blog/archive/2014/11/11.rss

   1 <?xml version="1.0" encoding="ISO-8859-1"?>
   2 <rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
   3         <channel>
   4                 <title>Petter Reinholdtsen - Entries from November 2014</title>
   5                 <description>Entries from November 2014</description>
   6                 <link>http://people.skolelinux.org/pere/blog/</link>
   7
   8
   9         <item>
  10                 <title>A Debian package for SMTP via Tor (aka SMTorP) using exim4</title>
  11                 <link>http://people.skolelinux.org/pere/blog/A_Debian_package_for_SMTP_via_Tor__aka_SMTorP__using_exim4.html</link>
  12                 <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_Debian_package_for_SMTP_via_Tor__aka_SMTorP__using_exim4.html</guid>
  13                 <pubDate>Mon, 10 Nov 2014 13:40:00 +0100</pubDate>
  14                 <description>&lt;p&gt;The right to communicate with your friends and family in private,
  15 without anyone snooping, is a right every citicen have in a liberal
  16 democracy.  But this right is under serious attack these days.&lt;/p&gt;
  17
  18 &lt;p&gt;A while back it occurred to me that one way to make the dragnet
  19 surveillance conducted by NSA, GCHQ, FRA and others (and confirmed by
  20 the whisleblower Snowden) more expensive for Internet email,
  21 is to deliver all email using SMTP via Tor.  Such SMTP option would be
  22 a nice addition to the FreedomBox project if we could send email
  23 between FreedomBox machines without leaking metadata about the emails
  24 to the people peeking on the wire.  I
  25 &lt;a href=&quot;http://lists.alioth.debian.org/pipermail/freedombox-discuss/2014-October/006493.html&quot;&gt;proposed
  26 this on the FreedomBox project mailing list in October&lt;/a&gt; and got a
  27 lot of useful feedback and suggestions.  It also became obvious to me
  28 that this was not a novel idea, as the same idea was tested and
  29 documented by Johannes Berg as early as 2006, and both
  30 &lt;a href=&quot;https://github.com/pagekite/Mailpile/wiki/SMTorP&quot;&gt;the
  31 Mailpile&lt;/a&gt; and &lt;a href=&quot;http://dee.su/cables&quot;&gt;the Cables&lt;/a&gt; systems
  32 propose a similar method / protocol to pass emails between users.&lt;/p&gt;
  33
  34 &lt;p&gt;To implement such system one need to set up a Tor hidden service
  35 providing the SMTP protocol on port 25, and use email addresses
  36 looking like username@hidden-service-name.onion.  With such addresses
  37 the connections to port 25 on hidden-service-name.onion using Tor will
  38 go to the correct SMTP server.  To do this, one need to configure the
  39 Tor daemon to provide the hidden service and the mail server to accept
  40 emails for this .onion domain.  To learn more about Exim configuration
  41 in Debian and test the design provided by Johannes Berg in his FAQ, I
  42 set out yesterday to create a Debian package for making it trivial to
  43 set up such SMTP over Tor service based on Debian.  Getting it to work
  44 were fairly easy, and
  45 &lt;a href=&quot;https://github.com/petterreinholdtsen/exim4-smtorp&quot;&gt;the
  46 source code for the Debian package&lt;/a&gt; is available from github.  I
  47 plan to move it into Debian if further testing prove this to be a
  48 useful approach.&lt;/p&gt;
  49
  50 &lt;p&gt;If you want to test this, set up a blank Debian machine without any
  51 mail system installed (or run &lt;tt&gt;apt-get purge exim4-config&lt;/tt&gt; to
  52 get rid of exim4).  Install tor, clone the git repository mentioned
  53 above, build the deb and install it on the machine.  Next, run
  54 &lt;tt&gt;/usr/lib/exim4-smtorp/setup-exim-hidden-service&lt;/tt&gt; and follow
  55 the instructions to get the service up and running.  Restart tor and
  56 exim when it is done, and test mail delivery using swaks like
  57 this:&lt;/p&gt;
  58
  59 &lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
  60 torsocks swaks --server dutlqrrmjhtfa3vp.onion \
  61   --to fbx@dutlqrrmjhtfa3vp.onion
  62 &lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;
  63
  64 &lt;p&gt;This will test the SMTP delivery using tor.  Replace the email
  65 address with your own address to test your server. :)&lt;/p&gt;
  66
  67 &lt;p&gt;The setup procedure is still to complex, and I hope it can be made
  68 easier and more automatic.  Especially the tor setup need more work.
  69 Also, the package include a tor-smtp tool written in C, but its task
  70 should probably be rewritten in some script language to make the deb
  71 architecture independent.  It would probably also make the code easier
  72 to review.  The tor-smtp tool currently need to listen on a socket for
  73 exim to talk to it and is started using xinetd.  It would be better if
  74 no daemon and no socket is needed.  I suspect it is possible to get
  75 exim to run a command line tool for delivery instead of talking to a
  76 socket, and hope to figure out how in a future version of this
  77 system.&lt;/p&gt;
  78
  79 &lt;p&gt;Until I wipe my test machine, I can be reached using the
  80 &lt;tt&gt;fbx@dutlqrrmjhtfa3vp.onion&lt;/tt&gt; mail address, deliverable over
  81 SMTorP. :)&lt;/p&gt;
  82 </description>
  83         </item>
  84
  85         </channel>
  86 </rss>