what about SMTPS over Tor?

anonym anonym at lavabit.com
Tue Dec 25 16:17:55 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

Several friends of mine have lately expressed the wish to be able to
send email anonymously. They have really good reasons and I believe many
others do as well, so I'm looking for easy to use and set up solutions.
I've looked into annonymous remailers like Mixminion et al, but they
don't seem to be mature enough and have the number of users required for
any effective anonymity, so Tor seems to be the way. Mixminion doesn't
even seem to have a GUI beyond Tork for non-Windowos users, which kind
of would force everyone to install KDE.

Web mail + Tor is of course an option, but then they'll loose the nice
PGP intergration provided by most MUA:s (e.g. Enigmail/Thunderbird), and
PGP (for end-to-end encryption) is _essential_ for my friends' purposes.
Of course, there are things like FireGPG which can be used to
sign/verify/encrypt/decrypt any texts in Firefox, which would work for
web mail, but FireGPG is simply to flaky and have to much encoding
issues to be usable right now. Therefore, web mail is not satisfactory.

So I'm investigating the possibility of using SMTPS (i.e. SMTP over SSL)
on Thunderbird with Torbutton. In fact, this email should have been sent
over Tor. But as we know, there are several issues with using a mail
client and SMTP with Tor. On the other hand, there's a lot of issues
using Tor with web browsers (javascript, flash, cookies, Firefox
extensions and many non-http(s) features etc). So is this really such a
bad idea some people are suggesting? What are the issues? Things I've
thought or read about myself are the following:

* All types of SMTP is rejected by Tor's default exit policy
During my testing, it has worked well. It seems there are quite a few
people who still allow SMTPS (port 465) and SMTP with submission (port
587) as I've had different exit nodes for all five of my test emails.
Standard SMTP seems to be completely blocked. BTW, is it possible to do
queries over all exit nodes to see which of them that allow certain
services?

* The mail header might contain identifying information
- From my experiments, I've seen fields like User-Agent, x-mozilla-status,
 x-enigmail-version and openpgp (key ID and key URL) which are not
terribly dangerous (assuming that the key is only used for anonymous
mail). The openpgp info is quite useful to keep, actually, and the
others are very easily scraped away by some plugin (Torbutton for
Thunderbird should alter this as it does with Firefox?). Also, I've
heard that certain particularities of how the header is made might be
used to identify that UA of a given mail. All in all, I'm not too
worried about user agent stuff and similar right now (I need this
solution fast), only of unique identifiers (but I agree that some effort
should be made for this, perhaps in Torbutton). Please feel free to
point out if my current mail header contains any other dangerous
information that should taken into account.

* EHLO/HELO message contains IP address or hostname
First of all, the exit node shouldn't see anything since SSL is used.
But what about the SMTP server? If you examine the header of this mail,
you'll see that the first "Received:" field reports that it came from
0.0.0.0 plus hostname and IP address of the exit node (at least that's
what happened in my experiments). Is that the same as what is reported
in the EHLO/HELO to the SMTP server? If so, all is fine.

So, what do you think? Are there any more issues? Is Thunderbird + Tor +
Torbutton + SMTPS safe?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHcS0xp8EswdDmSVgRAnNRAKCI0zBFfu2pvKcYFcg+e9UmNaXKMACdH9ru
C3uo0dM/Zcfp4E7P2tEEpDI=
=wdMT
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list