 Show Posts
|
|
Pages: [1] 2 3 4 5 »
|
Hi guys, sorry to inform you that we are unable to continue to run the service, mainly because of too much work on our daily jobs. Please backup your emails asap, the VPS will be wiped within 2 days. The web service is currently under DDOS, but imap works ok (you can use icedove/thunderbird + torbirdy). For refunds of donations refer to ruggedinbox@safe-mail.netThanks for all your feedback and support, RuggedInbox team |
|
|
|
Ruggedinbox is back up and running  Yet, even though the webmail works, I'm still getting the "us2.pop.mailhostbox.com" certificate confusion/scam/MitM/whatever issue when using Thunderbird's account wizard. Has no one else encountered this problem? Confirmed, HTTP SSL cert is valid but POP/IMAP/SMTP SSL cert is expired, fixing asap, thank you |
|
|
|
So it was down for a week. Then, when it came back up, things seemed to work fine -- until I tried to reconfigure my Thunderbird POP settings, and suddenly got a warning about the security certificate pointing to a site that wasn't "ruggedinbox".
Not seeing the certificate issue mentioned here in the days since, I've begun to wonder whether it's something flying under the radar, maybe slipping past those who continued "business as usual" under their previous settings. So, in the interim, I opted to use the webmail interface.
Unfortunately, since yesterday, the website appears to be down again, at least for me.
Hi no we didn't touch anything on the configuration except usual OS updates, our mail clients are working ok (no ssl alerts) and there is no other feedback about this (until now). But yes the http service was down/slow because once restored the service we also restored the Tor HS onions and it looks like the DDOS attack resumed. At least this time we found a number of hits on the access.log file like this: "GET /?PAY-2BTC-TO-1Efc4djSCfqobjXXXXXXXXXXXXXX-FOR-THE-PATCH HTTP/1.1" 200 but can't say if its directly related to the long going problems on TOR HS :| So HS services stopped again and this sucks. About your certs problem, were you using Tor ? Could it be the 'usual' bad exit node (MITM) SSL hijacking problem ? |
|
|
|
|
Ok luckily enough the VPS was unpaused in no time and we were able to restore the service and give a first run of the script which deletes accounts with no pop/imap/webmail activity in 1 year.
(Also updated the canary and the OS)
We hoped to get more free storage from the script, upgrade needed asap ..
|
|
|
|
|
Hi all and sorry for the long downtime, nothing wrong with the security and privacy/integrity of the service but reason was our disorganization and quite unlucky timing: busy with daily jobs, problems with connectivity, problems with blockchain.info wallet.
The VPS went to 'inactive' mode and we now made few payments to restore the services (RIB, cloud and tor exit node, we'll refund the last one asap).
Also, VPS storage is probably full and we need to enable the script to remove old and unused accounts.
Also, there is a silly easter-egg cronjob on the VPS ... it will probably change the RIB logo on the home page once the data center process the payments and press 'play' on the VPS ...
we'll restore the image and update the canary asap.
Sorry for the inconvenience, anyway we are back and hope to regain trust with better uptime and support (and another project and few ideas).
Service should be back in around 24 hours.
|
|
|
|
The service seems working normal again.
As far as i know they tried to collect donations in the past but with very little sucess.
We tried a fund raise campaign to update a G/PGP plugin for SquirrelMail, long story short: the plugin required the PRIVATE g/pgp key to be present on the server and so, we canceled the fund raise. RIB is economically in perfect shape: we are glad to say that the project is self funding (with community donations) from around 1 year. We hope to fix this spam problem asap .. TY I whish you to get the problem fixed soon as i highly recommend your service! Thank you, yes the outgoing spam problem was stopped and the service looks in good shape since then. We changed the captcha and wrote some custom rules for spamassassin. We also had to stop Tor and the relative Hidden Service access, this sucks hard but it looks like from yesterday our Tor HS 'stack' is under ddos :| We asked for delisting where possible, where not possible we simply need to wait and RIB will be delisted automatically. TY |
|
|
|
The service seems working normal again.
As far as i know they tried to collect donations in the past but with very little sucess.
We tried a fund raise campaign to update a G/PGP plugin for SquirrelMail, long story short: the plugin required the PRIVATE g/pgp key to be present on the server and so, we canceled the fund raise. RIB is economically in perfect shape: we are glad to say that the project is self funding (with community donations) from around 1 year. We hope to fix this spam problem asap .. TY |
|
|
|
|
Hi yes the spam problem is still ongoing and yes, some of the previous emails (queue) were sent
but we then realized that the queue was full of spam and, sorry about that, we deleted ALL the queue.
This means that previous emails are lost.
Currently the service is still sending spam and also, it was blacklisted on a number of RBLs.
This is the first serious spam issue with RIB, but not something we have never seen on our daily jobs:
so we are still investigating the cause and the fix.
Probably we used a stupidly easy captcha for the account registration and it was 'cracked'.
We'll update all users with a broadcast message as soon as we have some (hopefully good) news.
TY
|
|
|
|
|
Hi all sorry for late reply and thanks for the feedback,
had some urgent stuff with our daily jobs.
Yesterday we noticed that the antivirus / antispam crashed
so we restarted the services and the emails queue 'flushed' alone slowly.
Now everything should work as usual, we'll upgrade the RAM on the VPS
asap ..
Also updated the canary file, sorry for being late and causing rightful worries!
TY
|
|
|
|
Hi, Running claws mail and having issues setting up ruggedinbox account. Can receive OK but get error on send. Have followed instructions for settings in this thread. Compared my accountrc file to the example given too but not seeing my problem. Any help greatfuly received. send:
generated message-id: yes
send account mail address in Message-ID: no
generate x-mailer header: no
SMTP authentication (SMTP AUTH): yes
Authentication method: Automatic
User ID: empty
Password: empty
Authenticate with POP3 before sending: no
SSL:
POP3:
Use SSL for POP3 connection
Send (SMTP):
Use STARTTLS command to start SSL session
Use non-blocking SSL: yes
Advanced:
SMTP port: no
POP3 port: no
Domain name: no * Account 'XXXXX@ruggedinbox.com': Connecting to POP3 server: mail.ruggedinbox.com...
[19:44:20] POP3< +OK Welcome to ruggedinbox.com
[19:44:20] POP3> USER XXXXX@ruggedinbox.com
[19:44:21] POP3< +OK
[19:44:21] POP3> PASS ********
[19:44:21] POP3< +OK Logged in.
[19:44:21] POP3> STAT
[19:44:21] POP3< +OK 2 1969
[19:44:21] POP3> UIDL
[19:44:22] POP3< +OK
[19:44:22] POP3> LIST
[19:44:22] POP3< +OK 2 messages:
[19:44:22] POP3> QUIT
[19:44:22] POP3< +OK Logging out.
* Account 'XXXXXX@ruggedinbox.com': Connecting to SMTP server: mail.ruggedinbox.com ...
[19:44:52] SMTP< 220 csds.local ESMTP
[19:44:52] ESMTP> EHLO localhost
[19:44:52] ESMTP< 250-csds.local
[19:44:52] ESMTP< 250-8BITMIME
[19:44:52] ESMTP< 250-AUTH PLAIN LOGIN
[19:44:52] ESMTP< 250-XCLIENT NAME HELO
[19:44:52] ESMTP< 250-XFORWARD NAME ADDR PROTO HELO
[19:44:52] ESMTP< 250-ENHANCEDSTATUSCODES
[19:44:52] ESMTP< 250
[19:44:52] ESMTP> STARTTLS
[19:44:52] ESMTP< 500 5.5.1 Error: unknown command
** error occurred on SMTP session
*** Error occurred while sending the message:
500 5.5.1 Error: unknown command Hi, are you perhaps using Tails ? If yes, RIB is known to _not_ work with claws-mail on Tails, but icedove/thunderbird + torbirdy works ok. We are in the process of writing a step-by-step howto on configuring thunderbird on Tails .. TY |
|
|
|
Hello everyone, fresh new service: https://ruggedinbox.comStill in BETA, currently completely free and ad-free, Tor friendly, offshore (Europe, Bulgaria), no personal details needed, no question asked, session expiration friendly (10 hours), limited number of accounts available. If you prefer a self-signed ssl certificate, here you are: https://ruggedinbox.com:444Also available as a Tor hidden service: s4bysmmsnraf7eut.onion Feedback is welcome! SENT an email to support team a few hrs ago. I actuallly forgot my password andis there i way i can reset it. Plus i can answer verification questions so as to help me reset it. Expecting to her from ya Answered, sry can't do. |
|
|
|
FBI message OUTDATED, Not replying here will make us assume things....  Today is : July 26, 2015, 08:51:14 PM , while i am writing here . The content of the file https://ruggedinbox.com/canary.txt was that moment : ********************************************************************************************* We do not know about any seizures, warrants or searches of the following servers: - ALL public servers - ALL hidden servers We do not know about any seizures, warrants or searches of staff hardware. We never placed any backdoors in our servers or network and never received any requests to do so. Today is 2015-07-16 We can't guarantee no secret searches have been performed. We can't guarantee the private key wasn't secretly compromised. We can't guarantee the staff won't give in to force. Be extremely careful if this file disappears or is outdated. Public Key: https://ruggedinbox.com/rib.pub.txt (or http://s4bysmmsnraf7eut.onion/rib.pub.txt) This message expires in 14 days. ********************************************************************************************* Check again your math  (we updated the canary exactly on the 'expiration' day, first rule: don't panic) |
|
|
|
This week, we have noticed that we are not able to send email. Here is the log: * Account ' xxxxxxx@ruggedinbox.com': Connecting to SMTP server: ruggedinbox.com ... [02:57:22] SMTP< 220 csds.local ESMTP [02:57:22] ESMTP> EHLO localhost [02:57:22] ESMTP< 250-csds.local [02:57:22] ESMTP< 250-8BITMIME [02:57:22] ESMTP< 250-AUTH PLAIN LOGIN [02:57:22] ESMTP< 250-XCLIENT NAME HELO [02:57:22] ESMTP< 250-XFORWARD NAME ADDR PROTO HELO [02:57:22] ESMTP< 250-ENHANCEDSTATUSCODES [02:57:22] ESMTP< 250 [02:57:22] ESMTP> STARTTLS [02:57:22] ESMTP< 500 5.5.1 Error: unknown command ** error occurred on SMTP session *** Error occurred while sending the message: 500 5.5.1 Error: unknown command* Account ' xxxxxxx@ruggedinbox.com': Connecting to POP3 server: ruggedinbox.com... [03:01:44] POP3< +OK Welcome to ruggedinbox.com [03:01:44] POP3> USER xxxxxxx@ruggedinbox.com[03:01:44] POP3< +OK [03:01:44] POP3> PASS ******** [03:01:45] POP3< +OK Logged in. [03:01:45] POP3> STAT [03:01:45] POP3< +OK 0 0 [03:01:45] POP3> QUIT [03:01:46] POP3< +OK Logging out. Thank you in advance, for your help. Hi, all working fine here. Do you still have the issue ? |
|
|
|
Hi! Thanks for including RIB and thanks for your efforts, very nice project! By coincidence, we were going to contact you right now when we saw this post  We'd like to add a 'warrant canary' on RIB's home page, that's a very clever idea. We'll contact you now .. |
|
|
|
Hi ok we brought and installed a proper ssl certificate for smtp/pop/imap on the domain mail.ruggedinbox.com (which is the MX record) and did some tests on thunderbird/icedove + torbirdy in order to check for exceptions. Since we were there, we did some packet sniffing and it doesn't appear to leak. On Debian Wheezy this is the install procedure: on terminal, as root, type: apt-get install icedove tor (icedove is the debian name for thunderbird) open a browser (perhaps TBB) and download the torbirdy add-on: https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/open icedove, go to preferences -> press on the 'switches' button on top right, near the 'Search all add-ons' search box -> 'Install Add-on From File ...' and select the 'torbirdy-0.1.X-tb.xpi' file you downloaded before. Close and reopen icedove. On bottom right you should read the following, in green: TorBirdy Enabled: Tor Now you can input / create a new mail account. Insert your username and password. We tested POP. Since torbirdy is installed, the wizard is disabled .. you'll need to change some settings manually: go to preferences -> Account Settings * Server Settings: Server Name: mail.ruggedinbox.com Port: 995 User Name: xxx@ruggedinbox.comConnection security: SSL/TLS Authentication method: Normal password * Outgoing Server (SMTP) -> Edit Server Name: mail.ruggedinbox.com Port: 465 Connection security: SSL/TLS Authentication method: Normal password User Name: xxx@ruggedinbox.comNow you should be able to send and receive, all traffic will be routed thru Tor and you'll never get the ssl certificate exception. The new ssl configuration applies also to other clients, with or without Tor they should validate ruggedinbox.com and/or mail.ruggedinbox.com |
|
|
|
I've got a problem with receiving mails in thunderbird. It asks every time to confirm an exception for ruggedinbox. I import the certificate and get the warning again. This warning shouldn't show up from importing the correct certificate and even after accepting the exceoptin it pop-up again and again. So I can't receive any mails within thunderbird.
Are there any suggestion?
Hi, that's because the valid SSL certificate is installed only on the web server (webmail). POP/IMAP and SMTP are still using the self-signed certificate, that's because we decided not to trust CAs (and for the webmails we suggest using the onion address http://s4bysmmsnraf7eut.onion/rc). We are not thunderbird users but didn't receive any complaints, anyway, would you consider using claws-mail ? I would like to pick up on this and suggest (gently!!) that I, as a grateful user, do have a problem with the lack of a non-self-signed SSL certificate for IMAP. I use Postbox, The Bat! (on Windows) and K-9 (on Android). I don't really want to use Claws Mail. Postbox and The Bat! point-blank refuse to connect without a certificate. I have tried more than once. K-9 accepts the lack of a certificate at first, but then kick it out and will not connect. This is such a good email service! Could you (please!) re-consider your stance on certification, so that users of email clients other than Claws can access emails by IMAP or POP? Thanks! Hi, we are getting a lot of requests on that, we'll change the configuration on the server as soon as possible in order to use the valid certificate even on pop/imap/smtp. Thanks for the feedback! |
|
|
|
decent email client ,but several restrictions on the number of total emails sent in one hour
Yep, 30 outgoing email per day (unlimited incoming) and 1 outgoing email every 3 minutes. (the limit is daily, not hourly) Those are the default rules. We lower the limits for users who asks. |
|
|
|
Desktop and sounds notifications works perfectly here.
That's odd,i wonder what the issue can be,any ideas? Session expiration time is 10 hours. What i meant was is there a time frame if one doesn't log in to the e mail account.Some e mail programs will deactivate the account if there are no log in to the e mail program,such as 3 months,6 months etc.Does ruggedinbox have such a policy. Hi, about your sounds and desktop notification problem, don't know sorry. About the deactivation policy, currently there isn't any and storage usage is decently low so there will not be any for long time. When storage availability will be a problem we'll increase the size. After that, we'll probably add another server but also enable a very relaxed deactivation policy, for example over 12 months inactive accounts. |
|
|
|
|
