[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
Hi,
If below info are irrelevant or already discussed or old, then sorry to
post it here.
Are these being already done/added for "Torbutton-birdy" ?
"pref.js" file is inside below folder/directory :
PortableApps\ThunderbirdPortable\App\DefaultData\profile\
Before starting Thunderbird-Portable for first time,
these lines need to be added in "pref.js".
/* instead of sending/leaking your local ip-address, add a word like
"mailproxy" in helo/ehlo field */
user_pref("mail.smtpserver.default.hello_argument", "mailproxy");
/* when portable-thunderbird runs first time, then allow/partially-force
to go via Tor-proxy. The "Polipo" will be needed when using lines which
has port 8118, http or ssl. */
user_pref("dns.nameserver", "");
user_pref("network.proxy.http", "127.0.0.1");
user_pref("network.proxy.http_port", 8118);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.socks", "127.0.0.1");
user_pref("network.proxy.socks_port", 9050);
user_pref("network.proxy.socks_remote_dns", true);
user_pref("network.proxy.ssl", "127.0.0.1");
user_pref("network.proxy.ssl_port", 8118);
user_pref("network.proxy.type", 1);
/* To block auto connect to mozilla */
user_pref("app.update.auto", false);
user_pref("mail.shell.checkDefaultClient", false);
/* to block auto check for emails when startsup, or when started for
first-time */
user_pref("mail.startup.enabledMailCheckOnce", false);
Noticed, pressing "re-test" during adding new email account causes
Thunderbird to bypass Tor-proxy and use local network, thus leaking
ip-address & location of that email, even though Tor-proxy was
pre-specified or pre-configured.
But using the "Create Account" button located inside new email adding
window, did use Tor-proxy.
To avoid such local-net leak/use during email creation, few generic user
name based email accounts with major email service providers can be
pre-added into "pref.js". And then Tor-fied Thunderbird users themselves
can change "User1" in such "User1@xxxxxxxxx" pre-existing emails into
their actual email/user-name.
Pre-existing email accounts with tor-proxy pre-configured in TB, does
not leak dns or tcp.
I Noticed, in older Thunderbirds, the imap, smtp server is
"imap.gmail.com". In my test, that allows to receive emails, but not
sending. And when changed into "imap.googlemail.com", then succeeds in
both sending & receiving gmail emails.
receive: imaps, 993, SSL/TLS.
send : smtps, 587, STARTTLS.
On 5/7/2012 12:59 PM, Jacob Appelbaum wrote:
> On 05/07/2012 03:43 PM, anonym wrote:
>> 05/07/2012 05:33 PM, anonym:
>>> (Since the repo is huge (and there's no gitweb AFAIK) I also attached
>>> the commits as git patches. This were written for Thunderbird 8, but I
>>> know they apply cleanly to TB 10 as well.)
>>
>
> ...
>
>> Hm. I can see that the patches were attached in my outgoing email, but
>> that they didn't reach the mailing list for whatever reason (are
>> attachments disabled?). Here they are pasted inline instead:
>>
>
> I'll comment in line.
>
>>
>> From 0651e1f6e2c4f76fc444969f7fc6600670b302da Mon Sep 17 00:00:00 2001
>> From: Tails developers <amnesia@xxxxxxxx>
>> Date: Wed, 4 Jan 2012 14:48:02 +0100
>> Subject: [PATCH 1/7] Optionally skip probing for plaintext protocols.
>>
>> Setting mailnews.auto_config_ssl_only to True prevents detecting
>> plaintext protocols through autoconfiguration during account creation.
>> ---
>> .../prefs/content/accountcreation/guessConfig.js | 68
>> +++++++++++++-------
>> 1 file changed, 44 insertions(+), 24 deletions(-)
>>
>> diff --git a/mailnews/base/prefs/content/accountcreation/guessConfig.js
>> b/mailnews/base/prefs/content/accountcreation/guessConfig.js
>> index 02acf3c..a183ad3 100644
>> --- a/mailnews/base/prefs/content/accountcreation/guessConfig.js
>> +++ b/mailnews/base/prefs/content/accountcreation/guessConfig.js
>> @@ -802,22 +802,32 @@ function getIncomingTryOrder(host, protocol, ssl,
>> port)
>> else if (protocol == UNKNOWN && !lowerCaseHost.indexOf("imap."))
>> protocol = IMAP;
>>
>> + var prefs = Cc["@mozilla.org/preferences-service;1"]
>> + .getService(Ci.nsIPrefBranch);
>> + var ssl_only = prefs.getBoolPref("mailnews.auto_config_ssl_only");
>> +
>> if (protocol != UNKNOWN) {
>> - if (ssl == UNKNOWN)
>> - return [getHostEntry(protocol, TLS, port),
>> - getHostEntry(protocol, SSL, port),
>> - getHostEntry(protocol, NONE, port)];
>> - return [getHostEntry(protocol, ssl, port)];
>> - }
>> - if (ssl == UNKNOWN)
>> - return [getHostEntry(IMAP, TLS, port),
>> - getHostEntry(IMAP, SSL, port),
>> - getHostEntry(POP, TLS, port),
>> - getHostEntry(POP, SSL, port),
>> - getHostEntry(IMAP, NONE, port),
>> - getHostEntry(POP, NONE, port)];
>> - return [getHostEntry(IMAP, ssl, port),
>> - getHostEntry(POP, ssl, port)];
>> + if (ssl == UNKNOWN) {
>> + var order = [getHostEntry(protocol, TLS, port),
>> + getHostEntry(protocol, SSL, port)];
>> + if (!ssl_only)
>> + order.push(getHostEntry(protocol, NONE, port));
>> + return order;
>> + } else {
>> + return [getHostEntry(protocol, ssl, port)];
>> + }
>> + } else if (ssl == UNKNOWN) {
>> + var order = [getHostEntry(IMAP, TLS, port),
>> + getHostEntry(IMAP, SSL, port),
>> + getHostEntry(POP, TLS, port),
>> + getHostEntry(POP, SSL, port)];
>> + if (!ssl_only)
>> + order.push(getHostEntry(IMAP, NONE, port),
>> + getHostEntry(POP, NONE, port));
>> + return order;
>> + } else
>> + return [getHostEntry(IMAP, ssl, port),
>> + getHostEntry(POP, ssl, port)];
>> };
>>
>
> This certainly should go upstream - I'd be happy to then set
> 'mailnews.auto_config_ssl_only' in Torbutton-birdy.
>
>> /**
>> @@ -826,19 +836,29 @@ function getIncomingTryOrder(host, protocol, ssl,
>> port)
>> function getOutgoingTryOrder(host, protocol, ssl, port)
>> {
>> assert(protocol == SMTP, "need SMTP as protocol for outgoing");
>> + var prefs = Cc["@mozilla.org/preferences-service;1"]
>> + .getService(Ci.nsIPrefBranch);
>> + var ssl_only = prefs.getBoolPref("mailnews.auto_config_ssl_only");
>> +
>> if (ssl == UNKNOWN)
>> {
>> - if (port == UNKNOWN)
>> + if (port == UNKNOWN) {
>> // neither SSL nor port known
>> - return [getHostEntry(SMTP, TLS, UNKNOWN),
>> - getHostEntry(SMTP, TLS, 25),
>> - getHostEntry(SMTP, SSL, UNKNOWN),
>> - getHostEntry(SMTP, NONE, UNKNOWN),
>> - getHostEntry(SMTP, NONE, 25)];
>> + var order = [getHostEntry(SMTP, TLS, UNKNOWN),
>> + getHostEntry(SMTP, TLS, 25),
>> + getHostEntry(SMTP, SSL, UNKNOWN)];
>> + if (!ssl_only)
>> + order.push(getHostEntry(SMTP, NONE, UNKNOWN),
>> + getHostEntry(SMTP, NONE, 25));
>> + return order;
>> + } else {
>> // port known, SSL not
>> - return [getHostEntry(SMTP, TLS, port),
>> - getHostEntry(SMTP, SSL, port),
>> - getHostEntry(SMTP, NONE, port)];
>> + var order = [getHostEntry(SMTP, TLS, port),
>> + getHostEntry(SMTP, SSL, port)];
>> + if (!ssl_only)
>> + order.push(getHostEntry(SMTP, NONE, port));
>> + return order;
>> + }
>> }
>> // SSL known, port not
>> if (port == UNKNOWN)
>>
>
> Seems reasonable enough - I assume you tested it? If so, I'd highly
> encourage you to submit this patch upstream, when it is merged, please
> send us a patch and we'll merge it.
>
> All the best,
> Jacob
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk