My photo

Mildred's Website

My avatar

GoogleTalk, Jabber, XMPP address:

GPG Public Key
(Fingerprint 197C A7E6 645B 4299 6D37 684B 6F9D A8D6 9A7D 2E2B)

Category: freedombox

Articles from 1 to 3

Wed 23 Mar 2011, 09:21 AM comp en freedombox

Suppose we want to have an E-Mail server on the freedombox. We need connectivity for SMTP, the ability to accept inbound connections. Which is impossible behind a NAT.

For E-Mails we also need a MX record in the DNS ... This is a problem if the network is completely hostile. In which case, the only solution is to have a somewhat P2P DNS database shared on freedombox. Access would then not be possible from the Internet.

Now, more likely, we are only going to have access to a dynamix DNS, which is fine. The DNS would store records A, AAAA and MX. Perhaps some others. Still, we need not to rely on them too much and have the ability to communicate from freedombox to another even if there is no DNS for us.

So ... it comes down to the firewall and NAT restrictions.

I suppose we could:

  • First, autoconfigure IPv4 and IPv6

  • Try opening NAT ports using UPnP

  • Check the IP connectivity. We suppose IPv6 is accessible from the Internet and we look to see if the IPv4 is in a range that is routable (not in a private non-routable range).

    Additionally, we could ask a service on the Internet to test our connectivity if such a service is available. Both for IPv4 and IPv6.

  • If we don't have an IPv6 connectivity, open a tunnel to the IPv6 Internet. Either Toredo or a manually configured tunnel if available.

  • Update our DNS record

So now, we have at least IPv6 available ... and we can at least communicate with the v6 Internet.

Tue 22 Mar 2011, 10:10 AM comp en freedombox

Attention: this post contains wrong information. What I discovered wasn't a way tu publish services to a DNS server but publish local workstations to the DNS.

Following my previous post, I wondered how to update the DNS server from Avahi. I was not alone. I found a script that could be run as a cron job that does the job. The next step is to use Avahi notifications instead of pooling every minute.

Thanks to leica

edit: probably a better solution would to still use mDNS over unicast DNS (wide area). See a post from Lennart Poettering.

Tue 22 Mar 2011, 09:26 AM comp en freedombox

Yesterday, I realized that we all needed to protect our privacy and that we might be facing something more than just ads. The solution, fortunately it was started: Freedombox

There is a specific part I want to cover: protected communication channels. Starting with E-Mails.

In the E-Mail world, GMail is the best, in my opinion, except that it is hoisted on Google servers. How about having a private GMail on your freedombox ? What are the use cases:

  • We need to know which server sent the E-mail or tell the user if we can't know. Solutions exists like DKIM, DomainKeys or SPF. The solution liew with all of thesesolution, not merely just one.

    What we should see is before the E-mail a little line telling something like:

    • We could not determine which server sent the E-Mail, it might be spam or scam.

    • We could not determine which server sent the E-Mail, it appears to come from but generally signs outgoing E-mails. This is probably spam or scam.

    • The E-Mail was sent from

    • The E-Mail was sent from and has been signed by

    • The E-Mail was sent from and has been encrypted by

Now, the freedombox provides many services. For example we need to have a PGP Key server. How do we advertise that? DNS was made for that. I was thinking specifically about Avahi, providing Multicast-DNS on the local network. I think we need to either transform Avahi into a full DNS server that could run on the Freedombox or have it publish records in an existing DNS server on the box. Why? Because services are already used to publish DNS records using Avahi.

We also need to have a network of Freedombox to add redundancy to our DNS servers. That could be implemented as a second part. It would also be good if we could have a domain like where all freedombox could have a free subdomain for free. Domain names are a necessity.

Now, what I want to do is simple:

  • Buy a plug computer and install Freedombox on it
  • Work on integrating a SMTP server that would
    • send signed E-Mails
    • receive E-Mails and filter them
  • Integrate an IMAP server
  • Integrate a PGP Key server
  • Work on integration with DNS
  • Work on a client that would sign e-mails, send them and open the inbox on IMAP

Now, it would be freat to have in all modern browsers a dns: scheme which would present all the services of a specific server. For example it could tell you:

  • This server provides a web server. Browse
  • This server provides a LDAP address book. Browse Search
  • This server provides an XMPP server. Sign-In
  • This server provides a SMTP server. Send E-Mail

This would be awesome.