[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Mail Gateway



On 19.08.2013 05:31, ITechGeek wrote:
>>> PGP mails, and I'm thinking about enforcing TLS.
> If you enforce TLS, you won't be able to send/receive email for many
> domains.

Yes.

I want to have a script that scans all incoming mail for the used cipher
and in the case of a weak, non-PFS cipher, or no TLS at all, emails both
the sender and postmaster@senderdomain to get their stuff fixed and to
get the sender to move to a proper provider. I want this not only for
this gateway, but for all mail servers I operate. The script should
support pure notification, but also "bouncing" the mail with this custom
reply for non-TLS (before-queue Milter).

Someone has to start working more aggressively for proper TLS sessions.
If people behind the gateway can't get email from Yahoo users, so be it.

See also last paragraph of this mail.

> Also REQUIRING PGP will prevent tor users from communicating w/ many people.
> Some people don't need encrypted email or even secure email, they just need
> anonymity.

The gateway becomes more interesting for attackers if it sees plaintext
mail. If we are coerced into or the box modified to accept also
plaintext mail even though we only accepted PGP mail, you know there's
something fishy about it.

If other entities want to run differently configured mail gateways, I'm
not forcing them to use that part of the configuration. It is currently
disabled in the config for testing and debugging purposes anyway.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk