[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)



Hi,
If below info are irrelevant or already discussed or old, then sorry to
post it here.

Are these being already done/added for "Torbutton-birdy" ?

"pref.js" file is inside below folder/directory :
PortableApps\ThunderbirdPortable\App\DefaultData\profile\

Before starting Thunderbird-Portable for first time,
these lines need to be added in "pref.js".

/* instead of sending/leaking your local ip-address, add a word like
"mailproxy" in helo/ehlo field */
user_pref("mail.smtpserver.default.hello_argument", "mailproxy");

/* when portable-thunderbird runs first time, then allow/partially-force
to go via Tor-proxy. The "Polipo" will be needed when using lines which
has port 8118, http or ssl. */
user_pref("dns.nameserver", "");
user_pref("network.proxy.http", "127.0.0.1");
user_pref("network.proxy.http_port", 8118);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.socks", "127.0.0.1");
user_pref("network.proxy.socks_port", 9050);
user_pref("network.proxy.socks_remote_dns", true);
user_pref("network.proxy.ssl", "127.0.0.1");
user_pref("network.proxy.ssl_port", 8118);
user_pref("network.proxy.type", 1);

/* To block auto connect to mozilla */
user_pref("app.update.auto", false);
user_pref("mail.shell.checkDefaultClient", false);

/* to block auto check for emails when startsup, or when started for
first-time */
user_pref("mail.startup.enabledMailCheckOnce", false);

Noticed, pressing "re-test" during adding new email account causes
Thunderbird to bypass Tor-proxy and use local network, thus leaking
ip-address & location of that email, even though Tor-proxy was
pre-specified or pre-configured.
But using the "Create Account" button located inside new email adding
window, did use Tor-proxy.

To avoid such local-net leak/use during email creation, few generic user
name based email accounts with major email service providers can be
pre-added into "pref.js". And then Tor-fied Thunderbird users themselves
can change "User1" in such "User1@xxxxxxxxx" pre-existing emails into
their actual email/user-name.
Pre-existing email accounts with tor-proxy pre-configured in TB, does
not leak dns or tcp.

I Noticed, in older Thunderbirds, the imap, smtp server is
"imap.gmail.com". In my test, that allows to receive emails, but not
sending. And when changed into "imap.googlemail.com", then succeeds in
both sending & receiving gmail emails.
receive: imaps, 993, SSL/TLS.
send : smtps, 587, STARTTLS.



On 5/7/2012 12:59 PM, Jacob Appelbaum wrote:
> On 05/07/2012 03:43 PM, anonym wrote:
>> 05/07/2012 05:33 PM, anonym:
>>> (Since the repo is huge (and there's no gitweb AFAIK) I also attached
>>> the commits as git patches. This were written for Thunderbird 8, but I
>>> know they apply cleanly to TB 10 as well.)
>>
> 
> ...
> 
>> Hm. I can see that the patches were attached in my outgoing email, but
>> that they didn't reach the mailing list for whatever reason (are
>> attachments disabled?). Here they are pasted inline instead:
>>
> 
> I'll comment in line.
> 
>>
>> From 0651e1f6e2c4f76fc444969f7fc6600670b302da Mon Sep 17 00:00:00 2001
>> From: Tails developers <amnesia@xxxxxxxx>
>> Date: Wed, 4 Jan 2012 14:48:02 +0100
>> Subject: [PATCH 1/7] Optionally skip probing for plaintext protocols.
>>
>> Setting mailnews.auto_config_ssl_only to True prevents detecting
>> plaintext protocols through autoconfiguration during account creation.
>> ---
>>  .../prefs/content/accountcreation/guessConfig.js   |   68
>> +++++++++++++-------
>>  1 file changed, 44 insertions(+), 24 deletions(-)
>>
>> diff --git a/mailnews/base/prefs/content/accountcreation/guessConfig.js
>> b/mailnews/base/prefs/content/accountcreation/guessConfig.js
>> index 02acf3c..a183ad3 100644
>> --- a/mailnews/base/prefs/content/accountcreation/guessConfig.js
>> +++ b/mailnews/base/prefs/content/accountcreation/guessConfig.js
>> @@ -802,22 +802,32 @@ function getIncomingTryOrder(host, protocol, ssl,
>> port)
>>    else if (protocol == UNKNOWN && !lowerCaseHost.indexOf("imap."))
>>      protocol = IMAP;
>>
>> +  var prefs = Cc["@mozilla.org/preferences-service;1"]
>> +              .getService(Ci.nsIPrefBranch);
>> +  var ssl_only = prefs.getBoolPref("mailnews.auto_config_ssl_only");
>> +
>>    if (protocol != UNKNOWN) {
>> -    if (ssl == UNKNOWN)
>> -      return [getHostEntry(protocol, TLS, port),
>> -              getHostEntry(protocol, SSL, port),
>> -              getHostEntry(protocol, NONE, port)];
>> -    return [getHostEntry(protocol, ssl, port)];
>> -  }
>> -  if (ssl == UNKNOWN)
>> -    return [getHostEntry(IMAP, TLS, port),
>> -            getHostEntry(IMAP, SSL, port),
>> -            getHostEntry(POP, TLS, port),
>> -            getHostEntry(POP, SSL, port),
>> -            getHostEntry(IMAP, NONE, port),
>> -            getHostEntry(POP, NONE, port)];
>> -  return [getHostEntry(IMAP, ssl, port),
>> -          getHostEntry(POP, ssl, port)];
>> +    if (ssl == UNKNOWN) {
>> +      var order = [getHostEntry(protocol, TLS, port),
>> +                   getHostEntry(protocol, SSL, port)];
>> +      if (!ssl_only)
>> +        order.push(getHostEntry(protocol, NONE, port));
>> +      return order;
>> +    } else {
>> +      return [getHostEntry(protocol, ssl, port)];
>> +    }
>> +  } else if (ssl == UNKNOWN) {
>> +    var order = [getHostEntry(IMAP, TLS, port),
>> +                 getHostEntry(IMAP, SSL, port),
>> +                 getHostEntry(POP, TLS, port),
>> +                 getHostEntry(POP, SSL, port)];
>> +    if (!ssl_only)
>> +      order.push(getHostEntry(IMAP, NONE, port),
>> +                 getHostEntry(POP, NONE, port));
>> +    return order;
>> +  } else
>> +    return [getHostEntry(IMAP, ssl, port),
>> +            getHostEntry(POP, ssl, port)];
>>  };
>>
> 
> This certainly should go upstream - I'd be happy to then set
> 'mailnews.auto_config_ssl_only' in Torbutton-birdy.
> 
>>  /**
>> @@ -826,19 +836,29 @@ function getIncomingTryOrder(host, protocol, ssl,
>> port)
>>  function getOutgoingTryOrder(host, protocol, ssl, port)
>>  {
>>    assert(protocol == SMTP, "need SMTP as protocol for outgoing");
>> +  var prefs = Cc["@mozilla.org/preferences-service;1"]
>> +              .getService(Ci.nsIPrefBranch);
>> +  var ssl_only = prefs.getBoolPref("mailnews.auto_config_ssl_only");
>> +
>>    if (ssl == UNKNOWN)
>>    {
>> -    if (port == UNKNOWN)
>> +    if (port == UNKNOWN) {
>>        // neither SSL nor port known
>> -      return [getHostEntry(SMTP, TLS, UNKNOWN),
>> -              getHostEntry(SMTP, TLS, 25),
>> -              getHostEntry(SMTP, SSL, UNKNOWN),
>> -              getHostEntry(SMTP, NONE, UNKNOWN),
>> -              getHostEntry(SMTP, NONE, 25)];
>> +      var order = [getHostEntry(SMTP, TLS, UNKNOWN),
>> +                   getHostEntry(SMTP, TLS, 25),
>> +                   getHostEntry(SMTP, SSL, UNKNOWN)];
>> +      if (!ssl_only)
>> +        order.push(getHostEntry(SMTP, NONE, UNKNOWN),
>> +                   getHostEntry(SMTP, NONE, 25));
>> +      return order;
>> +    } else {
>>      // port known, SSL not
>> -    return [getHostEntry(SMTP, TLS, port),
>> -            getHostEntry(SMTP, SSL, port),
>> -            getHostEntry(SMTP, NONE, port)];
>> +    var order = [getHostEntry(SMTP, TLS, port),
>> +                 getHostEntry(SMTP, SSL, port)];
>> +    if (!ssl_only)
>> +      order.push(getHostEntry(SMTP, NONE, port));
>> +    return order;
>> +    }
>>    }
>>    // SSL known, port not
>>    if (port == UNKNOWN)
>>
> 
> Seems reasonable enough - I assume you tested it? If so, I'd highly
> encourage you to submit this patch upstream, when it is merged, please
> send us a patch and we'll merge it.
> 
> All the best,
> Jacob
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk