Re: Ports 465/587 in exit policy (was Re: Update to default exit policy)
F. Fox([EMAIL PROTECTED])@Sun, Sep 07, 2008 at 06:27:08PM -0700: Bill Weiss wrote: (snip) My Tor node runs a medium-load mail server as well, and I've never been blacklisted for spam stuff [1]. That seems like a decent indication of it not causing problems given how rabid the anti-spam people can get. 1: I've gotten blacklisted twice by SORBS for virus activities, which were people using IRC (for bad things, I assume) via my node. That doesn't count. I've gotten on some DNSBL list, which basically keeps me off of several IRC networks. The catch is: I'm running a middleman-only node! Ugh, yes. I pretty much can't SSH from my shell server (/ Tor server / mail server / etc) because of that. The kicker is, I don't allow most IRC traffic out. It's really time to buy a new IP or two. -- Bill Weiss There is no 'patch' for stupidity. -- SQLSecurity.com
Re: Ports 465/587 in exit policy (was Re: Update to default exit policy)
[EMAIL PROTECTED]([EMAIL PROTECTED])@Thu, Sep 04, 2008 at 04:14:17PM -0400: On Thu, Sep 04, 2008 at 08:25:20AM -0700, [EMAIL PROTECTED] wrote 1.5K bytes in 37 lines about: : -BEGIN PGP SIGNED MESSAGE- : Supposedly, one of the exit node operators is going to try opening : 465/587 where he hasn't done so before. I've done it. So far, no complaints. Something I might not have mentioned before, but seems relevant: My Tor node runs a medium-load mail server as well, and I've never been blacklisted for spam stuff [1]. That seems like a decent indication of it not causing problems given how rabid the anti-spam people can get. 1: I've gotten blacklisted twice by SORBS for virus activities, which were people using IRC (for bad things, I assume) via my node. That doesn't count. -- Bill Weiss Going from programming in Pascal to programming in C, is like learning to write in Morse code. -- J P Candusso
Re: Ports 465/587 in exit policy (was Re: Update to default exit policy)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bill Weiss wrote: (snip) My Tor node runs a medium-load mail server as well, and I've never been blacklisted for spam stuff [1]. That seems like a decent indication of it not causing problems given how rabid the anti-spam people can get. 1: I've gotten blacklisted twice by SORBS for virus activities, which were people using IRC (for bad things, I assume) via my node. That doesn't count. I've gotten on some DNSBL list, which basically keeps me off of several IRC networks. The catch is: I'm running a middleman-only node! I really hate how some of those blocklist maintainers indiscriminately add the entire contents of the Tor directory to their proxy lists. It'd be really nice if they used the exit-only list that is put out specifically for that purpose... - -- F. Fox Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBCAAGBQJIxH9qAAoJECxKjnsrYHNHJNgQAIYLRPXecPZ/8gFFw8LBRFMA 7yLmqgfZw+b5zQ/O89nvDzrXRnBtjep0qh/Q9ZtV+TnT291h27MZ1/fysIGSGkBw q0XC9uK8zbcoqDi7sMEortqAYIEeYrFjW1zV1QHyf9Rtc+tHSGHoMCXnaEvZwQlC RyV6V3Y3SWjAGV3MktBzZ9u/P827V/CYmhy0X6IFQxyPt14Js1Lf8865SZNlXMvj nD8oSUKEllJwh/dvdrr+9kOTquM5x6cC/AX3lLHnu0fhG9vPByLNCIQDX+NnoR/4 dbeOchHss35/KDNvvWs3zJ+cTEuyznk1084zmzaRyp1KXwQ78LHJtE3/Cdrhcy41 EdfH633KKt8OvVWVVqHh4g9cspK+sWitsBh3CtMjDNfig9YcTmgVCWBtIuqqoV+T oCyYhI1piWUeOjDC9Wer156oZ1Mbf6zMfWUJFZ7reuh5YgYpc3164BsmDTjFLvot mnur9lWDLBVLQ84KMD+HABfNBGe6nFiCUCFt5h1rLWiVSRsWLpkSLsTzemlEcK7h Ob1x2fVgNfxCAsvXK/lc3MJy+t0LzyausfF/BClWVh5UAygetrBRDwWwIT/oA6M/ deI/XFfekz4am6KRtATydq4zayI3e+avZGsiYS1xfSjnD5bQHgc7+OYnLxTJ2tmz fdotK/GJtuPo6WeidDVD =2gQC -END PGP SIGNATURE-
Re: Ports 465/587 in exit policy (was Re: Update to default exit policy)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Supposedly, one of the exit node operators is going to try opening 465/587 where he hasn't done so before. I'm all for opening 465/587 by default, but I also understand the concern of exit operators that there may be a significant number of (perhaps unknown?) sites running them in an insecure fashion. I think an experimental approach could be greatly enlightening in this case. - -- F. Fox Owner of Tor node kitsune http://fenrisfox.livejournal.com Note 2008/08/19: I lost my old GPG keypair, and have generated a new one. Authenticity can be verified by checking the ContactInfo on kitsune. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBCAAGBQJIv/3TAAoJECxKjnsrYHNHfkYP+gNZ91X6Pdcs074yGxV7ACQl hk9IfU/Fn6y9mzzMnuyw0euhUMUu16Cm0iChKqQBBqshuQFKpfxVh7SoZfHozsD1 soY9mhsReRA9hMBKGgpG6nkKaYxVbQR9r++ihorRrFCVuarGmdiBHXjwygQFWAHR VhlkJbQFpG+QKO735G7z9PgX2nbMT59oRXYkC268wc/VMRDTjwKHU5NmQoAyshOv s45Ajis+5aBztCJ3qI63kF7RluXIEbEKEWzoZYFQQsj8y6PwJ5xl2OgHxxVoswsr tZkXFFymFL2RvPniy321ZW/47LWBF3xOY8HDme3nQ/X4BclukkdIMC9rnRmRhVtd Z2A3+zTUJYdqqB0vhoxriIo3bv67xowmQJeGDSxUViQmnoPKWgOYa88J7rbItaWV LxBB4Ky4QwBgYlUCQZW0e8YhOG1aYdMZ1La+i6m9YTtWKQhc3uYIUXaXKxQSwTDQ tNlbRmAu4bHcUNDRLtl0lP+zrngkoUVVz58KnkMNx/U7P9W0ddbWlReOVOiOYDqG rTVyV+lZjaaxLpBz+lctr0qjWRQnq5I2zr/a+LfvwDLanButTspVbroB7So8lAGG KMSv2o8HaNPH+AldlB3wvlpn7Ho9aMV8B7XXQxkZmUks8GQaHnMayONJEAsJD5/w kOPnTiBPNrDKm8dFk4aT =U8it -END PGP SIGNATURE-
