[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Outbound SMTP via TOR?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Outbound SMTP via TOR?
From: Elrippo Athletico <elrippo@xxxxxxxxxxxxxxxxx>
Date: Tue, 22 Jul 2014 09:16:55 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 22 Jul 2014 03:26:35 -0400
In-reply-to: <b68180934ae85bfba9fa3072b193a31b@xxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <410b33eaee13d4efc1df90f36952864c@xxxxxxxxxxxxxxxxxxxxxxx> <53CC7821.7090806@xxxxxxxxx> <b68180934ae85bfba9fa3072b193a31b@xxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Am Montag, 21. Juli 2014, 11:28:09 schrieb Rene Bartsch:
> Am 2014-07-21 04:17, schrieb Cinaed Simson:
> > On 07/17/2014 07:11 AM, Elrippo wrote:
> >> I don't think that this is a problem, if you configure TOR as a
> >> transparent proxy with some iptables rules on your Debian based OS,
> >> all TCP based traffic is routed through TOR
> >> 
> >> Take a look at the last example
> >> https://elrippoisland.net/public/how_to/anonymity.html
> > 
> > An untrusted HTTPS connection? Really?
> > 
> > Anonymity without security?
> 
> I assume this relates to Elrippo's documentation. After my understanding
> all connections between a TOR-client and a TOR Hidden Service are
> end-to-end encrypted and authenticated via RSA-key->TOR Hidden Service
> ID/domain.
> 
> My main problem is to route the SMTP-/Jabber-client traffic into the TOR
> network. It would be great to be able to distinguish between normal
> remote host domains and .onion, too.
> 
> But still the main goal is a very easy mail setup for average-joes with
> secure end-to-end encryption.

Yes, that is not so hard to accomplish. Just route all traffic of your HS Server 
into TOR, then send a mail to another HS Mail Server or to a "normal" Mail 
Server on the I-net.

If i send a mail from my HS mail server to a "normal" mail server, the log 
looks a little bit like that.

1.) HS Mail server log entry

2014-07-22 06:33:02 1X9TdF-0001ao-6F <= elrippo@xxxxxxxxxxxxxxxxxxxxxx 
H=localhost ([192.168.3.182]) [127.0.0.1] P=esmtpsa 
X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32 A=plain_saslauthd_server:elrippo S=3178 
id=47fcd221-edc2-497d-8e6e-43e490d046ea@xxxxxxxxxxxxxxxxx
2014-07-22 06:33:08 1X9TdF-0001ao-6F == elrippo@xxxxxxxxxxxxxxxxx R=dnslookup 
T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT 
TO:<elrippo@xxxxxxxxxxxxxxxxx>: host elrippoisland.net [212.186.51.184]: 
451-46.20.46.152 is not yet authorized to deliver mail from\n451-
<elrippo@xxxxxxxxxxxxxxxxxxxxxx> to <elrippo@xxxxxxxxxxxxxxxxx>. Please 
try\n451 later.
2014-07-22 06:56:26 Start queue run: pid=6144
2014-07-22 06:57:21 1X9TdF-0001ao-6F => elrippo@xxxxxxxxxxxxxxxxx R=dnslookup 
T=remote_smtp H=elrippoisland.net [212.186.51.184] 
X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="CN=elrippoisland.net"
2014-07-22 06:57:21 1X9TdF-0001ao-6F Completed
2014-07-22 06:57:21 End queue run: pid=6144



2.) Recieving "Normal" Mail server log entry

no host name found for IP address 46.20.46.152
2014-07-22 08:56:54 no IP address found for host someonionaddress.onion 
(during SMTP connection from (localhost) [46.20.46.152])
2014-07-22 08:57:04 DNS list lookup defer (probably timeout) for 
152.46.20.46.zen.spamhaus.org: assumed not in list
2014-07-22 08:57:10 H=(localhost) [46.20.46.152] Warning: 46.20.46.152 is 
listed at sbl-xbl.spamhaus.org (127.0.0.4: 
http://www.spamhaus.org/query/bl?ip=46.20.46.152)
2014-07-22 08:57:20 1X9U0c-0002nG-5f SA: Action: scanned but message isn't 
spam: score=-0.5 required=5.0 (scanned in 9/9 secs | Message-Id: 
1X9U0c-0002nG-5f). From <elrippo@xxxxxxxxxxxxxxxxxxxxxx> (host=NULL 
[46.20.46.152]) for elrippo@xxxxxxxxxxxxxxxxx
2014-07-22 08:57:20 1X9U0c-0002nG-5f <= elrippo@xxxxxxxxxxxxxxxxxxxxxx 
H=(localhost) [46.20.46.152] P=esmtps X=TLS1.0:RSA_AES_256_CBC_SHA1:32 S=3934
2014-07-22 08:57:20 1X9U0c-0002nG-5f => elrippo <elrippo@xxxxxxxxxxxxxxxxx> 
R=local_user T=maildir_home
2014-07-22 08:57:20 1X9U0c-0002nG-5f Completed


3.) So. the sending IP address is an Exit in the TOR Network. In this case 
that would be https://globe.torproject.org/#/search/query=46.20.46.152

4.) Now it gets delicate. You have to configure your HS Mail server to 
anonyminize the header of the mail to NOT to leak any information! This is 
very important, because the recieving IP of the client is logged and written 
into the header, also the sending IP of your HS is logged an written into the 
header of the mail!
So watch out for modifying headers of your Mail server before sending any 
mail!
I know how to modify Exim, but i have no knowledge of other mail servers.

The HEADER of this test mail looks a bit like this.



Return-path: <elrippo@xxxxxxxxxxxxxxxxxxxxxx>
Envelope-to: elrippo@xxxxxxxxxxxxxxxxx
Delivery-date: Tue, 22 Jul 2014 08:57:20 +0200
Received: from 127.0.0.1
	by server500gb.chello.at with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim latest)
	(envelope-from <elrippo@xxxxxxxxxxxxxxxxxxxxxx>)
	id 1X9U0c-0002nG-5f
	for elrippo@xxxxxxxxxxxxxxxxx; Tue, 22 Jul 2014 08:57:20 +0200
Received: from YourFriendlyHiddenService
	by AgainYourFriendlyHiddenService with esmtpsa 
(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(YourFriendlyHiddenServiceMTA)
	(envelope-from <elrippo@xxxxxxxxxxxxxxxxxxxxxx>)
	
	for elrippo@xxxxxxxxxxxxxxxxx; Tue, 22 Jul 2014 06:33:02 +0000
MIME-Version: 1.0
From: Elrippo <elrippo@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 22 Jul 2014 08:33:27 +0200
To: Admin <elrippo@xxxxxxxxxxxxxxxxx>
X-Warning: 46.20.46.152 is blacklisted at sbl-xbl.spamhaus.org (127.0.0.4: 
http://www.spamhaus.org/query/bl?ip=46.20.46.152)
X-SA-Exim-Rcpt-To: elrippo@xxxxxxxxxxxxxxxxx
X-SA-Exim-Mail-From: elrippo@xxxxxxxxxxxxxxxxxxxxxx
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	server500gb.chello.at
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=5.0 tests=ALL_TRUSTED,MISSING_MID,
	NO_DNS_FOR_FROM,TVD_RCVD_IP,TVD_RCVD_IP4 autolearn=no version=3.3.2
Content-Type: text/plain;
  charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Test
X-SA-Exim-Version: 4.2.1 (built Sun, 08 Jan 2012 03:05:19 +0000)
X-SA-Exim-Scanned: Yes (on server500gb.chello.at)
X-Elrippo-LOCAL-Header: This is a verfication, that your message is handled by 
server500gb.chello.at
X-Length: 4243
X-UID: 16382

-----BEGIN PGP MESSAGE-----
Version: APG v1=2E1=2E1
-----EN=
D PGP MESSAGE-----


Most mail servers on the clear net will not accept any mail from a HS mail 
server, because the IP Address is not coressponding to a TLD.

Secondly, most TOR exits are listed in DNSBL and other databases, so the 
delivery will fail (i personally just turned on a warning instead of a reject)

If you want to test sending between to HS mail servers, send me a PGP message.

Kind regards,
elrippo.

-- 
We don't bubble you, we don't spoof you ;)
Keep your data encrypted!
Log you soon,
your Admin
elrippo@xxxxxxxxxxxxxxxxx

Encrypted messages are welcome.
0x84DF1F7E6AE03644

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd
BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb
UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+
B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5
Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R
9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs
e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9
jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h
q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z
+rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI
KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB
tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs
cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL
BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7
uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd
U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW
oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s
IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb
BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI
kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/
axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM
XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi
dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ
qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU
1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY
s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz
f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc
ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich
O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt
7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5
KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB
FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN
LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv
5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ
MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos
UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC
AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo
N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L
WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs
9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj
1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW
r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU
3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T
An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr
9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN
OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF
Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN
/VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ
6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8
6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL
u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1
wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW
MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz
+v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku
E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9
8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5
GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP
p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE=
=otlL
-----END PGP PUBLIC KEY BLOCK-----

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Outbound SMTP via TOR?
  - From: Rene Bartsch
- Re: [tor-talk] Outbound SMTP via TOR?
  - From: Cinaed Simson
- Re: [tor-talk] Outbound SMTP via TOR?
  - From: Rene Bartsch

Prev by Author: Re: [tor-talk] Outbound SMTP via TOR?
Next by Author: Re: [tor-talk] Outbound SMTP via TOR? (slightly OT)
Previous by thread: Re: [tor-talk] Outbound SMTP via TOR?
Next by thread: [tor-talk] Escalating hidden services
Index(es):
- Author
- Thread