[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: headers in email



Florian Reitmeir wrote:

The better way(tm) to do this would be to just run an open SMTP server
as a hidden service, and run spam filtering, hashacash proof-of-work
challenge, whatever anti-abuse stuff you want, along with header
munging and striping, ... and advertise this server for people to set
their SMTP out to...

Sure. thats a really good hidden service,
As sender ..
- i don't know where the server is, and who its operating..

Not really. Just send yourself an email and look at the Received headers when you get it. That will tell you exactly where the server is.

As receiver
- i see a open relay ..

They wont see an open relay. To see an open relay suggests you have some way of performing a test to relay mail through it.

As user
- is send a mail, and someone alters it, because he feels it rights.. or
	thinks its "the best" todo

This is the problem with Tor. I guess you could use PGP.

I'd be tempted to use authenticated SMTP with a hidden service and make people sign up, so you can rate limit what they send.

Its truly the best combination of all Tor can provide.

You could set up a gmail account via tor. Then point a stunnel at smtp.gmail.com port 465 over Tor using tsocks or something. Making sure you have a copy of their public cert first and that the stunnel validates it. I set this up and pointed my MTA (Exim) at it just for a play at one point. I had to make sure Exim stripped the Received headers and sent a suitably anonymous EHLO when talking to their service but otherwise it worked.

Mike