[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Help with getting a good automated sign up script for an email service on TOR



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Rock,

What you are setting up is identical to postman's mail.i2p/i2pmail.org
service in I2P (which I am using right now). See
http://hq.postman.i2p/ for details (http://hq.postman.i2p.us/ via an
I2P inproxy).

I only mention this here because postman's mail system has been
running since 2004, so he could be a useful source of info for you.
And I think that having the operators of two similar mail systems
talking with each other would be beneficial to the development of
these systems :)

str4d

On 09/18/2013 12:41 PM, Conrad Rockenhaus wrote:
> Nathan,
> 
> The development servers are in separate jurisdictions throughout
> the world. For the initial proof of concept, I have two MTAs and
> two Data Servers, with one spare server.  Each one is in a separate
> jurisdiction to make it more difficult to tap.  I won't go into
> details, but let's just say that the United States wasn't an option
> for the Data Servers.  I may consider the US for MTAs in the
> future...
> 
> Rock
> 
> 
> On Tue, Sep 17, 2013 at 6:10 PM, Nathan Suchy < 
> theusernameiwantistaken@xxxxxxxxx> wrote:
> 
>> You should send email from a separate server in a different
>> location and have legal protection. Keep it in a Europe country
>> that would help...
>> 
>> Sent from my Android so do not expect a fast, long, or perfect
>> response... On Sep 17, 2013 5:45 PM, "Conrad Rockenhaus"
>> <conrad@xxxxxxxxxxxxxx> wrote:
>> 
>>> Nathan,
>>> 
>>> That's exactly what I'm doing with this project.
>>> 
>>> Internet<---->MTAs(Just running Postfix with ABSOLUTELY no
>>> logging) also running TOR as a (client only)<------>Data
>>> Server(Running as Hidden
>> Service
>>> only, no logging)<----->TOR End User
>>> 
>>> Basically, to the normal Internet, it will just be a plain jane
>>> email address that is coming from a plain jane MTA.  The MTAs
>>> will not know the IP address of the data servers because they
>>> will only deliver the email
>> via
>>> TORified SMTP to the data server.
>>> 
>>> Of course, standard SPAM limiting measures will be in place
>>> (limits on number of addressees in a message, limits on how
>>> many messages can be
>> sent
>>> per minute, per hour, etc.)
>>> 
>>> Now I've got the MTAs, I'm just perfecting the configuration
>>> and trying
>> to
>>> figure out a good domain name to use for the service (I would
>>> rather not use networks.rockenhaus.com, which is the
>>> placeholder for now.)  I also need to come up with a secondary
>>> domain name in case people start
>> blocking
>>> emails from the domain.
>>> 
>>> I'm funding the initial proof of concept.  What I'll be asking
>>> for is either a honor system payment (so those who can't afford
>>> to pay can still use the service) or a donation based model,
>>> and also try to fund the service with tor based web hosting
>>> (which I doubt will bring in any
>> needed
>>> cash) and ask for donations of bandwidth and servers.
>>> 
>>> The primary main objective, heh, is to ensure a failsafe system
>>> to
>> provide
>>> freedom of expression, freedom of government intrusion, and
>>> freedom of ensuring access to an experimental anonymous email
>>> system that won't turn over anything on it's servers, as if
>>> authorities seize MTAs, they won't find any evidence on there,
>>> and if they seize a data server, there's another data server
>>> standing by to automatically fail over (not putting
>> the
>>> eggs in one basket like tormail.)  The only lines of compromise
>>> are sniffing the traffic in the MTAs, most TOR users are
>>> capable of utilizing encryption for their emails anyway.
>>> 
>>> Sorry for the long response.  I just wanted to paint a picture
>>> of how it would work.
>>> 
>>> Now, for those who are curious about a guy who appeared out of
>>> no where
>> and
>>> started building this - I've been lurking for a while, and I
>>> didn't want
>> to
>>> say anything until I had the resources to build this.  If you
>>> want
>> further
>>> information about me please feel free to contact me and I'll
>>> let you know who I am and why I am very pro free speech and pro
>>> tor, even when it's
>> used
>>> to personally attack me.
>>> 
>>> Thanks,
>>> 
>>> Rock
>>> 
>>> 
>>> On Tue, Sep 17, 2013 at 3:51 PM, Nathan Suchy < 
>>> theusernameiwantistaken@xxxxxxxxx> wrote:
>>> 
>>>> If your willing to use a few servers one could be a Tor Node
>>>> and one
>>> could
>>>> be an Email Relay which seemed normal and custom code your
>>>> project..
>>>> 
>>>> Sent from my Android so do not expect a fast, long, or
>>>> perfect
>>> response...
>>>> On Sep 17, 2013 10:26 AM, "Conrad Rockenhaus"
>>>> <conrad@xxxxxxxxxxxxxx> wrote:
>>>> 
>>>>> Thanks. The service that I'm starting up is connecting to
>>>>> external
>> mtas
>>>>> that aren't tor exit nodes.  So basically, the way tormail
>>>>> was set up
>>> to
>>>> a
>>>>> degree. Starting out small until so I can prove the
>>>>> viability so
>> people
>>>>> will start using and hopefully donating either bandwidth or
>>>>> etc to
>> keep
>>>> it
>>>>> alive.
>>>>> 
>>>>> There's going to be one major difference between this
>>>>> project and
>>> tormail
>>>>> though - the data/web backend won't be in one place. More
>>>>> on that
>>> later,
>>>>> I'm trying to get the proof of concept off the ground.
>>>>> 
>>>>> -Rock On Sep 17, 2013 10:11 AM, "Harold Naparst"
>>>>> <harold@xxxxxxxxxxxx>
>>> wrote:
>>>>> 
>>>>>>> http://eq4xhu6y7nmemcb2.onion/squirrelmail
>>>>>> 
>>>>>>> is almost online.  Working out some kinks and need to
>>>>>>> get the
>>> bigger
>>>>> MTAs
>>>>>>> set up.  However, I need to find a good automated sign
>>>>>>> up script
>>>>> because
>>>>>> I
>>>>>>> don't feel like coding one.  Anyone know of a good one?
>>>>>>> I've
>> tried
>>>> the
>>>>>>> Google and came up empty handed.
>>>>>> 
>>>>>> Rock, you can check out mine:
>>>>>> http://secmailmzz5xe4do.onion
>>>>>> 
>>>>>> I haven't had time to add a CAPTCHA yet, because I'm
>>>>>> more
>> interested
>>> in
>>>>>> working on getting mail sent to non-onion sites to use
>>>>>> the tor
>>> network
>>>>>> without leaking DNS and so on.  The registration script
>>>>>> depends on
>>> how
>>>>> you
>>>>>> are storing your login information, and there are a lot
>>>>>> of ways to
>> do
>>>>> that.
>>>>>> I'm using vpopmail, and I hacked vqregister, which is
>>>>>> mentioned in
>>> the
>>>>>> squirrelmail plugins page.  Vqregister is truly horrible,
>>>>>> and I had
>>> to
>>>>> hack
>>>>>> it pretty badly to get it to work.  If you want it,
>>>>>> though, you can
>>>> have
>>>>>> it.  But probably you're using something else (like
>>>>> postfix/postfixadmin),
>>>>>> and so the architecture won't work for you.
>>>>>> 
>>>>>> This hidden mail service will probably only be useful for
>>>>>> mail to
>>> other
>>>>>> .onion sites, because most large e-mail providers block
>>>>>> e-mail from
>>> tor
>>>>>> exit nodes, as I found out during testing.
>>>>>> 
>>>>>> Harold -- tor-talk mailing list -
>>>>>> tor-talk@xxxxxxxxxxxxxxxxxxxx To unsusbscribe or change
>>>>>> other settings go to 
>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>>>>>
>>>>>
>>>>>> 
- --
>>>>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To
>>>>> unsusbscribe or change other settings go to 
>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>>>>
>>>>
>>>>> 
- --
>>>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To
>>>> unsusbscribe or change other settings go to 
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>>>
>>>
>>>> 
- --
>>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To
>>> unsusbscribe or change other settings go to 
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>> 
>> -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To
>> unsusbscribe or change other settings go to 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCgAGBQJSOTGuAAoJENXeOJaUpGWyvWgH/1R66gHeTE5J2FUA1qQT/uNo
/2RoCWkUOZfNTsVCvMPYzR/208OlLAd82BCP77E9/ddgy3hc7A2VzXBvtLrNfOI7
Yj+yTW6vE1iC9ce9SX4Y7fGgrXdH02sfu7YNXn9TAc3kBewyC8vvvs5PC5MUKWrU
M67QAeA1iXSeAyelWGh8UBnjKAPiFwH8ajGTK0GJa0/VAzcMjLSLg00aRw+JkpkC
s3VJEpqkKW05DmVD6WjmoPr4IX07bxf1rDYBGPij8HpHPR4ATSzUxPi+oCL3Md8L
A9wOdXeORuN/dt+wzUy7S/cXkUDZVNXtfDqnUeevsRFVBwFA6KGSSzN9XcpciXw=
=l2nE
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk