I'm wondering something. I'm trying to look into the possibilities of the following. I want to (1) set up a mail server that only accepts mail that was sent encrypted, and (2) set up a Tor hidden service that (also) runs a mail server (the same server if possible).
One thing I'm trying to achieve here, is that the email I'm receiving has been encrypted from the point it was sent by the sender's mail server, ignoring the fact that the the email provider of the sender (or the sender itself) might still leak the email in other ways. I guess I need to be able to reject the mail (or connection) before it tries to send it to me (when it comes unencrypted of course).
I'm also planning to buy a domain name if I find a good way to execute plan #1.
The first idea, I think should be possible. My only problem with this is that I don't want to spend that much money on a certificate, and I'm wondering if mail servers would accept a self-signed certificate whenever they sent something to me.
However, with the second idea I need more guidance. I know that generally (at least if I got it right) an email will be sent to the server from the sender's domain's MX record. (Question: I've read some basic information of how Tor works, and how hidden services work, but I've not dived into all the technical details (as of yet).
Do hidden services (.onion's) support MX records in some way? Can a mail server be configured to sent email through Tor towards my hidden service? Would it be possible to put onion addresses into the MX record of one of my domains? So many questions...
Anyway, I appreciate any help with this. Oh... and don't ask why.