywhere, RSA + AES +  RSA + AES with salt.
• Support unicode password (UTF-8 password and 2048 bits keyfiles).
• Inhibition of store any message in relay server.
  (Only direct connection is allowed without multiple connections).
• Metadata protection. NSA or GCHQ can't read your metadata.
• SMTP Compatibility.
• Internet normal email compatibility.
• AntiSpam, blacklist and realtime filters.
• Decentralized trust system for SSL certificate and public keys and exit list.
• Native mailing list support.
• Garbage collector to remove automatically old messages.
• Clock and time zone spoofing.
• Server services and operations:
  Add / Remove mail address or mail server in blacklist.
  Mailing list Subscribe / Unsubscribe.
  Request of server "rulez". (Server help).
  (All via mail message to the server directly "server@ xyz... .onion ")
• JAVA Implementation for all platform.
• Native version compiled with GCJ.
• Localhost control port and server API.
• Protected server password and keys (optionaly not saved).
• IP BlackList
• Onion BlackList
• RSA Server and Tor connection authentication.
• Connections via Tor Network.
• Enter/Exit server to connect Tor to Internet and viceversa.
• Statistics in csv format.
• TorDNSLocalProxy to work with Exim4 and transprent SOCSK4A Tor Proxy.
• Strong cryptography (RSA 2048 bits, AES 256 + AES 256 + AES 256 ).
• Password key derivation via multiple keyfiles and passwords.
• Deleting files with wipe by default.
• Message headers filtering to hide informations and sigint.
• POP3 TLS Access.
• SMTP TLS Access.
• User's parameters.
• Exit node selection to connect to internet.
• M.A.T. Protocol to connect correctly Internet, Tor, email and OnionMail.
• Server identification request via email to obtain the ssl certificate fingerprint.
• Self headers rebound to verifiy the client's mail headers and OnionMail filtering.
• AntiSpam system.
  
• And much more.....
  

The real question is: «Why not???».
OnionMail defends the right to confidentiality of communications.
OnionMail prevents clandestine espionage “otherwise democratic” governments.

Usually other mail systems all mail messages pass through different SMTP servers often the connection is not encrypted.
With OnionMail the connection is always encrypted and the server does not saving data to disk. Only the recipient's server stores the messages.

The message files into the server are encrypted with asymmetric key, which is encrypted with the password of the user and the server keys. In the event of theft, the system does not reveal any sensitive data.
It always advisable to use PGP or GPG to encrypt e-mail messages.
When a message is sent from the Internet it passes through the server Enter / Exit. These servers are the entry and exit nodes of Tor for e-mail. The user can choose which node to use to communicate to the internet.
Spam is short-lived because there are the custom blacklists. So each user can set their own spam filters.
All servers are federated to create a check system for SSL server certificates.
With systems like this X-Keyscore and similar technologies have big problems to intercept your mail messages.

• Messages with multiple recipients are allowed.
• There aren't Delivery Status Notification. If there are any problems email client responds with an error directly.
• The message headers are filtered.
• The hostname and ip addresses in the mail headers will be deleted or replaced with [0.0.0.0].
• It compulsory to use TLS. (STARTTLS).
• You can manage the Blacklist and block individual addresses or entire hidden service to block spam.
• The messages are automatically deleted after a number of days even if unread.
• You can request services and information to the server by sending a message to the server@xy ... z.onion
• Always follow the rules of the server. For more information please send a message with subject RULEZ to your server.
• The SysOp, admin or root user can't read your private email messages. 
• You can use anorma mail address via VMAT subscription to the exit/enter OnionMail server.
  

To use OnionMail you must use a Tor connection. We suggest to use Tails and GPG or PGP to encrypt your email messages.

There aren't any webmail to use your OnionMail. To read your email use the POP3 with TLS protocol.
(ClwawsMail and Thunderbrid supports this protocol).

When you send an email to the internet your address is changed by the M.A.T. (Mail Address Translator) protocol.
The onion address in moved before the character "@" and is append after"@" an intenret domain name of the exit/enter node.
Example:
If your mail address is: test@123456789abcef….onion
The exit node is: onionmail.info
The address will automatically translated: test.123456789abcef….onion@onionmail.info

When you actviate a VMAT subscription your mail address is changed automatically to a normal Internet mail address without .onion tld.

To use the servers services, send an email message to your server.
The address of server is "server" and all the same before character "@" of your OnionMail address.
Example:
If your mail address is: test@123456789abcef….onion
Your server is: server@123456789abcef….onion

The SysOp is the owner/administrator of the server. The address of sysop is "sysop" and all the before character "@" of the server address.
Example:
Your SysOp mail address: sysop@123456789abcef….onion

To use the server's services send an email message to the server, the subject of the messages is used to select the function.
Example:
If you want tho read the server rules send a message to your server (example server@123456789abcef….onion) with the subject "RULEZ"
The server will reply to you with the rulez file.

How to Activate an OnionMail server

• Follow this guide (OnionMail server setup, step by step).
• Subscribe to the sysop's mailing list:
  
  Tor address:
  

  sysop.list@czw66gso77uiz3yxilo36rqramjb4mmvv6dsnianev6achfehzpsilqd.onion

  Internet address:
  

  sysop.list.czw66gso77uiz3yxilo36rqramjb4mmvv6dsnianev6achfehzpsilqd.onion@onionmail.info

  To subscribe send a message to server@czw66gso77uiz3yxilo36rqramjb4mmvv6dsnianev6achfehzpsilqd.onion with subject:
  
  

  LIST sysop.list@czw66gso77uiz3yxilo36rqramjb4mmvv6dsnianev6achfehzpsilqd.onion SUBSCRIBE
  
  

• Remarks: Do not create any exit server if don't know what you are doing:
  An OnionMail enter/exit server can associate the hidden service onion address to the internet address.
  Do not create any user account into the enter/exit server (by server physical level).
  

Warning: To enable the VMAT protocol in your server
Add these lines to the /etc/onionmail/servers.s/xxxxxx.conf configuration file (in your EXIT server section)

VMATAllow {

           *

            }

Without this policy the server recjects all VMAT subscription by default.

How to activate an OnionMail account quickly

• Create your PGP public key.
• Send a message to the server ( server@address.onion or server.address.onion@onionmail.info ) with subject NEWUSER followed by the username. If the username is ANONYMOUS (uppercase) the server will generates a random username. Put your PGP public key into the body of the message.
  
• You will receive an encrypted message and account informations.
  

How to activate VMAT address widthout long characters.onion

Send a message to your server with subject VMAT. Put into the body of the message a line contains the new address of an exit domain with word register:

From: MyAddress@123456789abcdef….onion

To: server@iam.onion

Subject: VMAT

REGISTER test@example.org

The server will reply the account data to you.

How to activate an OnionMail account into the OnionMail's project deep network

• Generate a PGP key associated to an email or an existent OnionMail address.
• Paste your PGP public key and enter your email (or current OnionMail) address.
• Choose the server.
  
• Choose the username.
• Click on the button “subscribe” and wait for 150/200 seconds. Do not leave the page.
• Read your email. You will receive an encrypted message and account informations.
  

As described in the previous section, to use the server's functions send a message to your server.

• Get server informations:
  Send a message to the sever width subject: IDENT
  The server will reply to the SSL and server informations.
• Manage your SPAM filters:
  To read the SPAM filters senda a message to the server width subject: SPAM LIST
  To add an address the subject is: SPAM ADD maildaddress@xyz.onion
  To add an entire server the subject is: SPAM ADD *@spamexample.onion
  To remove an entry, read the number from SPAM LIST. The subject is: SPAM DEL (number)
  
• Subscribe to a mailing list:
  Send a message to the mailing list's server (server@ all the same after "@" of list address).
  The subject is: LIST example.list@serverlist.onion SUBSCRIBE
  
• Unsubscribe to a mailing list:
  Send a message to the mailing list's server (server@ all the same after "@" of list address).
  The subject is: LIST example.list@serverlist.onion UNSUBSCRIBE
  
• Get the exit node list:
  The subject is: EXIT LIST
• To set the default exit node:
  The subject is: SET EXIT exitnode.example.org
• To get help, rules and manuals:
  The subject is: RULEZ
• Tho get the rulez file of a mailing list:
  Send a message to the mailing list's server (server@ all the same after "@" of list address).
  The subject is: LIST example.list@serverlist.onion RULEZ
  
• To check your headers:
  The subject is: REBOUND HEADERS

If you don't want use tor for all your mail accounts, there is a little solution named NTU.
NTU (Network Termination Unit) is a little local proxy that connect some email accounts to OnionMail.
The usage is very simple:

• Run tor
• When you first run the program ntu enter data easily from the command line.
  NTU request to you only the number of hidden services and the .onion addresses.
  All configurations are automated.
  
• NTU is a small implementation of TORDnsLocalProxy (without DNS server and with static SOCKS proxy).
• NTU tell to you how to connect to the hidden services:

SETTINGS FOR YOUR MAIL CLIENT:

Service 1:

        vzoc4aylgsqwexe6okjbz2ix5atgdv5xyibnkcekmtg4u23syz6a7rid.onion

                SMTP 127.0.0.1:10000

                POP3 127.0.0.1:10001

Service 2:

        vzoc4aylgsqwexe6okjbz2ix5atgdv5xyibnkcekmtg4u23syz6a7rid.onion

                SMTP 127.0.0.1:10002

                POP3 127.0.0.1:10003

NTU can be used to reconnect hydden services via tor network to increase the anonymity of the hidden service.
Eample: ntu.conf

    NTU    127.0.0.1    20110    z373bxyt6zhmxepx….onion    110

    NTU    127.0.0.1    20025    z373bxyt6zhmxepx….onion    25

    NTU    127.0.0.1    20080    z373bxyt6zhmxepx….onion    80

The keyword NTU starts a new local SOCK proxy.
This line configure a proxy that rebounds all connections form 127.0.0.1:20080 to z373bxyt6zhmxepx….onion:80

    NTU    127.0.0.1    20080    z373bxyt6zhmxepx….onion    80