From: Petter Reinholdtsen Date: Mon, 10 Nov 2014 12:31:47 +0000 (+0100) Subject: New post. X-Git-Url: https://pere.pagekite.me/gitweb/homepage.git/commitdiff_plain/673eb6dabf42b96e6d6e49f66b8b206ac28ff917 New post. --- diff --git a/blog/data/2014-11-10-freedombox-smtorp.txt b/blog/data/2014-11-10-freedombox-smtorp.txt new file mode 100644 index 0000000000..6b88751e77 --- /dev/null +++ b/blog/data/2014-11-10-freedombox-smtorp.txt @@ -0,0 +1,72 @@ +Title: A Debian package for SMTP via Tor (aka SMTorP) using exim4 +Tags: english, debian, freedombox, surveillance, personvern +Date: 2014-11-10 13:40 + +

The right to communicate with your friends and family in private, +without anyone snooping, is a right every citicen have in a liberal +democracy. But this right is under serious attack these days.

+ +

A while back it occurred to me that one way to make the dragnet +surveillance conducted by NSA, GCHQ, FRA and others (and confirmed by +the whisleblower Snowden) more expensive for Internet email, +is to deliver all email using SMTP via Tor. Such SMTP option would be +a nice addition to the FreedomBox project if we could send email +between FreedomBox machines without leaking metadata about the emails +to the people peeking on the wire. I +proposed +this on the FreedomBox project mailing list in October and got a +lot of useful feedback and suggestions. It also became obvious to me +that this was not a novel idea, as the same idea was tested and +documented by Johannes Berg as early as 2006, and both +the +Mailpile and the Cables systems +propose a similar method / protocol to pass emails between users.

+ +

To implement such system one need to set up a Tor hidden service +providing the SMTP protocol on port 25, and use email addresses +looking like username@hidden-service-name.onion. With such addresses +the connections to port 25 on hidden-service-name.onion using Tor will +go to the correct SMTP server. To do this, one need to configure the +Tor daemon to provide the hidden service and the mail server to accept +emails for this .onion domain. To learn more about Exim configuration +in Debian and test the design provided by Johannes Berg in his FAQ, I +set out yesterday to create a Debian package for making it trivial to +set up such SMTP over Tor service based on Debian. Getting it to work +were fairly easy, and +the +source code for the Debian package is available from github. I +plan to move it into Debian if further testing prove this to be a +useful approach.

+ +

If you want to test this, set up a blank Debian machine without any +mail system installed (or run apt-get purge exim4-config to +get rid of exim4). Install tor, clone the git repository mentioned +above, build the deb and install it on the machine. Next, run +/usr/lib/exim4-smtorp/setup-exim-hidden-service and follow +the instructions to get the service up and running. Restart tor and +exim when it is done, and test mail delivery using swaks like +this:

+ +

+torsocks swaks --server dutlqrrmjhtfa3vp.onion \
+  --to fbx@dutlqrrmjhtfa3vp.onion
+

+ +

This will test the SMTP delivery using tor. Replace the email +address with your own address to test your server. :)

+ +

The setup procedure is still to complex, and I hope it can be made +easier and more automatic. Especially the tor setup need more work. +Also, the package include a tor-smtp tool written in C, but its task +should probably be rewritten in some script language to make the deb +architecture independent. It would probably also make the code easier +to review. The tor-smtp tool currently need to listen on a socket for +exim to talk to it and is started using xinetd. It would be better if +no daemon and no socket is needed. I suspect it is possible to get +exim to run a command line tool for delivery instead of talking to a +socket, and hope to figure out how in a future version of this +system.

+ +

Until I wipe my test machine, I can be reached using the +fbx@dutlqrrmjhtfa3vp.onion mail address, deliverable over +SMTorP. :)