Pages:
Author

Topic: RuggedInbox.com - Free offshore email - page 10. (Read 45068 times)

newbie
Activity: 8
Merit: 0
August 20, 2014, 09:01:59 AM
#24
Another issue has reared its ugly head. I'm having issues using my e-mail client, Claws Mail. I'm using SSL connection and am receiving this time out error.

* Account '[email protected]': Connecting to POP3 server: ruggedinbox.com:995...
[08:48:10] POP3< +OK Welcome to ruggedinbox.com
[08:48:10] POP3> USER [email protected]
[08:48:11] POP3< +OK
[08:48:11] POP3> PASS ********
[08:48:11] POP3< +OK Logged in.
[08:48:11] POP3> STAT
[08:48:11] POP3< +OK 0 0
[08:48:11] POP3> QUIT
** Session timed out. You may be able to recover by increasing the timeout value in Preferences/Other/Miscellaneous.

Sometimes it completes correctly:

* Account '[email protected]': Connecting to POP3 server: ruggedinbox.com:995...
[08:48:06] POP3< +OK Welcome to ruggedinbox.com
[08:48:06] POP3> USER [email protected]
[08:48:06] POP3< +OK
[08:48:06] POP3> PASS ********
[08:48:06] POP3< +OK Logged in.
[08:48:06] POP3> STAT
[08:48:07] POP3< +OK 2 6960
[08:48:07] POP3> UIDL
[08:48:07] POP3< +OK
[08:48:07] POP3> LIST
[08:48:07] POP3< +OK 2 messages:
[08:48:07] POP3> QUIT
[08:48:07] POP3< +OK Logging out.

It appears that there are two messages, however, they do not download. I can connect via Tor or webmail via sm or rc with no issues.
full member
Activity: 222
Merit: 102
August 18, 2014, 09:05:57 AM
#23
Nice! I hadn't heard of this one yet. Signing up now  Smiley
newbie
Activity: 8
Merit: 0
August 14, 2014, 08:16:27 PM
#22
Ok so the current maximum allowed password length is 22 characters. Sent PM

Thanks. got it !! Retried it with abbreviated password and worked !!
member
Activity: 82
Merit: 10
August 13, 2014, 12:45:34 PM
#21
Hi cryptofutureis thanks again for helping us with your ssl expertize!!
We studied and did some tests, generated the dh2048.pem certificate and configured lighttpd to use the secp384r1 curve.

Now ssllabs.com rating ( https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com ) improved the "Key Exchange" score, from 80 to 90.
We enabled this on both port 443 (which uses a normal ssl certificate) and port 444 (which uses a self-signed certificate).

Thanks for your feedback and happy holidays!
member
Activity: 92
Merit: 10
August 13, 2014, 01:32:55 AM
#20
Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel.  
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy  self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).

Hi cryptofutureis, thanks for your detailed suggestions about ssl!

By following this howto (forward secrecy on lighttpd): https://raymii.org/s/tutorials/Strong_SSL_Security_On_lighttpd.html
score raises to A

with this parameters: https://cipherli.st
the overall rating is A+

https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com

easy and very useful!

(also, today those debian packages: libssl-dev libssl-doc libssl1.0.0 libssl1.0.0:i386 openssl were updated)


About the password, we made some (manual) tests and the invalid characters are " (quote) and \ (back-slash aka 'reverse solidus')
so you can have passwords like `~!@#$%^&*()-=_+}{[];'
and ,./<>?
we didn't test symbols, anyway the only character that we really strip is " (quote)


About Roundcube, now that you say that (0-day exploits available around), you gave us the additional motivation to configure spawn-fcgi to isolate the virtual hosts (so hacking roundcube would not result in having access to the whole document root of the web server) .. we'll do that as the next thing.


Thanks for your feedback and happy emailing! Smiley
Thanks, all is correct now. Tested same password without " (quote) and it works. But anyway try to choose one main and supported web interface. Also look in curve option to select better one curve:

Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement protocols will be supported in lighttpd 1.4.29. By default, Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement protocols use, respectively, the 1024-bit MODP Group with 160-bit prime order subgroup from RFC 5114 and "prime256v1" (also known as "secp256r1") elliptic curve from RFC 4492. The Elliptic-Curve Diffie-Hellman key agreement protocol is supported in OpenSSL from 0.9.8f version onwards. For maximum interoperability, OpenSSL only supports the "named curves" from RFC 4492.

Using the ssl.dh-file and ssl.ec-curve configuration variables, you can define your own set of Diffie-Hellman domain parameters. For example:

ssl.dh-file = "/etc/lighttpd/ssl/dh2048.pem"
ssl.ec-curve = "secp384r1"

Default is secp256r1 but we always can select curve with bigger prime.
Mozilla has a nice doc available: https://wiki.mozilla.org/Security/Server_Side_TLS
member
Activity: 82
Merit: 10
August 12, 2014, 07:53:19 PM
#19
Hi we are happy to announce that recently we did the following security and privacy oriented improvements:

* enabled perfect secrecy on all ssl services, current score on ssllabs.com is A+ ( https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com )

* enabled Tor peering with SIGAINT ( http://sigaintevyh2rzvw.onion ), now you can send and receive emails with SIGAINT using the hidden service address, the emails will never touch the clearnet

* roundcube now shows the emails in text-mode (before it was rendering the html version)

* roundcube now defaults to use the text-mode editor (instead of the html editor)

* ability to delete an email account (removing / destroying all the emails), you can find the link on the home page or use the direct link: http://s4bysmmsnraf7eut.onion/destroyAccount.php

Peering with other tor-friendly email providers will come soon, we'll keep you updated.


Thanks for the feedback!
member
Activity: 82
Merit: 10
August 08, 2014, 06:22:48 PM
#18
Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel.  
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy  self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).

Hi cryptofutureis, thanks for your detailed suggestions about ssl!

By following this howto (forward secrecy on lighttpd): https://raymii.org/s/tutorials/Strong_SSL_Security_On_lighttpd.html
score raises to A

with this parameters: https://cipherli.st
the overall rating is A+

https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com

easy and very useful!

(also, today those debian packages: libssl-dev libssl-doc libssl1.0.0 libssl1.0.0:i386 openssl were updated)


About the password, we made some (manual) tests and the invalid characters are " (quote) and \ (back-slash aka 'reverse solidus')
so you can have passwords like `~!@#$%^&*()-=_+}{[];'
and ,./<>?
we didn't test symbols, anyway the only character that we really strip is " (quote)


About Roundcube, now that you say that (0-day exploits available around), you gave us the additional motivation to configure spawn-fcgi to isolate the virtual hosts (so hacking roundcube would not result in having access to the whole document root of the web server) .. we'll do that as the next thing.


Thanks for your feedback and happy emailing! Smiley
member
Activity: 82
Merit: 10
August 08, 2014, 08:38:06 AM
#17
Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel. 
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy  self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).

Hi thanks for the suggestions, we'll do the homework, fix and report back Smiley Give us a couple of days.
member
Activity: 92
Merit: 10
August 08, 2014, 12:43:15 AM
#16
Hello everyone, fresh new service: https://ruggedinbox.com
Still in BETA, currently completely free and ad-free, TOR friendly, offshore (Europe, Bulgaria), no personal details needed, no question asked, session expiration friendly (10 hours), limited number of accounts available.

If you prefer a self-signed ssl certificate, here you are: https://ruggedinbox.com:444

Also available as a TOR hidden service: s4bysmmsnraf7eut.onion

Feedback is welcome!
Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel. 
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy  self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).
member
Activity: 82
Merit: 10
August 03, 2014, 05:06:45 PM
#15
NEW FEATURES ANNOUNCEMENT:

you can now create disposable / temporary accounts.

If you click on top on 'Register', you will be asked if you want to create a normal or a disposable / temporary inbox.

By clicking on the latter ( direct url: https://ruggedinbox.com/createTempAccount.php OR http://s4bysmmsnraf7eut.onion/createTempAccount.php ) you will go to a specific registration page, where a random username is suggested
and where you can choose an expiration date between 1 hour and 1 year.

When the expired date is reached, the account will be removed from the database and all its files and folders are deleted.


ALSO .. we changed the log rotation policy.
Before it was the Debian default: 1 month.
1 month is too much, we don't need it and privacy-wise, the less the better.
The new policy is 1 week: system logs and web access logs are kept for 1 week.
(this can still be improved, in the near future it will be 48 hours)

Thanks to all for your interest and feedback!
member
Activity: 82
Merit: 10
July 30, 2014, 12:09:55 PM
#14
NEW FEATURES ANNOUNCEMENT:

hi all!

Recentily we got precious feedback from a number of (rightly) paranoid fellows, follows the improvements:

* availability as a Tor hidden service (over http, https with valid certificate and https with a self-signed certificate)
* installed an alternative webmail (SquirrelMail) for browsers with javascript disabled

The Tor hidden service address is: s4bysmmsnraf7eut.onion

For a more detailed description please have a look at the features page: https://ruggedinbox.com/features.php
( or as an hidden service: http://s4bysmmsnraf7eut.onion/features.php )


Thanks for your interest and let us know if you have any problem!
member
Activity: 82
Merit: 10
July 30, 2014, 11:11:48 AM
#13
Ok so the current maximum allowed password length is 22 characters. Sent PM
member
Activity: 82
Merit: 10
July 29, 2014, 07:21:31 PM
#12
I'm having a frustrating problem. Today I've created three accounts. Two via Tor Bundle, and one straight through my ISP. I received a confirmation on all three,

Your new email address is: [email protected]
Host: ruggedinbox.com
IMAP (TLS) port: 993
POP (TLS) port: 995
SMTP (TLS) port: 465
Webmail url: https://ruggedinbox.com/rsm
Webmail with self-signed ssl url: https://ruggedinbox.com:444/rc

However, when I attempt to login via Claws Mail it errors out and the log shows:

[15:15:42] POP3< +OK Welcome to ruggedinbox.com
[15:15:42] POP3> USER xxxxxxxx
[15:15:42] POP3< +OK
[15:15:42] POP3> PASS ********
[15:15:45] POP3< -ERR Authentication failed.
*** error occurred on authentication
*** Authentication failed.

When I attempt via webmail using SquirrelMail of Roundcube I receive: Unknown user or password incorrect.

I'm using a 25 character 164 bit password, this is the only thing I can think of that may cause an issue on all three.

Help.

Hi thanks for reporting. Sent PM
newbie
Activity: 8
Merit: 0
July 29, 2014, 03:25:35 PM
#11
I'm having a frustrating problem. Today I've created three accounts. Two via Tor Bundle, and one straight through my ISP. I received a confirmation on all three,

Your new email address is: [email protected]
Host: ruggedinbox.com
IMAP (TLS) port: 993
POP (TLS) port: 995
SMTP (TLS) port: 465
Webmail url: https://ruggedinbox.com/rsm
Webmail with self-signed ssl url: https://ruggedinbox.com:444/rc

However, when I attempt to login via Claws Mail it errors out and the log shows:

[15:15:42] POP3< +OK Welcome to ruggedinbox.com
[15:15:42] POP3> USER xxxxxxxx
[15:15:42] POP3< +OK
[15:15:42] POP3> PASS ********
[15:15:45] POP3< -ERR Authentication failed.
*** error occurred on authentication
*** Authentication failed.

When I attempt via webmail using SquirrelMail of Roundcube I receive: Unknown user or password incorrect.

I'm using a 25 character 164 bit password, this is the only thing I can think of that may cause an issue on all three.

Help.
member
Activity: 82
Merit: 10
July 06, 2014, 07:17:26 PM
#10
Ok so, problem solved and platform updated.
"Closing the ticket" Smiley
Thanks to all for your interest and happy emailing!
member
Activity: 82
Merit: 10
July 01, 2014, 12:50:09 PM
#9
still login failed, with mail i made yesterday...

Hi SloRunner please provide your ruggedinbox email address in PM
and I'll reset your password.
(You should then be able to login and change your password again).

Thank you.
member
Activity: 88
Merit: 10
July 01, 2014, 12:28:43 PM
#8
registered 2 acc's today (1st registered & failed to login later, same with the second one)

can you help?

Hi SloRunner thanks for your interest and feedback.

That's strange, I've tried now to create an account and I can login properly.
Did you try using the webmail ( https://ruggedinbox.com/rc ) or an email client ?

still login failed, with mail i made yesterday...
member
Activity: 82
Merit: 10
June 30, 2014, 05:59:37 PM
#7
registered 2 acc's today (1st registered & failed to login later, same with the second one)

can you help?

Hi SloRunner thanks for your interest and feedback.

That's strange, I've tried now to create an account and I can login properly.
Did you try using the webmail ( https://ruggedinbox.com/rc ) or an email client ?
member
Activity: 88
Merit: 10
June 30, 2014, 08:52:24 AM
#6
Hi all again and thanks for your interest!

We just introduced a brand new feature:
when sending an email using an smtp client, the following headers are now anonymized: 'Received', 'X-Originating-IP', 'User-Agent', 'X-Mailer', 'X-Enigmail' and 'Mime-Version'.
In short, your IP address will not be revealed.

(Sending with the webmail always had this feature)

Let us know if you have any questions or need support!

https://ruggedinbox.com

registered 2 acc's today (1st registered & failed to login later, same with the second one)

can you help?
member
Activity: 82
Merit: 10
June 27, 2014, 06:09:57 PM
#5
Hi all again and thanks for your interest!

We just introduced a brand new feature:
when sending an email using an smtp client, the following headers are now anonymized: 'Received', 'X-Originating-IP', 'User-Agent', 'X-Mailer', 'X-Enigmail' and 'Mime-Version'.
In short, your IP address will not be revealed.

(Sending with the webmail always had this feature)

Let us know if you have any questions or need support!

https://ruggedinbox.com
Pages:
Jump to: