Add Secure Tutanota email client to installed scripts

Howdy!

This is by far the cleanest, easiest, prettiest and most secure email client to ever be released open-source.

https://github.com/tutao/tutanota

It would be nice to be able to set this as the default web-mail client for domains on Virtuamin servers.

Signup, virtualmin@tutanota.de is still available as I write.

Status: 
Closed (fixed)

Comments

Can you tell me more about tutanota - is it a webmail app like roundcube, or something else? From the website it appears to be a service they run, which wouldn't make much sense as a Virtualmin script.

Hi Jamie,

Yes, it's like RoundCube.

I urge you to sign up with their free web service, it's free, and it'll give you a really good idea of how it works. "A usage is worth 10,000 words."

It's a web-mail client that you configure to use with your own servers.

They do run their service tutanota.de for free, as a way for people that don't have access to servers to use the encrypted email.

Emails are encrypted end-to-end, attachments encrypted and it's all performed by the client.

In order for end-to-end encryption to work both the sender an the recipient must exchange a shared secret. Once this shared secret is setup their communications are encrypted by the client before they are sent.

VirtualMin could get the first mover advantage and be added to their github so as to be the go-to control panel that supports their webmail client out-of-the-box.

Nota bene, I have not yet had a chance to experiment with it on a local server yet. And the script is in BETA.

I have been researching secure mail clients for years now. The only thing that comes close is ProtonMAIL by the Cern folks but their client is still in closed-beta and not yet available on github.

The end-goal with this feature request is to ensure that there now a secure email client as part of the VirtualMin stack. Everything else can be encrypted via SSL, but emails are still being sent in plain text.

Ok, that sounds pretty cool. So it looks like it is written as a node.js app?

Also, what encryption does it use - GPG, or something hand-rolled?

Yes, it's cool, and their approach is nice since it does away with having to import and export keys across computers or devices.

A couple links:

http://news.softpedia.com/news/Interview-Tutanota-CEO-On-Security-Encryp...

"The encryption method used is a “standardized, hybrid method consisting of symmetrical and asymmetrical algorithms with RSA 2048 Bit and AES 128 Bit. External users are reached with symmetrical encryption with AES 128 Bit,” said Tutanota spokesperson Hanna Bozakov in an e-mail.

Data cannot be accessed by anyone, including the provider, which means that passwords cannot be reset if lost" - http://www.cryptocoinsnews.com/new-end-end-encrypted-e-mail-service-laun...

Ok, we'll take a look into it.

I spoke with them and their solution requires their own servers for a multitude of things.

This might not be a good use of resources. Closing the ticket.

Joe's picture
Submitted by Joe on Sun, 10/26/2014 - 19:31 Pro Licensee

There are a couple of new open source webmail clients in development that look promising.

Mailpile had a lot of hype a while back, and they've finally released an alpha version...it is...disappointing, to say the least (it's not even operating as a single page app...it reloads the whole page for every click, making it feel really sluggish).

Rainloop looks nice (with a GMail-like UI), though its license requires purchasing for commercial use.

Mailr looks pretty good, too, and is public domain.

Whiteout is possibly the most promising, as it seems to be focused on encryption, while also looking nice.

Finally, Usermin webmail is getting an overhaul once I finish the Bootstrap theme for Virtualmin. It might be that I'll get around to that before the Mailpile folks actually ship something production-ready. There's also the new theme from Ilia, which I believe he's reported is now working with Usermin (this would probably make Usermin look nice enough, but might not provide the workflow enhancements I'm planning to work on). Usermin already supports GPG encryption, reasonably fast search, and all the usual features one might expect from a mail client (though it could use some new integration features, like shared address books with other mail clients, etc.). I'd also like to see it support a threaded conversation mail view, ala GMail.