Re: Ports 465/587 in exit policy (was Re: Update to default exit policy)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Roger Dingledine wrote: I know this has been discussed before, but I thought I'd bring it up again. The following rules are in the default exit policy and I can't see any reason why they would be: reject *:465 reject *:587 So is there going to be a change to the default Exit Policy? Thanks for sticking with this. I'm probably the closest person there is for changing the default exit policy. I confess I still haven't worked my way through all the off-topic garbage on or-talk from a few weeks ago. Unfortunately, I'm not up on all the different ways that people screw up configuring their mail services these days. Back in 2005 when we first added 465 and 587 to the exit policies: http://archives.seul.org/or/cvs/Sep-2005/msg00090.html we did it because people showed up and explained that many sites were running services on those ports that were basically equivalent to what they run on port 25. It sounds like nobody has any objections to opening these ports back up. And it sounds like it could help those folks using gmail, etc. So I am inclined to do it. Excellent. Thank you for taking the time to look into this Roger. - -- Dawn -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIwBfUcoR2aV1igfIRAroeAJ4iAjXBzh6YBdU3mWyrIX9Gt6LhtACfUgYT VP1S3GZ5F9Ab4rPmwAv7goY= =gaqi -END PGP SIGNATURE-
Re: Ports 465/587 in exit policy (was Re: Update to default exit policy)
On Thu, Sep 04, 2008 at 08:25:20AM -0700, [EMAIL PROTECTED] wrote 1.5K bytes in 37 lines about: : -BEGIN PGP SIGNED MESSAGE- : Supposedly, one of the exit node operators is going to try opening : 465/587 where he hasn't done so before. I've done it. So far, no complaints. -- Andrew
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 7v5w7go9ub0o wrote: There is a clear misunderstanding of the issue at hand by many people here. The exit policy was put in place to prevent connections between Tor users and the last hop (the end MX server), *not* to prevent connections between Tor users and SMTP relays, which is what everybody keeps repeating. There is no problem with a Tor user connecting to an SMTP relay and sending email. If they can do it using Tor, they can do it without using Tor, faster. In those cases, it is the administrator of the SMTP relay that is responsible to stop spam. Just to repeat the problem. It is Tor users connecting to the destination MX server that is the problem. Mail relay, not mail submission. Ports 465 and 587 are mail submission ports. Port 25 is for both submission *and* relay. I have a *lot* of experience with email administration on a very large scale, I know what I'm talking about. Thanks for pursuing this! No problem. Hopefully the relevant people are taking note. Who exactly is responsible for setting the default exit policy, and what is their opinion on this matter? 1. Your arguments make good technical sense. 2. In fact, many endpoints have already enabled those ports without experiencing problems. Only a couple of dozen though unfortunately. If you ignore German and US exit nodes, I can only see 4 at the moment that will let me exit on port 465. 3. Many of us routinely handle our ssl email accounts via TOR, and your proposal (open them by default) would help spread the load, as well as reasonably expanding the default functionality of TOR. Thanks Again! (p.s. this post is being sent via ssl GMAIL, which will include the posting host when using smtps. My posting host will be a TOR exit node :-) ) Ditto. - -- Dawn -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIq/NBcoR2aV1igfIRAkMeAJ9MpfCI7k48cQlU+pkVSAHibPR0nwCgo41e dwyYXKAwBuNw431g7qTolBI= =3b/V -END PGP SIGNATURE-
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/08/08 17:46, Dawney Smith wrote: I have a *lot* of experience with email administration on a very large scale, I know what I'm talking about. I'm sure you do. I'd love to have email work flawlessly and securly with Tor, so opening ports 465 and 587 would be great (currently I do have problems since there's few exit nodes which do that). But as I understand it, email clients + Tor might be a very bad idea ATM. Email clients leak tons of information, the most critical I know of being your IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) transaction. Really, this isn't an argument countering your in any way, but rather a plea that the issues of using email clients with Tor are researched and resolved before that combination gets promoted (IMHO opening ports 465 and 587 is a step towards promoting it). It's very likely your average user will screw up given the current state of things. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkir/F8ACgkQp8EswdDmSVhXFACeOa208cVQzxS5uzWLyK4zOMTG JosAn1j8g02lmNX9EunThkG4yEzzmBCP =8ku6 -END PGP SIGNATURE-
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 anonym wrote: I have a *lot* of experience with email administration on a very large scale, I know what I'm talking about. I'm sure you do. I'd love to have email work flawlessly and securly with Tor, so opening ports 465 and 587 would be great (currently I do have problems since there's few exit nodes which do that). But as I understand it, email clients + Tor might be a very bad idea ATM. Email clients leak tons of information, the most critical I know of being your IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) transaction. Lots of protocols that can be used over Tor are potentially leaky. There are tonnes of exit nodes that allow IRC traffic for example, which can easily leak your username/hostname if you don't configure it correctly. I'm not sure what makes SMTP submission special when it comes to the exit policy. Really, this isn't an argument countering your in any way, but rather a plea that the issues of using email clients with Tor are researched and resolved before that combination gets promoted (IMHO opening ports 465 and 587 is a step towards promoting it). It's very likely your average user will screw up given the current state of things. As you said, the main issue is your hostname being leaked along with the EHLO, or your client loading remote images without using Tor. Personally, I use Thunderbird inside a virtual machine which can only access the Internet via Tor and has no personally identifiable information, including a random hostname and username etc. - -- Dawn -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIrAfrcoR2aV1igfIRAsyuAJ9JTHIuRJQ12qS3j2G1P5QTjHxqJACgkAQT E8DK8FuClOfL7Wuvd9A2zSQ= =oHrD -END PGP SIGNATURE-
Re: Update to default exit policy
On Wed, 20 Aug 2008 11:34:41 +0100 Dawney Smith [EMAIL PROTECTED] wrote: 7v5w7go9ub0o wrote: There is a clear misunderstanding of the issue at hand by many people here. The exit policy was put in place to prevent connections between Tor users and the last hop (the end MX server), *not* to prevent connections between Tor users and SMTP relays, which is what everybody keeps repeating. There is no problem with a Tor user connecting to an SMTP relay and sending email. If they can do it using Tor, they can do it without using Tor, faster. In those cases, it is the administrator of the SMTP relay that is responsible to stop spam. Just to repeat the problem. It is Tor users connecting to the destination MX server that is the problem. Mail relay, not mail submission. Ports 465 and 587 are mail submission ports. Port 25 is for both submission *and* relay. Port 587 is a mail submission port. I'm not so sure about 465, though. A comment that I had left for myself in my torrc prompted me to check it out again to refresh my memory. The lines pertaining to it in my /etc/services say, #smtps 465/tcp#smtp protocol over TLS/SSL (was ssmtp) #smtps 465/udp#smtp protocol over TLS/SSL (was ssmtp) urd 465/tcp# URL Rendezvous Directory for SSM So I went back and dug it out (http://www.iana.org/assignments/port-numbers) again: urd 465/tcpURL Rendesvous Directory for SSM igmpv3lite 465/udpIGMP over UDP for SSM I have a *lot* of experience with email administration on a very large scale, I know what I'm talking about. Must be interesting. I don't think I ever had to handle more than somewhere between 20,000 and 30,000 users, so it was fairly simple most of the time. And, I mustn't omit, there was a very dedicated secretary down the hall who dealt with things like forgotten passwords in between all her regular duties. :-) Thanks for pursuing this! No problem. Hopefully the relevant people are taking note. Who exactly is responsible for setting the default exit policy, and what is their opinion on this matter? 1. Your arguments make good technical sense. 2. In fact, many endpoints have already enabled those ports without experiencing problems. Only a couple of dozen though unfortunately. If you ignore German and US exit nodes, I can only see 4 at the moment that will let me exit on port 465. Well, my server has had 465 open for a long time, but it is one of the ones in the U.S. that you excluded above. I don't know offhand whether an exit to 65 has ever been used on my server, but I've gotten no complaints about it to date, so I don't currently see it as a problem. I do keep 25 closed and basically for the same reason that I keep 6668-6999 closed. 3. Many of us routinely handle our ssl email accounts via TOR, and your proposal (open them by default) would help spread the load, as well as reasonably expanding the default functionality of TOR. Thanks Again! (p.s. this post is being sent via ssl GMAIL, which will include the posting host when using smtps. My posting host will be a TOR exit node :-) ) Ditto. Fortunately for me, I don't need to do that at present, but given the way of the world, I figure I probably will sooner or later. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/08/08 14:02, Dawney Smith wrote: anonym wrote: I'm sure you do. I'd love to have email work flawlessly and securly with Tor, so opening ports 465 and 587 would be great (currently I do have problems since there's few exit nodes which do that). But as I understand it, email clients + Tor might be a very bad idea ATM. Email clients leak tons of information, the most critical I know of being your IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) transaction. Lots of protocols that can be used over Tor are potentially leaky. There are tonnes of exit nodes that allow IRC traffic for example, which can easily leak your username/hostname if you don't configure it correctly. I'm not sure what makes SMTP submission special when it comes to the exit policy. Well, technically nothing makes SMTP special in this sense, and this is really more of a general problem due to the design of Tor. But I think it's special in another sense. For clarity, let's first consider HTTP for a moment. Apparently a lot has been made in the Tor community in order to making use of HTTP safer, with Firefox and the new Torbutton being heavily promoted. That's great, because without this complete solution users would (more or less) only get a false sense of security when they install Tor and configure IE to use it. Now, why has there been such an initive? My guess is that it's because how common web browsing is, and I've got the impression that emailing is pretty common too. That's why I think a similar initiative for the protocols involed for emailing is necessary. Of course, this only affects users of actual email clients, and I have no usage statistics for how common that is compared to using webmail nowadays. Maybe we are: 1) too few and 2) too advanced (in the sense that we can identify problems and come up with solutions ourselves) for such an effort to make sense? I don't know. Grepping the mail headers of this list suggests that it's fairly common (at least 50%), but those of us active on this are most likely not representative for neither the general Internet population nor the general Tor user base. Really, this isn't an argument countering your in any way, but rather a plea that the issues of using email clients with Tor are researched and resolved before that combination gets promoted (IMHO opening ports 465 and 587 is a step towards promoting it). It's very likely your average user will screw up given the current state of things. As you said, the main issue is your hostname being leaked along with the EHLO, or your client loading remote images without using Tor. Personally, I use Thunderbird inside a virtual machine which can only access the Internet via Tor and has no personally identifiable information, including a random hostname and username etc. Hiding behind NAT also works. And FYI the old Thunderbird compatible Torbutton 1.0.4 will scrub the IP address/host from the EHLO/HELO messages. Any way, this is getting pretty off topic. I for one hope that the default exit policy will be updated as you suggest as I'm tired of having to rebuild circuits etc. all the time when SMTP times out due to the scarcity of usable exit nodes. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkisF/MACgkQp8EswdDmSVh0zQCeNcT0Y2pKdHw3DBFoNlRtYwuw NT0AoIqKo3Mgva/rM/BKO5CGD+n6YxnX =SJ3q -END PGP SIGNATURE-
Re: Update to default exit policy
anonym wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/08/08 15:42, 7v5w7go9ub0o wrote: anonym wrote: Email clients leak tons of information, the most critical I know of being your IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) transaction. Nope. The encrypted connection occurs before the smtp handshake. IP/host info is not compromised, this is not an issue. Care to elaborate on this? The way I understand it, the encrypted connection will only prevent eavesdroppers from snooping the IP address/host, but the destination email server will get it in the EHLO/HELO message. IMHO, that equals a compromise of grand scale. AH! we were talking about two different things. :-( I was referring to third-parties being unable to sniff your email contents or your host address within an SSL/SMTP transaction via TOR. You're talking about withholding information from the mail server itself (e.g. you're on the road with a laptop, and don't want to leave records of where you were as you sent your messages). And indeed, you raise an interesting point! FWICT, different clients put different information into that HELO. Even a common client such as TBird puts different info. in Mac OS's (unique registration information) than it does in Windows (IPA octet). - Having the option to configure what goes into this field may be a basis for selecting one's email client. - Guess it's time to sniff some SMTP connections, and if I become irritated enough, tweak the source code and recompile my client; hexedit my client; change clients; or install a proxy or server. (sigh)
Re: Update to default exit policy
anonym wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/08/08 15:42, 7v5w7go9ub0o wrote: anonym wrote: Email clients leak tons of information, the most critical I know of being your IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) transaction. Nope. The encrypted connection occurs before the smtp handshake. IP/host info is not compromised, this is not an issue. Care to elaborate on this? The way I understand it, the encrypted connection will only prevent eavesdroppers from snooping the IP address/host, but the destination email server will get it in the EHLO/HELO message. IMHO, that equals a compromise of grand scale. AH! we were talking about two different things. :-( I was referring to third-parties being unable to sniff your email contents or your host address within an SSL/SMTP transaction via TOR. You're talking about withholding information from the mail server itself (e.g. you're on the road with a laptop, and don't want to leave records of where you were as you sent your messages). And indeed, you raise an interesting point! FWICT, different clients put different information into that HELO. Even a common client such as TBird puts different info. in Mac OS's (unique registration information) than it does in Windows (IPA octet). - Having the option to configure what goes into this field may be a basis for selecting one's email client. - Guess it's time to sniff some SMTP connections, and if I become irritated enough, tweak the source code and recompile my client; hexedit my client; change clients; or install a proxy or server. (sigh)
Re: Update to default exit policy
Quoting 7v5w7go9ub0o [EMAIL PROTECTED]: anonym wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/08/08 15:42, 7v5w7go9ub0o wrote: anonym wrote: Email clients leak tons of information, the most critical I know of being your IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) transaction. Nope. The encrypted connection occurs before the smtp handshake. IP/host info is not compromised, this is not an issue. Care to elaborate on this? The way I understand it, the encrypted connection will only prevent eavesdroppers from snooping the IP address/host, but the destination email server will get it in the EHLO/HELO message. IMHO, that equals a compromise of grand scale. AH! we were talking about two different things. :-( I was referring to third-parties being unable to sniff your email contents or your host address within an SSL/SMTP transaction via TOR. You're talking about withholding information from the mail server itself (e.g. you're on the road with a laptop, and don't want to leave records of where you were as you sent your messages). And indeed, you raise an interesting point! Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton, and connect to the smtp server trough tor. Will my real ip adress occur in the mail headers, or the ip of the exit node? I'm guessing the ip of the exit node, right? Because if not, it would be senseless to use tor? Would be great if someone could clarify this! Merci! :)
Re: Update to default exit policy
Am 20.08.2008 um 19:04 schrieb [EMAIL PROTECTED]: Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton, and connect to the smtp server trough tor. Will my real ip adress occur in the mail headers, or the ip of the exit node? I'm guessing the ip of the exit node, right? Because if not, it would be senseless to use tor? Would be great if someone could clarify this! Both. Look at my headers (Apple Mail): Received: from [134.76.55.100] (helo=[10.100.145.215]) by serv-80-156.SerNet.DE with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.51) id 1KVqPO-0002gu-4k for or-talk@freehaven.net; Wed, 20 Aug 2008 18:19:42 +0200 When using tor, 134.76.55.100 will be the tor exit node ip, and 10.100.145.215 will still be your local client ip. Yes, it doesn't make sense to use tor with a normal mail-client. But if you are behind a NAT router, it's not as bad as it looks first. Sven -- http://sven.anderson.deBelieve those who are seeking the truth. tel:+49-551-9969285 Doubt those who find it. mobile: +49-179-4939223 (André Gide)
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sven Anderson wrote: Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton, and connect to the smtp server trough tor. Will my real ip adress occur in the mail headers, or the ip of the exit node? I'm guessing the ip of the exit node, right? Because if not, it would be senseless to use tor? Would be great if someone could clarify this! Both. Look at my headers (Apple Mail): Received: from [134.76.55.100] (helo=[10.100.145.215]) by serv-80-156.SerNet.DE with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.51) id 1KVqPO-0002gu-4k for or-talk@freehaven.net; Wed, 20 Aug 2008 18:19:42 +0200 When using tor, 134.76.55.100 will be the tor exit node ip, and 10.100.145.215 will still be your local client ip. The only reason that your 10.100.145.215 IP appears in the headers there is because your email client sends it. Your email client doesn't need to send it, and as someone else mentioned, it's scrubbed if you're using TorButton with Thunderbird for example. Yes, it doesn't make sense to use tor with a normal mail-client. But if you are behind a NAT router, it's not as bad as it looks first. It's at least as safe as using a webmail interface if you configure your email client correctly. - -- Dawn -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIrFtacoR2aV1igfIRAo8pAKCKxeN/KHtu43xN8FXSThwYDJmzvACguLJD t7heELhjiEcN1z4e7LQ9ZRM= =Ldgd -END PGP SIGNATURE-
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/08/08 19:04, [EMAIL PROTECTED] wrote: Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton, and connect to the smtp server trough tor. Will my real ip adress occur in the mail headers, or the ip of the exit node? I'm guessing the ip of the exit node, right? Because if not, it would be senseless to use tor? Would be great if someone could clarify this! Contrary to Sven's reply I claim Thunderbird with Torbutton enabled will _not_ leak your real IP address in the EHLO/HELO messages. Here's an experiment proving it: 1. First, let's look at what my mail headers look like when I send mail without Tor at all, i.e. a direct connection: Received: from 192.168.1.2 (nl103-154-119.student.uu.se [130.243.154.119]) The 192.168.1.2 address is what was reported in the EHLO/HELO message to the SMTP server, which is my computers NAT:ed IP address. The long address within the parenthesis is from which computer the connection to the SMTP server was made, and in this case it's my firewall/router. 2. The following is what we get when use Thunderbird with Tor, but without Torbutton: Received: from 192.168.1.2 (tor-anonymizer1.dotplex.de [87.118.101.102]) So, the connection was made from a Tor exit node (as expected) but the SMTP server got my real IP address in the HELO/EHLO message. Since I'm behind a NAT:ed firewall the IP address reported isn't very revealing, but people whose computers are directly connected to the Internet (i.e. no firewall/router in the way) would get their _real_ IP address there. 3. Finally, this is what gets into the the mail header for me when enabling Torbutton: Received: from 0.0.0.0 (tor-anonymizer1.dotplex.de [87.118.101.102]) As you can see nothing is revealed here and all is good. Torbutton wins! To see all this for yourselves, compare the mail header of this mail (which is sent with Torbutton enabled, like experiment 3) and any of my other emails in this thread (which are sent without Tor or any other form of anonymization, like experiment 1). Just to be sure I've confirmed all this with a packet sniffer -- with Torbutton enabled the EHLO/HELO messages are scrubbed and thus harmless. To confirm this I guess you'd have to fire up your favourite packet sniffer and try it out yourselves. So, yeah, with Torbutton you are definitely safer than without it. The SMTP server does _not_ get your IP address in the EHLO/HELO message. But there could be all sorts of other leakages that I don't know of, though, so I wouldn't put my life on it. That's why I think more research is needed. But let's stop hijacking this thread now. If there's more interest in discussing this I suggest starting a new thread for that. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkisXJMACgkQp8EswdDmSVic+ACg1r/BRUphZlT/vfObMh8wfpwo XlkAnj3PY2HGSYRd3qvhScDhif19OOJ7 =jlZ3 -END PGP SIGNATURE-
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dominik Schaefer wrote: Those are ports used for mail submission, not for mail relay. They wont be abused by spammers. ISPs often block their consumer broadband users from connecting to port 25 on servers outside of their network, to prevent spam. They don't block 465 and 587, because they're not problem ports and the point of them is, that you authenticate before sending mail, unlike port 25. You wouldn't block port 443 to prevent spammers submitting mail via https://mail.google.com/ so why block these ports? Actually, it is a little more complicated. 465 is just plain SMTP-over-SSL, so not much different to non-encrypted SMTP on port 25. (BTW: AFAIR the recommened method for encrypting SMTP is to use port 25 with STARTTLS and not to use a different port, so connections to port 25 may be encrypted as well.) Concerning the submission port 587: Originally, the submission port needed neither to be encrypted, nor did it enforce authentication (see RfC 2476, http://www.faqs.org/rfcs/rfc2476.html). Authentication MAY be done before submitting mails. Only RfC 4409 (which obsoleted 2476) introduced a MUST for authentication of the sender, but is still quite recent (2006). AFAIR both RfC make no statement about the encryption of connections to port 587 for mail submission, although 3207 (STARTTLS) states it can be useful. 1.) Can anyone here show me a mail server that runs on port 587 or port 465 that doesn't require authentication to send email? 2.) Now can anyone here show me a mail server that runs on port 25 that doesn't require authentication to send email? I suspect the answer to 1 is either no, or a list of a couple of servers. I suspect the answer to number 2 is, yes, here's a list of a few hundred thousand. Lets be a little pragmatic here. After all, the exit policy in question was done for purely pragmatic and not technical reasons. Opening ports 465 and 587 will *not* cause the spam problem that blocking them was intending to prevent. The number of mailboxes that would be able to be spammed through those two ports without authentication is insignificantly small (I can't demonstrate one, can you?) Blocking those two ports by default achieves nothing. Dawn -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIqpBbcoR2aV1igfIRAgWyAKCJ2cxNO2mO8PRvNMX7BKoyFnHClACeJtlp ZoylC/edpaBNmJ3ooOfRgUs= =QR4+ -END PGP SIGNATURE-
Re: Update to default exit policy
Dawney Smith wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 krishna e bera wrote: I'm not clear on how authentication (on any port) stops spam, other than the ISP cutting off a given userid after complaints. A lot of spam already comes from malware infected computers via their legitimately configured email. Those computers are probably not using Tor, let alone transparent proxy, but malware could grab their credentials and then use Tor on another host to send out spam over port 587, if that port was allowed in exit policies. There is a clear misunderstanding of the issue at hand by many people here. The exit policy was put in place to prevent connections between Tor users and the last hop (the end MX server), *not* to prevent connections between Tor users and SMTP relays, which is what everybody keeps repeating. There is no problem with a Tor user connecting to an SMTP relay and sending email. If they can do it using Tor, they can do it without using Tor, faster. In those cases, it is the administrator of the SMTP relay that is responsible to stop spam. Just to repeat the problem. It is Tor users connecting to the destination MX server that is the problem. Mail relay, not mail submission. Ports 465 and 587 are mail submission ports. Port 25 is for both submission *and* relay. I have a *lot* of experience with email administration on a very large scale, I know what I'm talking about. Thanks for pursuing this! 1. Your arguments make good technical sense. 2. In fact, many endpoints have already enabled those ports without experiencing problems. 3. Many of us routinely handle our ssl email accounts via TOR, and your proposal (open them by default) would help spread the load, as well as reasonably expanding the default functionality of TOR. Thanks Again! (p.s. this post is being sent via ssl GMAIL, which will include the posting host when using smtps. My posting host will be a TOR exit node :-) )
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 For what it's worth, I second Dawn's position on this issue - it could be very useful to allow 465 and 587 by default. Indeed, many users have stopped using Gmail because of the privacy policies; however depending on the purpose of a particular nym, it may not matter if such emails are retained. While Gmail's recent addition of a Always use HTTPS option (to fix the sidejack problem) is welcome, many folks would rather use a client. - -- F. Fox Owner of Tor node kitsune http://fenrisfox.livejournal.com Note 2008/08/19: I lost my old GPG keypair, and have generated a new one. Authenticity can be verified by checking the ContactInfo on kitsune. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBCAAGBQJIq1XaAAoJECxKjnsrYHNH4eYP/R6o5Zlywglje/o+Wf4gOGGY gkynm09n/XdjG/iPMqIdCekIWFENbbW76ULJn5h+xhqbbXsyNa0ow+e72oOBN0Oc iHyA5sPekQEHByZPXWEdFOQpzQLqxCmYxu/5bJ2EhdW+G4VVgI+wJ0l2ERxVH6ah bJTy+qG7tlfjNlq7PEPQuhT2zaYcvM/R73wn7gls3px695gSeHdfrwjXD0hyASyb AJF29zRkoIjRw1xVBgOPDqiOKh6Hxn1ozkqx+q1aly2om3Figs1JutXQiV8s2Eu5 HvAHHeu1KbhvPX6TxhNMMvMSVarhfE3vkcZoBSp0Dn2eSKeLRYN5GVUrpLYlchFa phDk9tb1NsBmPWD89+Np2EkxsWta3SajnJuLUnWwVUnIM2MkXaMc8tjlOMQ/K/Qa UUZ/EM5aW37KJG1oUM0kYL4G5UAOme4unpdzSH7VgjEoq8W4qpP56GkCUJIXOIxp G/73OI4rx8T4tbuXdrhQcg1MlgmtJ0ftfREtbyPmDmQCeqPF+RBg3Yt7G0dbJsxc zL7zlxUNDom/KidiaxaCiok4gVrEIixs454inRe9SPI/PsJNOvJZxdMqPDji1h0G dkyfdW0GTldbR6nVlduG5e83hrmvMqCyIuReNgEYJCJS0lyvDRN8TSfRacXv+a81 pj+A4+I+uZbE2w+4e8go =7eVN -END PGP SIGNATURE-
mixmaster policies (was Re: Update to default exit policy)
Hi, one question related to the port 465/587 thread. Could it be useful to open at least the ports for mixmaster remailers, capable of submission via TLS, SSL connections or SMTP (2525)? reject private:* # drooper.mixmin.net (banana) accept 88.198.22.131:587 accept 88.198.22.131:2525 accept 88.198.22.131:465 # .ecn.org (cripto) accept 85.18.113.11:587 accept 85.18.113.11:465 # mail.cyberiade.it (cyberiad) accept 85.18.107.240:587 accept 85.18.107.240:465 # mail2.frell.eu.org (frell) accept 213.239.201.102:587 accept 213.239.201.102:2525 accept 213.239.201.102:465 # mail1.frell.theremailer.net (frell) accept 85.177.248.156:587 accept 85.177.248.156:2525 accept 85.177.248.156:465 # remailer-debian.panta-rhei.eu.org (panta) accept 81.189.102.241:465 # mx1.investici.org (paranoia) accept 82.94.249.234:587 accept 82.94.249.234:465 # mx2.investici.org (paranoia) accept 204.13.164.180:587 accept 204.13.164.180:465 # mx3.investici.org (paranoia) accept 217.150.252.179:587 accept 217.150.252.179:465 # mx4.investici.org (paranoia) accept 216.17.130.5:587 accept 216.17.130.5:465 # mx5.investici.org (paranoia) accept 82.117.37.71:587 accept 82.117.37.71:465 reject *:* -- Ciao Kai http://kairaven.de/ Mail per I2P: http://www.i2p2.de/
Re: Update to default exit policy
Dawney Smith schrieb: Those are ports used for mail submission, not for mail relay. They wont be abused by spammers. ISPs often block their consumer broadband users from connecting to port 25 on servers outside of their network, to prevent spam. They don't block 465 and 587, because they're not problem ports and the point of them is, that you authenticate before sending mail, unlike port 25. You wouldn't block port 443 to prevent spammers submitting mail via https://mail.google.com/ so why block these ports? Actually, it is a little more complicated. 465 is just plain SMTP-over-SSL, so not much different to non-encrypted SMTP on port 25. (BTW: AFAIR the recommened method for encrypting SMTP is to use port 25 with STARTTLS and not to use a different port, so connections to port 25 may be encrypted as well.) Concerning the submission port 587: Originally, the submission port needed neither to be encrypted, nor did it enforce authentication (see RfC 2476, http://www.faqs.org/rfcs/rfc2476.html). Authentication MAY be done before submitting mails. Only RfC 4409 (which obsoleted 2476) introduced a MUST for authentication of the sender, but is still quite recent (2006). AFAIR both RfC make no statement about the encryption of connections to port 587 for mail submission, although 3207 (STARTTLS) states it can be useful. Regards, Dominik
Re: Update to default exit policy
I know this has been discussed before, but I thought I'd bring it up again. The following rules are in the default exit policy and I can't see any reason why they would be: reject *:465 reject *:587 Are you absolutely positivily sure that you can not misconfigure e-mail MTAs who use smtps (465) and submission (587) to be open relays? My understanding is from my quick search on this topic is that IF you setup an open relay then that relay can be used regardless of the connection coming through a SSL encrypted connection or a plain-text connection on port 25. Plain-text (25) or encrypted (465) has nothing to do with authentication, just like you can visit many websites using http (80) and https (443) without actually logging in. I am not sure having them open by default would be a good thing. signature.asc Description: This is a digitally signed message part.