MOWA Software

Proof of Concept Server

The POC Server is a set of PHP scripts that enables a web server to accept MOWA emails. It uses MySQL for storage and GNU dc for crypto operations. Because MOWA uses multipart/form-data format for email upload, file upload must be enabled in PHP.


1. Unzip the package into your Apache document directory (e.g. htdocs). Make sure the "Use folder names" option is checked. Three files, db.php, add_account.php, and lamekeys.php, and seven sub-directories will be created. Within each sub-directory is an index.php. If your server doesn't use "index.php" as the default page then you'll have to rename these.

2. Create a new database for MOWA in MySQL.

3. Open db.php and edit the db related variables. $mysql_db is the name of the db you've just created. $mysql_server, $mysql_user, $mysql_password are self-explanatory. $create_tables controls whether the script tries to create the necessary tables everytime it runs. This can be set to false once everything is working ok.

Have a look at the CREATE TABLE statements if you feel like it. You can see the db's schema here. Just your standard many-to-many (messages to mailboxes) and many-to-one (attachments to message) relationships. The only table of interest is mbox_access. It links the user and mbox tables. The text string access_codes determines what a user can do with a particular mailbox. "RPD" means the user can read from the box, post messages with the mailbox's address as return addresses—he has access to its private key—and delete messages from the box.

4. The server is now setup. There're no mail accounts yet so open a browser window and go to http://yourserver.com/add_account.php. Create a couple test accounts.

5. Launch the POC client. Send a email from one account to another, then reply from that account. If you encounter no errors then you're done! Send me a MOWA mail at karolina@conradish.com.


Version 0.1 The blocking mechanism has not been implemented yet.

add_account.php uses fixed, known keys.

Proof of Concept Client

The POC Client is a Windows application developed using Delphi 5. It lets you send and receive messages through MOWA. As the name implies, it's demo ware. While it's stable and works for the most part, it's not designed for everyday use.

Just download the package and unzip it somewhere. You're going to get just an .exe file. Launch it. It'll ask you for your email address and password. If you've not done so already, create some test mailboxes on the test servers.

The program will try to download your private key. If it succeeds then you'll notice the New message button becoming activated. Send a message to another mailbox that you've created.

Click Set mailbox and change to that mailbox. The message you just sent should appear in the list. After it status has become "Downloaded," double click on it to open it.

In the message window you can reply to the message, send an acknowledgement that you've read it, forward it to someone else, delete it, or report it as spam.

To test the spam complaint mechanism, send a email to a at least three different mailboxes. You can do this by entering the addresses into the To field, separating them by commas. Now log into those accounts and report the email as spam. Because the POC server currently has a spam threshold of two, the sender's public key will become inaccessible after the second complaint. When you log into the third account, you won't be able to read the message. When you log into the initial account again, the program will report that it can't download the private key.

To restore the ability to send messages, open a browser window, go back to the account sign up page, and submit the name and password of the account.

You can download the source code of the POC Client here. It employs the GInt library by Walied Othman, Paszlib by Jacques Nomssi Nzali, and the ELAES library by Alexander Ionov. The Base64 routine is by Paul Toth and is distributed under GNU GPL.

SourceForge Logo Last update: April 14th 2002