[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Update to default exit policy

Hash: SHA1

On 20/08/08 19:04, idefix@xxxxxxxxxx wrote:
> Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton, and
> connect to the smtp server trough tor. Will my "real" ip adress occur in
> the mail headers, or the ip of the exit node?
> I'm guessing the ip of the exit node, right? Because if not, it would be
> senseless to use tor? Would be great if someone could clarify this!

Contrary to Sven's reply I claim Thunderbird with Torbutton enabled will
_not_ leak your real IP address in the EHLO/HELO messages. Here's an
experiment proving it:

1. First, let's look at what my mail headers look like when I send mail
without Tor at all, i.e. a direct connection:

	Received: from (nl103-154-119.student.uu.se

The "" address is what was reported in the EHLO/HELO message
to the SMTP server, which is my computers NAT:ed IP address. The long
address within the parenthesis is from which computer the connection to
the SMTP server was made, and in this case it's my firewall/router.

2. The following is what we get when use Thunderbird with Tor, but
without Torbutton:

	Received: from (tor-anonymizer1.dotplex.de

So, the connection was made from a Tor exit node (as expected) but the
SMTP server got my real IP address in the HELO/EHLO message. Since I'm
behind a NAT:ed firewall the IP address reported isn't very revealing,
but people whose computers are directly connected to the Internet (i.e.
no firewall/router in the way) would get their _real_ IP address there.

3. Finally, this is what gets into the the mail header for me when
enabling Torbutton:

	Received: from (tor-anonymizer1.dotplex.de

As you can see nothing is revealed here and all is good. Torbutton wins!

To see all this for yourselves, compare the mail header of this mail
(which is sent with Torbutton enabled, like experiment 3) and any of my
other emails in this thread (which are sent without Tor or any other
form of anonymization, like experiment 1).

Just to be sure I've confirmed all this with a packet sniffer -- with
Torbutton enabled the EHLO/HELO messages are scrubbed and thus harmless.
To confirm this I guess you'd have to fire up your favourite packet
sniffer and try it out yourselves.

So, yeah, with Torbutton you are definitely safer than without it. The
SMTP server does _not_ get your IP address in the EHLO/HELO message. But
there could be all sorts of other leakages that I don't know of, though,
so I wouldn't put my life on it. That's why I think more research is needed.

But let's stop hijacking this thread now. If there's more interest in
discussing this I suggest starting a new thread for that.
Version: GnuPG v2.0.9 (GNU/Linux)