############## CONTINUED ###################
STEP 6) Select a strong password for a new user account
# passgen --bytes 33
Write this down in a passbook and add a few random numbers and letters from your mind in here as well.
Alternatively store your keys in a gpg encrypted file on an airgapped computer with a memorizable password to open the file.
STEP 7) Create a new user with your anonymous handle /name
# useradd anon12345foo -m -s /bin/bash
# password:
# verify password:
STEP 8) Restart the services
You might have to postmap the file recipient access
# cd /etc/postfix
# echo "anon12345foo permit" >> recipient_access
# postmap recipient_access
# echo "127.0.0.1 permit" >> client_access
# echo "192.168.1.32 permit" >> client_access
# postmap client_access
# postmap aliases
# postmap access
# echo "anon12345foo@hiddenservice34zagag.onion anon12345foo" >> virtual
# postmap virtual
# echo "anon12345foo@hiddenservice34zagag.onion anon12345foo" >> virtusertable
# postmap virtusertable
or use a different username for logon than the anonymous name used for communication
// i think virtual is required I'll check my endfix.cf
# systemctl restart postfix
# systemctl restart dovecot
# systemctl status postfix
# systemctl status dovecot
STEP 9) Setup imap retrieval with clawsmail
etc. using the name and paswsword for the anon user account,
or don't use dovecot just read it from the maildir directly or use Mutt.
Go into claws-mail options and add a new account ...
STEP 8) create a pgp public key using RSA 4096
sign in as anon12345foo
$ gpg --generate-key
$ save the public key or export it to armored ASCII
$ gpg --list-keys -u anon12345foo
$ gpg --export -a -u anon12345foo
STEP 9) Distribute the hidden service name, your handle, and the public key to your intended recipient.
STEP 10) Check your mail using claws-mail or use mlogz.sh to look at activity on your mail server for new incoming mail.
# mlogz
STEP 11) Send mail to other tor hidden service mail servers using endmail.sh
# gpg --import anon_523cachu_pgp.asc
# pgp --encrypt -r anon_523cachu -a -o encrpted.asc message.txt
# endmail --help
# endmail anon_523cachu@hidden.onion "Re: from anon12345foo" encrypted.asc
or
# endmail anon_523cachu@hidden.onion "-" encrypted.asc
And place the return address and user info in the encrypted message body thus eliminating meta data in the headers except for the recipient.
STEP 12) Get burned ?
# rm -rf /srv/tor/mail/hostname
# rm -rf /srv/tor/mail/privatekey
and restart tor to start over
# userdel -rf anon12345foo
# useradd anon142boo -m -s /bin/bash
and edit /etc/postfix/main.cf and /etc/dovecot/dovecot.conf to reflect the new hidden service name.
edit /etc/postfix/recipient_access and change the recipient name to anon142boo
# postmap recipient_access
# systemctl reload postfix
# systemctl restart postfix
There might be errors or omissions in the above but I think that's the general process. Now you have a tor hidden service mail server, that uses a selfsigned certificate and you have a gpg public key. you use tor and ssl and gpg to secure your email communications, and you are known by your handle and hidden service .onion address.
################# END OF GUIDE ####################################