[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Help with getting a good automated sign up script for an email service on TOR
Nathan,
The development servers are in separate jurisdictions throughout the world.
For the initial proof of concept, I have two MTAs and two Data Servers,
with one spare server. Each one is in a separate jurisdiction to make it
more difficult to tap. I won't go into details, but let's just say that
the United States wasn't an option for the Data Servers. I may consider
the US for MTAs in the future...
Rock
On Tue, Sep 17, 2013 at 6:10 PM, Nathan Suchy <
theusernameiwantistaken@xxxxxxxxx> wrote:
> You should send email from a separate server in a different location and
> have legal protection. Keep it in a Europe country that would help...
>
> Sent from my Android so do not expect a fast, long, or perfect response...
> On Sep 17, 2013 5:45 PM, "Conrad Rockenhaus" <conrad@xxxxxxxxxxxxxx>
> wrote:
>
> > Nathan,
> >
> > That's exactly what I'm doing with this project.
> >
> > Internet<---->MTAs(Just running Postfix with ABSOLUTELY no logging) also
> > running TOR as a (client only)<------>Data Server(Running as Hidden
> Service
> > only, no logging)<----->TOR End User
> >
> > Basically, to the normal Internet, it will just be a plain jane email
> > address that is coming from a plain jane MTA. The MTAs will not know the
> > IP address of the data servers because they will only deliver the email
> via
> > TORified SMTP to the data server.
> >
> > Of course, standard SPAM limiting measures will be in place (limits on
> > number of addressees in a message, limits on how many messages can be
> sent
> > per minute, per hour, etc.)
> >
> > Now I've got the MTAs, I'm just perfecting the configuration and trying
> to
> > figure out a good domain name to use for the service (I would rather not
> > use networks.rockenhaus.com, which is the placeholder for now.) I also
> > need to come up with a secondary domain name in case people start
> blocking
> > emails from the domain.
> >
> > I'm funding the initial proof of concept. What I'll be asking for is
> > either a honor system payment (so those who can't afford to pay can still
> > use the service) or a donation based model, and also try to fund the
> > service with tor based web hosting (which I doubt will bring in any
> needed
> > cash) and ask for donations of bandwidth and servers.
> >
> > The primary main objective, heh, is to ensure a failsafe system to
> provide
> > freedom of expression, freedom of government intrusion, and freedom of
> > ensuring access to an experimental anonymous email system that won't turn
> > over anything on it's servers, as if authorities seize MTAs, they won't
> > find any evidence on there, and if they seize a data server, there's
> > another data server standing by to automatically fail over (not putting
> the
> > eggs in one basket like tormail.) The only lines of compromise are
> > sniffing the traffic in the MTAs, most TOR users are capable of utilizing
> > encryption for their emails anyway.
> >
> > Sorry for the long response. I just wanted to paint a picture of how it
> > would work.
> >
> > Now, for those who are curious about a guy who appeared out of no where
> and
> > started building this - I've been lurking for a while, and I didn't want
> to
> > say anything until I had the resources to build this. If you want
> further
> > information about me please feel free to contact me and I'll let you know
> > who I am and why I am very pro free speech and pro tor, even when it's
> used
> > to personally attack me.
> >
> > Thanks,
> >
> > Rock
> >
> >
> > On Tue, Sep 17, 2013 at 3:51 PM, Nathan Suchy <
> > theusernameiwantistaken@xxxxxxxxx> wrote:
> >
> > > If your willing to use a few servers one could be a Tor Node and one
> > could
> > > be an Email Relay which seemed normal and custom code your project..
> > >
> > > Sent from my Android so do not expect a fast, long, or perfect
> > response...
> > > On Sep 17, 2013 10:26 AM, "Conrad Rockenhaus" <conrad@xxxxxxxxxxxxxx>
> > > wrote:
> > >
> > > > Thanks. The service that I'm starting up is connecting to external
> mtas
> > > > that aren't tor exit nodes. So basically, the way tormail was set up
> > to
> > > a
> > > > degree. Starting out small until so I can prove the viability so
> people
> > > > will start using and hopefully donating either bandwidth or etc to
> keep
> > > it
> > > > alive.
> > > >
> > > > There's going to be one major difference between this project and
> > tormail
> > > > though - the data/web backend won't be in one place. More on that
> > later,
> > > > I'm trying to get the proof of concept off the ground.
> > > >
> > > > -Rock
> > > > On Sep 17, 2013 10:11 AM, "Harold Naparst" <harold@xxxxxxxxxxxx>
> > wrote:
> > > >
> > > > > > http://eq4xhu6y7nmemcb2.onion/squirrelmail
> > > > >
> > > > > > is almost online. Working out some kinks and need to get the
> > bigger
> > > > MTAs
> > > > > > set up. However, I need to find a good automated sign up script
> > > > because
> > > > > I
> > > > > > don't feel like coding one. Anyone know of a good one? I've
> tried
> > > the
> > > > > > Google and came up empty handed.
> > > > >
> > > > > Rock, you can check out mine: http://secmailmzz5xe4do.onion
> > > > >
> > > > > I haven't had time to add a CAPTCHA yet, because I'm more
> interested
> > in
> > > > > working on getting mail sent to non-onion sites to use the tor
> > network
> > > > > without leaking DNS and so on. The registration script depends on
> > how
> > > > you
> > > > > are storing your login information, and there are a lot of ways to
> do
> > > > that.
> > > > > I'm using vpopmail, and I hacked vqregister, which is mentioned in
> > the
> > > > > squirrelmail plugins page. Vqregister is truly horrible, and I had
> > to
> > > > hack
> > > > > it pretty badly to get it to work. If you want it, though, you can
> > > have
> > > > > it. But probably you're using something else (like
> > > > postfix/postfixadmin),
> > > > > and so the architecture won't work for you.
> > > > >
> > > > > This hidden mail service will probably only be useful for mail to
> > other
> > > > > .onion sites, because most large e-mail providers block e-mail from
> > tor
> > > > > exit nodes, as I found out during testing.
> > > > >
> > > > > Harold
> > > > > --
> > > > > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > > > > To unsusbscribe or change other settings go to
> > > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> > > > >
> > > > --
> > > > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > > > To unsusbscribe or change other settings go to
> > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> > > >
> > > --
> > > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > > To unsusbscribe or change other settings go to
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> > >
> > --
> > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > To unsusbscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk