Another issue has reared its ugly head. I'm having issues using my e-mail client, Claws Mail. I'm using SSL connection and am receiving this time out error.
* Account '[email protected]': Connecting to POP3 server: ruggedinbox.com:995...
[08:48:10] POP3< +OK Welcome to ruggedinbox.com
[08:48:10] POP3> USER [email protected]
[08:48:11] POP3< +OK
[08:48:11] POP3> PASS ********
[08:48:11] POP3< +OK Logged in.
[08:48:11] POP3> STAT
[08:48:11] POP3< +OK 0 0
[08:48:11] POP3> QUIT
** Session timed out. You may be able to recover by increasing the timeout value in Preferences/Other/Miscellaneous.
Sometimes it completes correctly:
* Account '[email protected]': Connecting to POP3 server: ruggedinbox.com:995...
[08:48:06] POP3< +OK Welcome to ruggedinbox.com
[08:48:06] POP3> USER [email protected]
[08:48:06] POP3< +OK
[08:48:06] POP3> PASS ********
[08:48:06] POP3< +OK Logged in.
[08:48:06] POP3> STAT
[08:48:07] POP3< +OK 2 6960
[08:48:07] POP3> UIDL
[08:48:07] POP3< +OK
[08:48:07] POP3> LIST
[08:48:07] POP3< +OK 2 messages:
[08:48:07] POP3> QUIT
[08:48:07] POP3< +OK Logging out.
It appears that there are two messages, however, they do not download. I can connect via Tor or webmail via sm or rc with no issues.
Topic: RuggedInbox.com - Free offshore email - page 10. (Read 45068 times)
Nice! I hadn't heard of this one yet. Signing up now 
Ok so the current maximum allowed password length is 22 characters. Sent PM
Thanks. got it !! Retried it with abbreviated password and worked !!
Hi cryptofutureis thanks again for helping us with your ssl expertize!!
We studied and did some tests, generated the dh2048.pem certificate and configured lighttpd to use the secp384r1 curve.
Now ssllabs.com rating ( https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com ) improved the "Key Exchange" score, from 80 to 90.
We enabled this on both port 443 (which uses a normal ssl certificate) and port 444 (which uses a self-signed certificate).
Thanks for your feedback and happy holidays!
We studied and did some tests, generated the dh2048.pem certificate and configured lighttpd to use the secp384r1 curve.
Now ssllabs.com rating ( https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com ) improved the "Key Exchange" score, from 80 to 90.
We enabled this on both port 443 (which uses a normal ssl certificate) and port 444 (which uses a self-signed certificate).
Thanks for your feedback and happy holidays!
Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel.
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).
Hi cryptofutureis, thanks for your detailed suggestions about ssl!
By following this howto (forward secrecy on lighttpd): https://raymii.org/s/tutorials/Strong_SSL_Security_On_lighttpd.html
score raises to A
with this parameters: https://cipherli.st
the overall rating is A+
https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com
easy and very useful!
(also, today those debian packages: libssl-dev libssl-doc libssl1.0.0 libssl1.0.0:i386 openssl were updated)
About the password, we made some (manual) tests and the invalid characters are " (quote) and \ (back-slash aka 'reverse solidus')
so you can have passwords like `~!@#$%^&*()-=_+}{[];'
and ,./<>?
we didn't test symbols, anyway the only character that we really strip is " (quote)
About Roundcube, now that you say that (0-day exploits available around), you gave us the additional motivation to configure spawn-fcgi to isolate the virtual hosts (so hacking roundcube would not result in having access to the whole document root of the web server) .. we'll do that as the next thing.
Thanks for your feedback and happy emailing!
Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement protocols will be supported in lighttpd 1.4.29. By default, Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement protocols use, respectively, the 1024-bit MODP Group with 160-bit prime order subgroup from RFC 5114 and "prime256v1" (also known as "secp256r1") elliptic curve from RFC 4492. The Elliptic-Curve Diffie-Hellman key agreement protocol is supported in OpenSSL from 0.9.8f version onwards. For maximum interoperability, OpenSSL only supports the "named curves" from RFC 4492.
Using the ssl.dh-file and ssl.ec-curve configuration variables, you can define your own set of Diffie-Hellman domain parameters. For example:
ssl.dh-file = "/etc/lighttpd/ssl/dh2048.pem"
ssl.ec-curve = "secp384r1"
Default is secp256r1 but we always can select curve with bigger prime.
Mozilla has a nice doc available: https://wiki.mozilla.org/Security/Server_Side_TLS
Hi we are happy to announce that recently we did the following security and privacy oriented improvements:
* enabled perfect secrecy on all ssl services, current score on ssllabs.com is A+ ( https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com )
* enabled Tor peering with SIGAINT ( http://sigaintevyh2rzvw.onion ), now you can send and receive emails with SIGAINT using the hidden service address, the emails will never touch the clearnet
* roundcube now shows the emails in text-mode (before it was rendering the html version)
* roundcube now defaults to use the text-mode editor (instead of the html editor)
* ability to delete an email account (removing / destroying all the emails), you can find the link on the home page or use the direct link: http://s4bysmmsnraf7eut.onion/destroyAccount.php
Peering with other tor-friendly email providers will come soon, we'll keep you updated.
Thanks for the feedback!
* enabled perfect secrecy on all ssl services, current score on ssllabs.com is A+ ( https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com )
* enabled Tor peering with SIGAINT ( http://sigaintevyh2rzvw.onion ), now you can send and receive emails with SIGAINT using the hidden service address, the emails will never touch the clearnet
* roundcube now shows the emails in text-mode (before it was rendering the html version)
* roundcube now defaults to use the text-mode editor (instead of the html editor)
* ability to delete an email account (removing / destroying all the emails), you can find the link on the home page or use the direct link: http://s4bysmmsnraf7eut.onion/destroyAccount.php
Peering with other tor-friendly email providers will come soon, we'll keep you updated.
Thanks for the feedback!
Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel.
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).
Hi cryptofutureis, thanks for your detailed suggestions about ssl!
By following this howto (forward secrecy on lighttpd): https://raymii.org/s/tutorials/Strong_SSL_Security_On_lighttpd.html
score raises to A
with this parameters: https://cipherli.st
the overall rating is A+
https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com
easy and very useful!
(also, today those debian packages: libssl-dev libssl-doc libssl1.0.0 libssl1.0.0:i386 openssl were updated)
About the password, we made some (manual) tests and the invalid characters are " (quote) and \ (back-slash aka 'reverse solidus')
so you can have passwords like `~!@#$%^&*()-=_+}{[];'
and ,./<>?
we didn't test symbols, anyway the only character that we really strip is " (quote)
About Roundcube, now that you say that (0-day exploits available around), you gave us the additional motivation to configure spawn-fcgi to isolate the virtual hosts (so hacking roundcube would not result in having access to the whole document root of the web server) .. we'll do that as the next thing.
Thanks for your feedback and happy emailing!
Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel.
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).
Hi thanks for the suggestions, we'll do the homework, fix and report back
Give us a couple of days. Hello everyone, fresh new service: https://ruggedinbox.com
Still in BETA, currently completely free and ad-free, TOR friendly, offshore (Europe, Bulgaria), no personal details needed, no question asked, session expiration friendly (10 hours), limited number of accounts available.
If you prefer a self-signed ssl certificate, here you are: https://ruggedinbox.com:444
Also available as a TOR hidden service: s4bysmmsnraf7eut.onion
Feedback is welcome!
Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel. Still in BETA, currently completely free and ad-free, TOR friendly, offshore (Europe, Bulgaria), no personal details needed, no question asked, session expiration friendly (10 hours), limited number of accounts available.
If you prefer a self-signed ssl certificate, here you are: https://ruggedinbox.com:444
Also available as a TOR hidden service: s4bysmmsnraf7eut.onion
Feedback is welcome!
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).
NEW FEATURES ANNOUNCEMENT:
you can now create disposable / temporary accounts.
If you click on top on 'Register', you will be asked if you want to create a normal or a disposable / temporary inbox.
By clicking on the latter ( direct url: https://ruggedinbox.com/createTempAccount.php OR http://s4bysmmsnraf7eut.onion/createTempAccount.php ) you will go to a specific registration page, where a random username is suggested
and where you can choose an expiration date between 1 hour and 1 year.
When the expired date is reached, the account will be removed from the database and all its files and folders are deleted.
ALSO .. we changed the log rotation policy.
Before it was the Debian default: 1 month.
1 month is too much, we don't need it and privacy-wise, the less the better.
The new policy is 1 week: system logs and web access logs are kept for 1 week.
(this can still be improved, in the near future it will be 48 hours)
Thanks to all for your interest and feedback!
you can now create disposable / temporary accounts.
If you click on top on 'Register', you will be asked if you want to create a normal or a disposable / temporary inbox.
By clicking on the latter ( direct url: https://ruggedinbox.com/createTempAccount.php OR http://s4bysmmsnraf7eut.onion/createTempAccount.php ) you will go to a specific registration page, where a random username is suggested
and where you can choose an expiration date between 1 hour and 1 year.
When the expired date is reached, the account will be removed from the database and all its files and folders are deleted.
ALSO .. we changed the log rotation policy.
Before it was the Debian default: 1 month.
1 month is too much, we don't need it and privacy-wise, the less the better.
The new policy is 1 week: system logs and web access logs are kept for 1 week.
(this can still be improved, in the near future it will be 48 hours)
Thanks to all for your interest and feedback!
NEW FEATURES ANNOUNCEMENT:
hi all!
Recentily we got precious feedback from a number of (rightly) paranoid fellows, follows the improvements:
* availability as a Tor hidden service (over http, https with valid certificate and https with a self-signed certificate)
* installed an alternative webmail (SquirrelMail) for browsers with javascript disabled
The Tor hidden service address is: s4bysmmsnraf7eut.onion
For a more detailed description please have a look at the features page: https://ruggedinbox.com/features.php
( or as an hidden service: http://s4bysmmsnraf7eut.onion/features.php )
Thanks for your interest and let us know if you have any problem!
hi all!
Recentily we got precious feedback from a number of (rightly) paranoid fellows, follows the improvements:
* availability as a Tor hidden service (over http, https with valid certificate and https with a self-signed certificate)
* installed an alternative webmail (SquirrelMail) for browsers with javascript disabled
The Tor hidden service address is: s4bysmmsnraf7eut.onion
For a more detailed description please have a look at the features page: https://ruggedinbox.com/features.php
( or as an hidden service: http://s4bysmmsnraf7eut.onion/features.php )
Thanks for your interest and let us know if you have any problem!
Ok so the current maximum allowed password length is 22 characters. Sent PM
I'm having a frustrating problem. Today I've created three accounts. Two via Tor Bundle, and one straight through my ISP. I received a confirmation on all three,
Your new email address is: [email protected]
Host: ruggedinbox.com
IMAP (TLS) port: 993
POP (TLS) port: 995
SMTP (TLS) port: 465
Webmail url: https://ruggedinbox.com/rsm
Webmail with self-signed ssl url: https://ruggedinbox.com:444/rc
However, when I attempt to login via Claws Mail it errors out and the log shows:
[15:15:42] POP3< +OK Welcome to ruggedinbox.com
[15:15:42] POP3> USER xxxxxxxx
[15:15:42] POP3< +OK
[15:15:42] POP3> PASS ********
[15:15:45] POP3< -ERR Authentication failed.
*** error occurred on authentication
*** Authentication failed.
When I attempt via webmail using SquirrelMail of Roundcube I receive: Unknown user or password incorrect.
I'm using a 25 character 164 bit password, this is the only thing I can think of that may cause an issue on all three.
Help.
Your new email address is: [email protected]
Host: ruggedinbox.com
IMAP (TLS) port: 993
POP (TLS) port: 995
SMTP (TLS) port: 465
Webmail url: https://ruggedinbox.com/rsm
Webmail with self-signed ssl url: https://ruggedinbox.com:444/rc
However, when I attempt to login via Claws Mail it errors out and the log shows:
[15:15:42] POP3< +OK Welcome to ruggedinbox.com
[15:15:42] POP3> USER xxxxxxxx
[15:15:42] POP3< +OK
[15:15:42] POP3> PASS ********
[15:15:45] POP3< -ERR Authentication failed.
*** error occurred on authentication
*** Authentication failed.
When I attempt via webmail using SquirrelMail of Roundcube I receive: Unknown user or password incorrect.
I'm using a 25 character 164 bit password, this is the only thing I can think of that may cause an issue on all three.
Help.
Hi thanks for reporting. Sent PM
I'm having a frustrating problem. Today I've created three accounts. Two via Tor Bundle, and one straight through my ISP. I received a confirmation on all three,
Your new email address is: [email protected]
Host: ruggedinbox.com
IMAP (TLS) port: 993
POP (TLS) port: 995
SMTP (TLS) port: 465
Webmail url: https://ruggedinbox.com/rsm
Webmail with self-signed ssl url: https://ruggedinbox.com:444/rc
However, when I attempt to login via Claws Mail it errors out and the log shows:
[15:15:42] POP3< +OK Welcome to ruggedinbox.com
[15:15:42] POP3> USER xxxxxxxx
[15:15:42] POP3< +OK
[15:15:42] POP3> PASS ********
[15:15:45] POP3< -ERR Authentication failed.
*** error occurred on authentication
*** Authentication failed.
When I attempt via webmail using SquirrelMail of Roundcube I receive: Unknown user or password incorrect.
I'm using a 25 character 164 bit password, this is the only thing I can think of that may cause an issue on all three.
Help.
Your new email address is: [email protected]
Host: ruggedinbox.com
IMAP (TLS) port: 993
POP (TLS) port: 995
SMTP (TLS) port: 465
Webmail url: https://ruggedinbox.com/rsm
Webmail with self-signed ssl url: https://ruggedinbox.com:444/rc
However, when I attempt to login via Claws Mail it errors out and the log shows:
[15:15:42] POP3< +OK Welcome to ruggedinbox.com
[15:15:42] POP3> USER xxxxxxxx
[15:15:42] POP3< +OK
[15:15:42] POP3> PASS ********
[15:15:45] POP3< -ERR Authentication failed.
*** error occurred on authentication
*** Authentication failed.
When I attempt via webmail using SquirrelMail of Roundcube I receive: Unknown user or password incorrect.
I'm using a 25 character 164 bit password, this is the only thing I can think of that may cause an issue on all three.
Help.
Ok so, problem solved and platform updated.
"Closing the ticket"
Thanks to all for your interest and happy emailing!
"Closing the ticket"
Thanks to all for your interest and happy emailing!
still login failed, with mail i made yesterday...
Hi SloRunner please provide your ruggedinbox email address in PM
and I'll reset your password.
(You should then be able to login and change your password again).
Thank you.
registered 2 acc's today (1st registered & failed to login later, same with the second one)
can you help?
can you help?
Hi SloRunner thanks for your interest and feedback.
That's strange, I've tried now to create an account and I can login properly.
Did you try using the webmail ( https://ruggedinbox.com/rc ) or an email client ?
still login failed, with mail i made yesterday...
registered 2 acc's today (1st registered & failed to login later, same with the second one)
can you help?
can you help?
Hi SloRunner thanks for your interest and feedback.
That's strange, I've tried now to create an account and I can login properly.
Did you try using the webmail ( https://ruggedinbox.com/rc ) or an email client ?
Hi all again and thanks for your interest!
We just introduced a brand new feature:
when sending an email using an smtp client, the following headers are now anonymized: 'Received', 'X-Originating-IP', 'User-Agent', 'X-Mailer', 'X-Enigmail' and 'Mime-Version'.
In short, your IP address will not be revealed.
(Sending with the webmail always had this feature)
Let us know if you have any questions or need support!
https://ruggedinbox.com
We just introduced a brand new feature:
when sending an email using an smtp client, the following headers are now anonymized: 'Received', 'X-Originating-IP', 'User-Agent', 'X-Mailer', 'X-Enigmail' and 'Mime-Version'.
In short, your IP address will not be revealed.
(Sending with the webmail always had this feature)
Let us know if you have any questions or need support!
https://ruggedinbox.com
registered 2 acc's today (1st registered & failed to login later, same with the second one)
can you help?
Hi all again and thanks for your interest!
We just introduced a brand new feature:
when sending an email using an smtp client, the following headers are now anonymized: 'Received', 'X-Originating-IP', 'User-Agent', 'X-Mailer', 'X-Enigmail' and 'Mime-Version'.
In short, your IP address will not be revealed.
(Sending with the webmail always had this feature)
Let us know if you have any questions or need support!
https://ruggedinbox.com
We just introduced a brand new feature:
when sending an email using an smtp client, the following headers are now anonymized: 'Received', 'X-Originating-IP', 'User-Agent', 'X-Mailer', 'X-Enigmail' and 'Mime-Version'.
In short, your IP address will not be revealed.
(Sending with the webmail always had this feature)
Let us know if you have any questions or need support!
https://ruggedinbox.com
Jump to: