Ønsker meg radonmåler.

[homepage.git] / blog / data / 2014-11-10-freedombox-smtorp.txt

Title: A Debian package for SMTP via Tor (aka SMTorP) using exim4
Tags: english, debian, freedombox, surveillance, personvern
Date: 2014-11-10 13:40

<p>The right to communicate with your friends and family in private,
without anyone snooping, is a right every citicen have in a liberal
democracy.  But this right is under serious attack these days.</p>

<p>A while back it occurred to me that one way to make the dragnet
surveillance conducted by NSA, GCHQ, FRA and others (and confirmed by
the whisleblower Snowden) more expensive for Internet email,
is to deliver all email using SMTP via Tor.  Such SMTP option would be
a nice addition to the FreedomBox project if we could send email
between FreedomBox machines without leaking metadata about the emails
to the people peeking on the wire.  I
<a href="http://lists.alioth.debian.org/pipermail/freedombox-discuss/2014-October/006493.html">proposed
this on the FreedomBox project mailing list in October</a> and got a
lot of useful feedback and suggestions.  It also became obvious to me
that this was not a novel idea, as the same idea was tested and
documented by Johannes Berg as early as 2006, and both
<a href="https://github.com/pagekite/Mailpile/wiki/SMTorP">the
Mailpile</a> and <a href="http://dee.su/cables">the Cables</a> systems
propose a similar method / protocol to pass emails between users.</p>

<p>To implement such system one need to set up a Tor hidden service
providing the SMTP protocol on port 25, and use email addresses
looking like username@hidden-service-name.onion.  With such addresses
the connections to port 25 on hidden-service-name.onion using Tor will
go to the correct SMTP server.  To do this, one need to configure the
Tor daemon to provide the hidden service and the mail server to accept
emails for this .onion domain.  To learn more about Exim configuration
in Debian and test the design provided by Johannes Berg in his FAQ, I
set out yesterday to create a Debian package for making it trivial to
set up such SMTP over Tor service based on Debian.  Getting it to work
were fairly easy, and
<a href="https://github.com/petterreinholdtsen/exim4-smtorp">the
source code for the Debian package</a> is available from github.  I
plan to move it into Debian if further testing prove this to be a
useful approach.</p>

<p>If you want to test this, set up a blank Debian machine without any
mail system installed (or run <tt>apt-get purge exim4-config</tt> to
get rid of exim4).  Install tor, clone the git repository mentioned
above, build the deb and install it on the machine.  Next, run
<tt>/usr/lib/exim4-smtorp/setup-exim-hidden-service</tt> and follow
the instructions to get the service up and running.  Restart tor and
exim when it is done, and test mail delivery using swaks like
this:</p>

<p><blockquote><pre>
torsocks swaks --server dutlqrrmjhtfa3vp.onion \
  --to fbx@dutlqrrmjhtfa3vp.onion
</pre></blockquote></p>

<p>This will test the SMTP delivery using tor.  Replace the email
address with your own address to test your server. :)</p>

<p>The setup procedure is still to complex, and I hope it can be made
easier and more automatic.  Especially the tor setup need more work.
Also, the package include a tor-smtp tool written in C, but its task
should probably be rewritten in some script language to make the deb
architecture independent.  It would probably also make the code easier
to review.  The tor-smtp tool currently need to listen on a socket for
exim to talk to it and is started using xinetd.  It would be better if
no daemon and no socket is needed.  I suspect it is possible to get
exim to run a command line tool for delivery instead of talking to a
socket, and hope to figure out how in a future version of this
system.</p>

<p>Until I wipe my test machine, I can be reached using the
<tt>fbx@dutlqrrmjhtfa3vp.onion</tt> mail address, deliverable over
SMTorP. :)</p>