[gruez]

>So, actually, Proton COULD read your email (IFF you use webmail).

The authorities can also read your self-hosted email if they had a warrant to search your house. Even if you enable FDE they can do a cold boot attack.

[golem14]

I believe that you would not expect that level of interaction with LEAs for a "stop cop city" dude that hasn't even been charged with a crime.

I'd count that up as a hypothetical win of the self-hosted main in your own location.

If you are Dr. Evil, OTOH, other calculi apply.

[encrypted_bird]

Just out of curiosity, what is a cold boot attack?

[gruez]

https://en.wikipedia.org/wiki/Cold_boot_attack

tl;dr they pull the decryption keys from your computer while it's still running, which of course it is because your mail server has to be up 24/7.

[wildzzz]

Simple solution: put your server inside of a cabinet or enclosure that immediately powers it off if opened with a hidden micro switch. Additionally, write a little udev rule to immediately power off if any new USB device is connected or Ethernet is unplugged.

[encrypted_bird]

So a trip-switch for the server?

How would one access it if one needed to do config changes or, really, anything the server for legitimate purposes?

[quesera]

ssh in and shut down first (and/or just use a properly reliable filesystem).

Mail transfer can tolerate multi-hour interruptions. Imagine the drama if it couldn't!

[encrypted_bird]

If you can ssh in, couldn't they ssh in?

[encrypted_bird]

That is fascinating! Thanks for sharing!

[Tepix]

What if you use encryption?

[perching_aix]

FDE stands for "Full Disk Encryption" in this context.