[tor-talk] Outbound SMTP via TOR?
Elrippo Athletico
elrippo at elrippoisland.net
Tue Jul 22 07:16:55 UTC 2014
Am Montag, 21. Juli 2014, 11:28:09 schrieb Rene Bartsch:
> Am 2014-07-21 04:17, schrieb Cinaed Simson:
> > On 07/17/2014 07:11 AM, Elrippo wrote:
> >> I don't think that this is a problem, if you configure TOR as a
> >> transparent proxy with some iptables rules on your Debian based OS,
> >> all TCP based traffic is routed through TOR
> >>
> >> Take a look at the last example
> >> https://elrippoisland.net/public/how_to/anonymity.html
> >
> > An untrusted HTTPS connection? Really?
> >
> > Anonymity without security?
>
> I assume this relates to Elrippo's documentation. After my understanding
> all connections between a TOR-client and a TOR Hidden Service are
> end-to-end encrypted and authenticated via RSA-key->TOR Hidden Service
> ID/domain.
>
> My main problem is to route the SMTP-/Jabber-client traffic into the TOR
> network. It would be great to be able to distinguish between normal
> remote host domains and .onion, too.
>
> But still the main goal is a very easy mail setup for average-joes with
> secure end-to-end encryption.
Yes, that is not so hard to accomplish. Just route all traffic of your HS Server
into TOR, then send a mail to another HS Mail Server or to a "normal" Mail
Server on the I-net.
If i send a mail from my HS mail server to a "normal" mail server, the log
looks a little bit like that.
1.) HS Mail server log entry
2014-07-22 06:33:02 1X9TdF-0001ao-6F <= elrippo at someonionaddress.onion
H=localhost ([192.168.3.182]) [127.0.0.1] P=esmtpsa
X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32 A=plain_saslauthd_server:elrippo S=3178
id=47fcd221-edc2-497d-8e6e-43e490d046ea at email.android.com
2014-07-22 06:33:08 1X9TdF-0001ao-6F == elrippo at elrippoisland.net R=dnslookup
T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT
TO:<elrippo at elrippoisland.net>: host elrippoisland.net [212.186.51.184]:
451-46.20.46.152 is not yet authorized to deliver mail from\n451-
<elrippo at vz25laii237c46m5.onion> to <elrippo at elrippoisland.net>. Please
try\n451 later.
2014-07-22 06:56:26 Start queue run: pid=6144
2014-07-22 06:57:21 1X9TdF-0001ao-6F => elrippo at elrippoisland.net R=dnslookup
T=remote_smtp H=elrippoisland.net [212.186.51.184]
X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="CN=elrippoisland.net"
2014-07-22 06:57:21 1X9TdF-0001ao-6F Completed
2014-07-22 06:57:21 End queue run: pid=6144
2.) Recieving "Normal" Mail server log entry
no host name found for IP address 46.20.46.152
2014-07-22 08:56:54 no IP address found for host someonionaddress.onion
(during SMTP connection from (localhost) [46.20.46.152])
2014-07-22 08:57:04 DNS list lookup defer (probably timeout) for
152.46.20.46.zen.spamhaus.org: assumed not in list
2014-07-22 08:57:10 H=(localhost) [46.20.46.152] Warning: 46.20.46.152 is
listed at sbl-xbl.spamhaus.org (127.0.0.4:
http://www.spamhaus.org/query/bl?ip=46.20.46.152)
2014-07-22 08:57:20 1X9U0c-0002nG-5f SA: Action: scanned but message isn't
spam: score=-0.5 required=5.0 (scanned in 9/9 secs | Message-Id:
1X9U0c-0002nG-5f). From <elrippo at someonionaddress.onion> (host=NULL
[46.20.46.152]) for elrippo at elrippoisland.net
2014-07-22 08:57:20 1X9U0c-0002nG-5f <= elrippo at someonionaddress.onion
H=(localhost) [46.20.46.152] P=esmtps X=TLS1.0:RSA_AES_256_CBC_SHA1:32 S=3934
2014-07-22 08:57:20 1X9U0c-0002nG-5f => elrippo <elrippo at elrippoisland.net>
R=local_user T=maildir_home
2014-07-22 08:57:20 1X9U0c-0002nG-5f Completed
3.) So. the sending IP address is an Exit in the TOR Network. In this case
that would be https://globe.torproject.org/#/search/query=46.20.46.152
4.) Now it gets delicate. You have to configure your HS Mail server to
anonyminize the header of the mail to NOT to leak any information! This is
very important, because the recieving IP of the client is logged and written
into the header, also the sending IP of your HS is logged an written into the
header of the mail!
So watch out for modifying headers of your Mail server before sending any
mail!
I know how to modify Exim, but i have no knowledge of other mail servers.
The HEADER of this test mail looks a bit like this.
Return-path: <elrippo at someonionaddress.onion>
Envelope-to: elrippo at elrippoisland.net
Delivery-date: Tue, 22 Jul 2014 08:57:20 +0200
Received: from 127.0.0.1
by server500gb.chello.at with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim latest)
(envelope-from <elrippo at someonionaddress.onion>)
id 1X9U0c-0002nG-5f
for elrippo at elrippoisland.net; Tue, 22 Jul 2014 08:57:20 +0200
Received: from YourFriendlyHiddenService
by AgainYourFriendlyHiddenService with esmtpsa
(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
(YourFriendlyHiddenServiceMTA)
(envelope-from <elrippo at someonionaddress.onion>)
for elrippo at elrippoisland.net; Tue, 22 Jul 2014 06:33:02 +0000
MIME-Version: 1.0
From: Elrippo <elrippo at someonionaddress.onion>
Date: Tue, 22 Jul 2014 08:33:27 +0200
To: Admin <elrippo at elrippoisland.net>
X-Warning: 46.20.46.152 is blacklisted at sbl-xbl.spamhaus.org (127.0.0.4:
http://www.spamhaus.org/query/bl?ip=46.20.46.152)
X-SA-Exim-Rcpt-To: elrippo at elrippoisland.net
X-SA-Exim-Mail-From: elrippo at someonionaddress.onion
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
server500gb.chello.at
X-Spam-Level:
X-Spam-Status: No, score=-0.5 required=5.0 tests=ALL_TRUSTED,MISSING_MID,
NO_DNS_FOR_FROM,TVD_RCVD_IP,TVD_RCVD_IP4 autolearn=no version=3.3.2
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Test
X-SA-Exim-Version: 4.2.1 (built Sun, 08 Jan 2012 03:05:19 +0000)
X-SA-Exim-Scanned: Yes (on server500gb.chello.at)
X-Elrippo-LOCAL-Header: This is a verfication, that your message is handled by
server500gb.chello.at
X-Length: 4243
X-UID: 16382
-----BEGIN PGP MESSAGE-----
Version: APG v1=2E1=2E1
-----EN=
D PGP MESSAGE-----
Most mail servers on the clear net will not accept any mail from a HS mail
server, because the IP Address is not coressponding to a TLD.
Secondly, most TOR exits are listed in DNSBL and other databases, so the
delivery will fail (i personally just turned on a warning instead of a reject)
If you want to test sending between to HS mail servers, send me a PGP message.
Kind regards,
elrippo.
--
We don't bubble you, we don't spoof you ;)
Keep your data encrypted!
Log you soon,
your Admin
elrippo at elrippoisland.net
Encrypted messages are welcome.
0x84DF1F7E6AE03644
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd
BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb
UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+
B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5
Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R
9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs
e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9
jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h
q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z
+rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI
KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB
tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs
cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL
BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7
uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd
U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW
oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s
IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb
BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI
kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/
axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM
XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi
dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ
qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU
1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY
s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz
f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc
ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich
O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt
7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5
KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB
FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN
LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv
5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ
MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos
UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC
AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo
N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L
WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs
9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj
1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW
r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU
3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T
An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr
9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN
OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF
Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN
/VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ
6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8
6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL
u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1
wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW
MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz
+v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku
E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9
8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5
GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP
p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE=
=otlL
-----END PGP PUBLIC KEY BLOCK-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140722/adcf1bd7/attachment-0002.sig>
More information about the tor-talk
mailing list