|
Home > Archive > Anonymous Servers > January 2005 > PGP, Privoxy, Tor, SSL, Mixmaster messages
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
PGP, Privoxy, Tor, SSL, Mixmaster messages
|
|
| Persona Non Grata 2005-01-23, 2:45 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----BEGIN PGP SIGNED MESSAGE-----
ok so far so good! I am able to write the email in QS, sign with
pgp and then encrypt
to recepient using pgp, turn it into a mixmaster message, send
it thru Privoxy/Tor using
Stunnel (TLS/SSL) to banana. Then after a few mixmaster bounces,
then it goes to
my nym at the nymserver and then thru a m2n to this newsgroup.
This seems like a very secure method to me.
My isp doesnt know where its going. They only know I am sending
something.
Banana does not know who I am. It only knows the ip of the exit
node from tor/privoxy
- - From the exit node to banana, its encrypted by SSL all the way
to banana, wrapped in numerous
mixmaster layers with a pgp layer inside that.
Banana sends the mixmaster message on to the next ....
oh and any replies are sent to my nym are eventualy sent to
a.a.m with a encrypted subject line
then I dl all the messages from a.a.m and QS finds my message
and then decrypts it.
I run QS in secure mode. I never save the messages in
unencrypted mode. My harddrive is
encrypted on the fly, with every part of this setup in encrypted
portion, with the password
given at the bios level.
..........if i just used the touch screen program on my monitor
as my keyboard and wrapped
the room completely in copper as a fariday shield..... in a
ultra-secure underground bunker
................oh well, who needs those aluminum party hats
anyway?
It would seem that the weakest point is me, (I hate rubber
hoses).
My question is can I add even more security by sending it to a
yeysaemaz6a5fbyd.onion
type address? Then can I also do that with Stunnel? Do any of
the yeysaemaz6a5fbyd.onion
type addresses have a pem cert file?
below is my setup so far, are there any changes, modifications or
upgrades that I can make to make my messages even more secure?
All programs involved are the very latest versions aviable.
My Quicksilver header for outgoing mail
Proxy: Tor
Fcc: outbox
Host: 127.0.0.1
From: john@doe
Chain: banana,*,*,*; copies=4
#Question? tor seems to work but i am not sure
#The Proxy: Tor - header, is this correct should it not be
127.0.0.1 8118?
My Stunnel config file
########################################
########################
#
RNDbytes = 2048
RNDfile = bananarand.bin
RNDoverwrite = yes
client = yes
options = ALL
CAfile = banana.pem
verify = 3
debug = 7
output = banana.log
#
#
#
[BANANA_SMTP]
protocol = smtp
accept = 25
connect = snorky.bananasplit.info:2525
delay = no
#
########################################
########################
My stunnel log snip
2005.01.22 22:14:08 LOG5[15832269:16073457]: stunnel 4.07 on x86-
pc-mingw32-gnu WIN32+IPv4 with OpenSSL 0.9.7 31 Dec 2002
2005.01.22 22:14:08 LOG7[15832269:15843521]: Snagged 1024 random
bytes from bananarand.bin
2005.01.22 22:14:08 LOG7[15832269:15843521]: Wrote 1024 new
random bytes to bananarand.bin
2005.01.22 22:14:08 LOG7[15832269:15843521]: RAND_status claims
sufficient entropy for the PRNG
2005.01.22 22:14:08 LOG6[15832269:15843521]: PRNG seeded
successfully
2005.01.22 22:14:08 LOG7[15832269:15843521]: Configuration SSL
options: 0x00000FFF
2005.01.22 22:14:08 LOG7[15832269:15843521]: SSL options set:
0x00000FFF
2005.01.22 22:14:08 LOG7[15832269:15843521]: Loaded verify
certificates from banana.pem
2005.01.22 22:14:08 LOG5[15832269:15843521]: No limit detected
for the number of clients
2005.01.22 22:14:08 LOG7[15832269:15843521]: FD 72 in non-
blocking mode
2005.01.22 22:14:08 LOG7[15832269:15843521]: SO_REUSEADDR option
set on accept socket
2005.01.22 22:14:08 LOG7[15832269:15843521]: BANANA_NNTP bound
to 0.0.0.0:119
2005.01.22 22:14:08 LOG7[15832269:15843521]: FD 76 in non-
blocking mode
2005.01.22 22:14:08 LOG7[15832269:15843521]: SO_REUSEADDR option
set on accept socket
2005.01.22 22:14:08 LOG7[15832269:15843521]: BANANA_NNTPS bound
to 0.0.0.0:563
2005.01.22 22:14:08 LOG7[15832269:15843521]: FD 80 in non-
blocking mode
2005.01.22 22:14:08 LOG7[15832269:15843521]: SO_REUSEADDR option
set on accept socket
2005.01.22 22:14:08 LOG7[15832269:15843521]: BANANA_SMTP bound
to 0.0.0.0:25
2005.01.22 22:14:23 LOG7[15832269:15843521]: BANANA_SMTP
accepted FD=84 from 127.0.0.1:1816
2005.01.22 22:14:23 LOG7[15832269:15843521]: FD 84 in non-
blocking mode
2005.01.22 22:14:23 LOG7[15832269:15843521]: Creating a new
thread
2005.01.22 22:14:23 LOG7[15832269:15843521]: New thread created
2005.01.22 22:14:23 LOG7[15832269:15927445]: BANANA_SMTP started
2005.01.22 22:14:23 LOG5[15832269:15927445]: BANANA_SMTP
connected from 127.0.0.1:1816
2005.01.22 22:14:23 LOG7[15832269:15927445]: FD 96 in non-
blocking mode
2005.01.22 22:14:23 LOG7[15832269:15927445]: BANANA_SMTP
connecting 82.133.6.116:2525
2005.01.22 22:14:23 LOG7[15832269:15927445]: connect_wait:
waiting 10 seconds
2005.01.22 22:14:23 LOG7[15832269:15927445]: connect_wait:
connected
2005.01.22 22:14:23 LOG7[15832269:15927445]: Remote FD=96
initialized
2005.01.22 22:14:23 LOG5[15832269:15927445]: Negotiations for
smtp (client side) started
2005.01.22 22:14:23 LOG7[15832269:15927445]: <- 220
snorky.bananasplit.info ESMTP Postfix.
2005.01.22 22:14:23 LOG7[15832269:15927445]: -> 220
snorky.bananasplit.info ESMTP Postfix.
2005.01.22 22:14:23 LOG7[15832269:15927445]: -> EHLO localhost
2005.01.22 22:14:24 LOG7[15832269:15927445]: <- 250-
snorky.bananasplit.info.
2005.01.22 22:14:24 LOG7[15832269:15927445]: <- 250-PIPELINING.
2005.01.22 22:14:24 LOG7[15832269:15927445]: <- 250-SIZE
10240000.
2005.01.22 22:14:24 LOG7[15832269:15927445]: <- 250-VRFY.
2005.01.22 22:14:24 LOG7[15832269:15927445]: <- 250-ETRN.
2005.01.22 22:14:24 LOG7[15832269:15927445]: <- 250-STARTTLS.
2005.01.22 22:14:24 LOG7[15832269:15927445]: <- 250 8BITMIME.
2005.01.22 22:14:24 LOG7[15832269:15927445]: -> STARTTLS
2005.01.22 22:14:24 LOG7[15832269:15927445]: <- 220 Ready to
start TLS.
2005.01.22 22:14:24 LOG5[15832269:15927445]: Protocol
negotiation succeded
2005.01.22 22:14:24 LOG7[15832269:15927445]: SSL state
(connect): before/connect initialization
2005.01.22 22:14:24 LOG7[15832269:15927445]: SSL state
(connect): SSLv3 write client hello A
2005.01.22 22:14:24 LOG7[15832269:15927445]: SSL state
(connect): SSLv3 read server hello A
2005.01.22 22:14:25 LOG5[15832269:15927445]: VERIFY OK: depth=1,
/C=GB/ST=Devon/O=Bananasplit/CN=bananasplit.info/emailAddress=adm
in@bananasplit.info
2005.01.22 22:14:25 LOG5[15832269:15927445]: VERIFY OK: depth=0,
/C=GB/ST=Devon/O=Bananasplit/OU=Snorky/CN=snorky.bananasplit.info
/emailAddress=postmaster@bananasplit.info
2005.01.22 22:14:25 LOG7[15832269:15927445]: SSL state
(connect): SSLv3 read server certificate A
2005.01.22 22:14:25 LOG7[15832269:15927445]: SSL state
(connect): SSLv3 read server key exchange A
2005.01.22 22:14:25 LOG7[15832269:15927445]: SSL state
(connect): SSLv3 read server done A
2005.01.22 22:14:25 LOG7[15832269:15927445]: SSL state
(connect): SSLv3 write client key exchange A
2005.01.22 22:14:25 LOG7[15832269:15927445]: SSL state
(connect): SSLv3 write change cipher spec A
2005.01.22 22:14:25 LOG7[15832269:15927445]: SSL state
(connect): SSLv3 write finished A
2005.01.22 22:14:25 LOG7[15832269:15927445]: SSL state
(connect): SSLv3 flush data
2005.01.22 22:14:25 LOG7[15832269:15927445]: SSL state
(connect): SSLv3 read finished A
2005.01.22 22:14:25 LOG7[15832269:15927445]: 1 items in the
session cache
2005.01.22 22:14:25 LOG7[15832269:15927445]: 1 client
connects (SSL_connect())
2005.01.22 22:14:25 LOG7[15832269:15927445]: 1 client
connects that finished
2005.01.22 22:14:25 LOG7[15832269:15927445]: 0 client
renegotiatations requested
2005.01.22 22:14:25 LOG7[15832269:15927445]: 0 server
connects (SSL_accept())
2005.01.22 22:14:25 LOG7[15832269:15927445]: 0 server
connects that finished
2005.01.22 22:14:25 LOG7[15832269:15927445]: 0 server
renegotiatiations requested
2005.01.22 22:14:25 LOG7[15832269:15927445]: 0 session cache
hits
2005.01.22 22:14:25 LOG7[15832269:15927445]: 0 session cache
misses
2005.01.22 22:14:25 LOG7[15832269:15927445]: 0 session cache
timeouts
2005.01.22 22:14:25 LOG6[15832269:15927445]: SSL connected: new
session negotiated
2005.01.22 22:14:25 LOG6[15832269:15927445]: Negotiated ciphers:
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256)
Mac=SHA1
2005.01.22 22:14:29 LOG7[15832269:15927445]: SSL socket closed
on SSL_read
2005.01.22 22:14:29 LOG5[15832269:15927445]: Connection closed:
28978 bytes sent to SSL, 121 bytes sent to socket
2005.01.22 22:14:29 LOG7[15832269:15927445]: BANANA_SMTP
finished (0 left)
- -----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBQfNOWXUKMDx9o/ xjAQHFMAf+LxnPQhOkWaaKCvvXgnDzFXtOULi5PQ
8I
cImAKWs3Um4PhqenYZK19FHaH3tq4aVsMFpw/n7GPV9ZDHQpk8YIMhd0S56Y/4PZ
nLtOiQoTRTgpqWzJR5Ugymp1IpAdpSb6ijKjs/G2F6i+EyqOa97o2kTZSbth2YOf
ay4GocsBaTTl0TY5w4LX6rRV3Bo3InC/huKE5Vn7lcfqRnJzM8gMXNm5GfqptCmO
IEYaz7gT/eoVyo/ WVTDvvR0mcxTw7Wf5Eolk0vBVh6VuvWmdAaIEzWk
V8suYiBu/
QafFAWfftBe2yz5nZQ59TbYrMa1LumWgheJNkNJx
g6mRmzHMBgf3TA==
=4T2F
- -----END PGP SIGNATURE-----
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.at.
Date: Sun Jan 23 08:26:30 2005 UTC
From: personanongrata@nym.at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iQEVAwUBQfNftpu2UuohxOGWAQKfwwf+IRM6I9a8
H1XNNsWJriOeC8nHp0dZSOaH
iijgEY/5LWZndRxvJAuXNyG1eal9vLrN0yZ0LV5YeP0CG/NWL5btfnCWB+LlIq6A
YcVFo7OksPqvS9ptrp8WsS1uSaRpmL9+KQs/a/dHd5tZmZmwvTt8mLhNTfDubOHZ
b3fBBC7NUS9mOxo2SPuweMla8kZDckBQygy5nmjO
kfGz/s542YQ/LdGSsO76GM22
vqlrttVjpXjAbOhK0S9bGFItfZ0zEsx3dV5rO4oE
7A3zof8j5gGjJsLVM1laECfS
gENYN08IILJUU1RsaWxUFmx3XuP0lJ/5At4YN/3Ddek8cM60Hzvvpw==
=eBZT
-----END PGP SIGNATURE-----
| |
| Thomas J. Boschloo 2005-01-23, 5:45 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Persona Non Grata wrote:
| My Quicksilver header for outgoing mail
|
| Proxy: Tor
| Fcc: outbox
| Host: 127.0.0.1
| From: john@doe
| Chain: banana,*,*,*; copies=4
|
| #Question? tor seems to work but i am not sure
| #The Proxy: Tor - header, is this correct should it not be
| 127.0.0.1 8118?
I think Tor defaults to port 9050.
In the Quicksilver beta mailing list they have examples like:
Tor: 127.0.0.1:9050,4a
Sign-On: example.com
Host: mail.bananasplit.info:2525
The advantage that I see from using a hidden service, is that you
connect encrypted to e.g. Bananasplit directly and there isn't an (open)
TLS link between the last TOR hop and Bananasplit.info. That should make
it harder to correlate your incomming and outgoing TOR traffic AFAIK.
Just parse the onion link in the host field and my guess is that it
would work.
The downsize of all this is that it is hard to tell if you are anonymous
since the last remailer will stip all headers! An additional rule based
firewall could perhaps be useful in checking that you don't connect to
Bananasplit directly, but only to TOR servers and directory servers..
Regards,
Thomas
- --
Morrissey - Seasick, Yet Still Docked:
"I am a poor freezingly cold soul"
"So far from where"
"I intended to go"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQfPVXwEP2l8iXKAJAQHLYgMfbduqcPMn
K+x7OTgJ8iXMNC1lUfkbvcBV
nTgOfnAkyQ5YcJIy4+S0+8RnRWqMiLldcEfz+KTf
vLy55xZk8DA9FtaWOtWCTV85
TF8V+IuvM/rLEYJhFUcylmtIv7tskUPjubTRwA==
=jfJ8
-----END PGP SIGNATURE-----
| |
| Thomas J. Boschloo 2005-01-23, 5:45 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Persona Non Grata wrote:
<snip>
| My question is can I add even more security by sending it to a
| yeysaemaz6a5fbyd.onion
| type address? Then can I also do that with Stunnel? Do any of
| the yeysaemaz6a5fbyd.onion
| type addresses have a pem cert file?
|
| below is my setup so far, are there any changes, modifications or
| upgrades that I can make to make my messages even more secure?
|
| All programs involved are the very latest versions aviable.
|
| My Quicksilver header for outgoing mail
|
| Proxy: Tor
| Fcc: outbox
| Host: 127.0.0.1
| From: john@doe
| Chain: banana,*,*,*; copies=4
|
| #Question? tor seems to work but i am not sure
| #The Proxy: Tor - header, is this correct should it not be
| 127.0.0.1 8118?
|
| My Stunnel config file
| ########################################
########################
| #
| RNDbytes = 2048
| RNDfile = bananarand.bin
| RNDoverwrite = yes
| client = yes
| options = ALL
| CAfile = banana.pem
| verify = 3
| debug = 7
| output = banana.log
| #
| #
| #
| [BANANA_SMTP]
| protocol = smtp
| accept = 25
| connect = snorky.bananasplit.info:2525
| delay = no
| #
| ########################################
########################
Please disregard my previous post. Sign-on and Tor as depreciated in QS
now.. What you are doing now is probably right for current QS versions..
I would only be worried that you seem to have QS connect to localhost
through TOR. So to me at first glance it seems that it is still your
computer (STunnel) that connects to Banana and not the TOR network.
I would put mail.bananasplit.info:2525 in the host field and forget
about STunnel. If you use the .onion addresses you will be using
encryption all the way anyway and TLS doesn't give you an extra advantage.
Hope this post is better than the previous I made. Sometimes I really
don't know what I am talking about unfortunately..
Thomas
- --
Morrissey - Seasick, Yet Still Docked:
"I am a poor freezingly cold soul"
"So far from where"
"I intended to go"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQfPojAEP2l8iXKAJAQHb8AMgh5/+CgbmDM4xZh72kN7LF+jjBvKWvZeG
9E294OhDtzkmyr3GTbWW/G9ksT60pV1Gqf14wVVRo/jqHvyN900uxZpLslLOWu8H
AwR+HcMs/Bi1Ou5rgCv6s1/Ufp7UWysrmK8JDA==
=1sli
-----END PGP SIGNATURE-----
| |
| Thomas J. Boschloo 2005-01-23, 5:45 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Thomas J. Boschloo wrote:
<snip>
| I would put mail.bananasplit.info:2525 in the host field and forget
| about STunnel. If you use the .onion addresses you will be using
| encryption all the way anyway and TLS doesn't give you an extra advantage.
I just checked, and Stunnel doesn't support socks (4a), Yet. So that
just won't fly. So forget about using TLS and TOR at the same time with QS.
Use something (from memory) like:
Proxy: Tor
Fcc: outbox
Host: rjgcfnw4sd2jaqfu.onion:25
From: nobody@example.com
Chain: panta,*,*,*; copies=2
IIRC there were some problems with the hidden SMTP services that could
be used by spammers or something. I think Panta-Admin knew how to deal
with it but it was a reason for Zax not to have a hidden SMTP server yet..
Thomas
- --
Morrissey - Seasick, Yet Still Docked:
"I am a poor freezingly cold soul"
"So far from where"
"I intended to go"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQfPzfwEP2l8iXKAJAQGWEAMgpxWnNi0J
GXCWwNooXditHJMPSu8eBhPB
HaI/ rV0+Nk1Frx8hCf2deJebQSdKhHBAQCFB9TKGVGWJ
SmjVF+cyp9Eq2njAixbb
HAQ8TBrX/VJCltnnR2+lvucY0JwxC2wzVXnxKg==
=Rtzk
-----END PGP SIGNATURE-----
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 23 Jan 2005 19:57:03 +0100, Thomas J. Boschloo wrote in
Message-Id: <41f3f39e$0$4320$3a628fcd@reader10.nntp.hccnet.nl>:
> IIRC there were some problems with the hidden SMTP services that could
> be used by spammers or something. I think Panta-Admin knew how to deal
> with it but it was a reason for Zax not to have a hidden SMTP server yet..
Hi Thomas,
I'll use your posting as an excuse to highlight a potential risk of
running a hidden SMTP service. Panta was vulnerable to this until a
solution was recently offered by Peter Palfrader.
MTA's usually work on a couple of rules to prevent operating as
open-relays:
1) Messages from outside the local network can only be delivered to
hosts inside the local network.
2) Messages from inside local network can be delivered anywhere.
If a hidden smtp service runs from within the local network, (or on
the same host), then messages sent through it will appear to the MTA as
originating locally. In other words, the MTA becomes an open-relay
through TOR.
The fix for this will depend on what software is being run, but it pays
to be aware of the issue. :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB9BG1lKZ6CY7Vd0MRAlfhAJ4kTRysfhlz
5X0jtvgyqYRGI4lo3gCgibxZ
CQ9UO8qhnXXnBuNHqxapNVQ=
=aZpk
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Thrasher - Anonymous Remailer 2005-01-23, 5:45 pm |
| In article <41f3f39e$0$4320$3a628fcd@reader10.nntp.hccnet.nl>
"Thomas J. Boschloo" <nospam@hccnet.nl.invalid> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Thomas J. Boschloo wrote:
>
<snipped the lot>
Thomas, you are really starting to muddy the waters. Forget Tor
headers in QS Betas as it is all handled by simple, protocol
specific, drop-downs and the proxy manager.
Tor won't exit at 127.0.0.1
QS itself supports all socks so port forwading is all that is
required, not socks 4/4a support.
| |
| Italy Anonymous Remailer 2005-01-23, 5:45 pm |
| Thomas J. Boschloo wrote:
> I just checked, and Stunnel doesn't support socks (4a), Yet. So that
> just won't fly. So forget about using TLS and TOR at the same time with QS.
You can quite happily run stunnel through sockscap so you can use
TLS and TOR at the same time.
> IIRC there were some problems with the hidden SMTP services that could
> be used by spammers or something. I think Panta-Admin knew how to deal
> with it but it was a reason for Zax not to have a hidden SMTP server yet..
The last time I checked, Panta's hidden SMTP service was acting like
an open relay and accepting mail addressed to anybody.
| |
| Doctor Who@any.place 2005-01-23, 5:45 pm |
| On 23 Jan 2005 21:54:09 -0000, nobody@See.Comments.Header (Italy Anonymous Remailer)
wrote:
>:Thomas J. Boschloo wrote:
>:
>:> I just checked, and Stunnel doesn't support socks (4a), Yet. So that
>:> just won't fly. So forget about using TLS and TOR at the same time with QS.
>:
>:You can quite happily run stunnel through sockscap so you can use
>:TLS and TOR at the same time.
>:
>:> IIRC there were some problems with the hidden SMTP services that could
>:> be used by spammers or something. I think Panta-Admin knew how to deal
>:> with it but it was a reason for Zax not to have a hidden SMTP server yet..
>:
>:The last time I checked, Panta's hidden SMTP service was acting like
>:an open relay and accepting mail addressed to anybody.
I believe he allows a relay to another randomized choice of remailer, but requires
Hashcash for a specific onward relay. I have tried testing this, but unfortunately I have
been unable to verify anything. have given up trying to work it out.
On another note, I believe that QS now supports a direct connection into the Tor network,
no Stunnel and no FreeCap. I use the suggested headers that Richard sent out in one of
his mailings:
Fcc: outbox
Tor: 127.0.0.1:9050,4a; nowhere.invalid;
Host: panta-rhei.dyndns.org:2525
From: kwiktime <kwiktime@kwiktimemail.net>
From: yournym.goes.here
Chain: panta,*,*,italy; copies=2
References:
To: mail2news_nospam@anon.lcs.mit.edu,
mail2news_nospam@freedom.gmsociety.org
Newsgroups: alt.privacy
Hashcash:
Subject:
My only concern is hashcash. I seem to have to copy and paste a stamp from the hashcash
database file, which is rather long winded and permits just one posting of a message at a
time. Too much hassle really, for me. Am I missing something here? Surely QS (or
whichever mail client) should automatically put a valid stamp here itself and delete the
stamp automatically from the Hashcash database.
Doctor Who
Get the FAQ here:
http://www.panta-rhei.dyndns.org/pa...ndEncryptionFaq
| |
| panta-admin 2005-01-23, 8:45 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi !
This is true. Until Zax notified me Panta's hidden service was acting as an
open relay which would for sure be abused by spammers.
Now the hidden service will only accept messages for the Panta Rhei
Remailer. This is the same behaviour as the remailers MTA, so if you use
either you have to have Panta Rhei as your first hop remailer. The rest of
your chain does not matter.
[vbcol=seagreen]
>I believe he allows a relay to another randomized choice of remailer, but
>requires
>Hashcash for a specific onward relay. I have tried testing this, but
>unfortunately I have
>been unable to verify anything. have given up trying to work it out.
You seem to confuse matters here. Please check my website for the specifics
of hashcash.
In short:
Hashcash is needed for posting via all news services at Panta Rhei (and
only for postings). If you do not provide a hashcash token I will forward
your message to another remailer (randhop). So if you want custom From:
header and fast delivery provide hashcash.
Hope this clarifies things,
Thanks Zax and Peter Palfrader for the help,
Cheers,
panta-admin
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQA/ AwUBQfRHEtcrLUqmoDLIEQIb4ACeJdd9oaDIhUKC
qoRMBIASqoTHSXQAoPzf
FqKOsIBy9XoKJk5axuifhzXt
=r5Fg
-----END PGP SIGNATURE-----
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.
| |
| An Metet 2005-01-23, 8:45 pm |
| In article <lkc8v0t09asbnl6nivasu2ct7ugdueg92p@4ax.com>
Doctor Who@any.place wrote:
>
> On 23 Jan 2005 21:54:09 -0000, nobody@See.Comments.Header (Italy
Anonymous Remailer)
> wrote:
>
with QS.[vbcol=seagreen]
yet..[vbcol=seagreen]
>
> I believe he allows a relay to another randomized choice of remailer, but
requires
> Hashcash for a specific onward relay. I have tried testing this, but
unfortunately I have
> been unable to verify anything. have given up trying to work it out.
No, panta does not require hashcash for use as an entry or middle remailer,
only upon exit.
> On another note, I believe that QS now supports a direct connection into
the Tor network,
> no Stunnel and no FreeCap. I use the suggested headers that Richard
sent out in one of
> his mailings:
>
> Fcc: outbox
> Tor: 127.0.0.1:9050,4a; nowhere.invalid;
> Host: panta-rhei.dyndns.org:2525
> From: kwiktime <kwiktime@kwiktimemail.net>
> From: yournym.goes.here
> Chain: panta,*,*,italy; copies=2
> References:
> To: mail2news_nospam@anon.lcs.mit.edu,
> mail2news_nospam@freedom.gmsociety.org
> Newsgroups: alt.privacy
> Hashcash:
> Subject:
>
>
> My only concern is hashcash. I seem to have to copy and paste a stamp
from the hashcash
> database file, which is rather long winded and permits just one posting
of a message at a
> time. Too much hassle really, for me. Am I missing something here?
Surely QS (or
> whichever mail client) should automatically put a valid stamp here itself
and delete the
> stamp automatically from the Hashcash database.
I doubt QuickSilver will ever integrate hashcash. Richard isn't too fond
of the concept, and as yet hashcash isn't what you'd call a standard by any
stretch. Hashcash is supposed to be a pain in the XXX.
>
> Doctor Who
>
>
> Get the FAQ here:
> http://www.panta-rhei.dyndns.org/pa...ndEncryptionFaq
| |
| PersonaNonGrata 2005-01-24, 2:45 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----BEGIN PGP SIGNED MESSAGE-----
Doctor Who Said,
On another note, I believe that QS now supports a direct
connection into the Tor network,
no Stunnel and no FreeCap. I use the suggested headers that
Richard sent out in one of
his mailings:
Fcc: outbox
Tor: 127.0.0.1:9050,4a; nowhere.invalid;
Host: panta-rhei.dyndns.org:2525
From: kwiktime <kwiktime@kwiktimemail.net>
From: yournym.goes.here
Chain: panta,*,*,italy; copies=2
References:
To: mail2news_nospam@anon.lcs.mit.edu,
mail2news_nospam@freedom.gmsociety.org
Newsgroups: alt.privacy
Hashcash:
Subject:
per Doctor Who
ok now my new QS header
my QS header
Proxy: 127.0.0.1:9050,4a; nowhere.invalid;
Fcc: outbox
Host: 127.0.0.1:26
From: john@doe
Chain: banana,*,*,*; copies=4
References: <courier.41F35FB6.0000711D@meinkeksi.eniac.de>
<41f3e8d4$0$155$3a628fcd@reader2.nntp.hccnet.nl>
Newsgroups: alt.privacy.anon-server
Nym: PersonaNonGrata@hod.aarg.net
To: mail2news@anon.lcs.mit.edu, mail2news@dizum.com,
mail2news@news.gradwell.net
Subject: Re: PGP, Privoxy, Tor, SSL, Mixmaster messages
?Question what does the "nowhere.invalid;" in the proxy header
mean?
my stunnel config file
########################################
########################
#
RNDbytes = 2048
RNDfile = bananarand.bin
RNDoverwrite = yes
client = yes
options = ALL
CAfile = banana.pem
verify = 3
debug = 7
output = banana.log
#
#
[BANANA_SMTP]
protocol = smtp
accept = 26
connect = snorky.bananasplit.info:2525
delay = no
#
########################################
########################
My stunnel log snippet
2005.01.23 19:29:11 LOG5[16050905:15821881]: stunnel 4.07 on x86-
pc-mingw32-gnu WIN32+IPv4 with OpenSSL 0.9.7 31 Dec 2002
2005.01.23 19:29:12 LOG7[16050905:15922597]: Snagged 1024 random
bytes from bananarand.bin
2005.01.23 19:29:12 LOG7[16050905:15922597]: Wrote 1024 new
random bytes to bananarand.bin
2005.01.23 19:29:12 LOG7[16050905:15922597]: RAND_status claims
sufficient entropy for the PRNG
2005.01.23 19:29:12 LOG6[16050905:15922597]: PRNG seeded
successfully
2005.01.23 19:29:12 LOG7[16050905:15922597]: Configuration SSL
options: 0x00000FFF
2005.01.23 19:29:12 LOG7[16050905:15922597]: SSL options set:
0x00000FFF
2005.01.23 19:29:12 LOG7[16050905:15922597]: Loaded verify
certificates from banana.pem
2005.01.23 19:29:12 LOG5[16050905:15922597]: No limit detected
for the number of clients
2005.01.23 19:29:12 LOG7[16050905:15922597]: FD 72 in non-
blocking mode
2005.01.23 19:29:12 LOG7[16050905:15922597]: SO_REUSEADDR option
set on accept socket
2005.01.23 19:29:12 LOG7[16050905:15922597]: BANANA_NNTP bound
to 0.0.0.0:119
2005.01.23 19:29:12 LOG7[16050905:15922597]: FD 76 in non-
blocking mode
2005.01.23 19:29:12 LOG7[16050905:15922597]: SO_REUSEADDR option
set on accept socket
2005.01.23 19:29:12 LOG7[16050905:15922597]: BANANA_SMTP bound
to 0.0.0.0:26
2005.01.23 19:30:16 LOG7[16050905:15922597]: BANANA_SMTP
accepted FD=80 from 127.0.0.1:2402
2005.01.23 19:30:16 LOG7[16050905:15922597]: FD 80 in non-
blocking mode
2005.01.23 19:30:16 LOG7[16050905:15922597]: Creating a new
thread
2005.01.23 19:30:16 LOG7[16050905:15922597]: New thread created
2005.01.23 19:30:16 LOG7[16050905:15923433]: BANANA_SMTP started
2005.01.23 19:30:16 LOG5[16050905:15923433]: BANANA_SMTP
connected from 127.0.0.1:2402
2005.01.23 19:30:16 LOG7[16050905:15923433]: FD 92 in non-
blocking mode
2005.01.23 19:30:16 LOG7[16050905:15923433]: BANANA_SMTP
connecting 82.133.6.116:2525
2005.01.23 19:30:16 LOG7[16050905:15923433]: connect_wait:
waiting 10 seconds
2005.01.23 19:30:16 LOG7[16050905:15923433]: connect_wait:
connected
2005.01.23 19:30:16 LOG7[16050905:15923433]: Remote FD=92
initialized
2005.01.23 19:30:16 LOG5[16050905:15923433]: Negotiations for
smtp (client side) started
2005.01.23 19:30:17 LOG7[16050905:15923433]: <- 220
snorky.bananasplit.info ESMTP Postfix.
2005.01.23 19:30:17 LOG7[16050905:15923433]: -> 220
snorky.bananasplit.info ESMTP Postfix.
2005.01.23 19:30:17 LOG7[16050905:15923433]: -> EHLO localhost
2005.01.23 19:30:17 LOG7[16050905:15923433]: <- 250-
snorky.bananasplit.info.
2005.01.23 19:30:17 LOG7[16050905:15923433]: <- 250-PIPELINING.
2005.01.23 19:30:17 LOG7[16050905:15923433]: <- 250-SIZE
10240000.
2005.01.23 19:30:17 LOG7[16050905:15923433]: <- 250-VRFY.
2005.01.23 19:30:17 LOG7[16050905:15923433]: <- 250-ETRN.
2005.01.23 19:30:18 LOG7[16050905:15923433]: <- 250-STARTTLS.
2005.01.23 19:30:18 LOG7[16050905:15923433]: <- 250 8BITMIME.
2005.01.23 19:30:18 LOG7[16050905:15923433]: -> STARTTLS
2005.01.23 19:30:18 LOG7[16050905:15923433]: <- 220 Ready to
start TLS.
2005.01.23 19:30:18 LOG5[16050905:15923433]: Protocol
negotiation succeded
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): before/connect initialization
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): SSLv3 write client hello A
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): SSLv3 read server hello A
2005.01.23 19:30:18 LOG5[16050905:15923433]: VERIFY OK: depth=1,
/C=GB/ST=Devon/O=Bananasplit/CN=bananasplit.info/emailAddress=adm
in@bananasplit.info
2005.01.23 19:30:18 LOG5[16050905:15923433]: VERIFY OK: depth=0,
/C=GB/ST=Devon/O=Bananasplit/OU=Snorky/CN=snorky.bananasplit.info
/emailAddress=postmaster@bananasplit.info
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): SSLv3 read server certificate A
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): SSLv3 read server key exchange A
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): SSLv3 read server done A
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): SSLv3 write client key exchange A
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): SSLv3 write change cipher spec A
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): SSLv3 write finished A
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): SSLv3 flush data
2005.01.23 19:30:18 LOG7[16050905:15923433]: SSL state
(connect): SSLv3 read finished A
2005.01.23 19:30:18 LOG7[16050905:15923433]: 1 items in the
session cache
2005.01.23 19:30:18 LOG7[16050905:15923433]: 1 client
connects (SSL_connect())
2005.01.23 19:30:18 LOG7[16050905:15923433]: 1 client
connects that finished
2005.01.23 19:30:18 LOG7[16050905:15923433]: 0 client
renegotiatations requested
2005.01.23 19:30:18 LOG7[16050905:15923433]: 0 server
connects (SSL_accept())
2005.01.23 19:30:18 LOG7[16050905:15923433]: 0 server
connects that finished
2005.01.23 19:30:18 LOG7[16050905:15923433]: 0 server
renegotiatiations requested
2005.01.23 19:30:18 LOG7[16050905:15923433]: 0 session cache
hits
2005.01.23 19:30:18 LOG7[16050905:15923433]: 0 session cache
misses
2005.01.23 19:30:18 LOG7[16050905:15923433]: 0 session cache
timeouts
2005.01.23 19:30:18 LOG6[16050905:15923433]: SSL connected: new
session negotiated
2005.01.23 19:30:18 LOG6[16050905:15923433]: Negotiated ciphers:
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256)
Mac=SHA1
2005.01.23 19:30:22 LOG7[16050905:15923433]: SSL socket closed
on SSL_read
2005.01.23 19:30:22 LOG5[16050905:15923433]: Connection closed:
28978 bytes sent to SSL, 121 bytes sent to socket
2005.01.23 19:30:22 LOG7[16050905:15923433]: BANANA_SMTP
finished (0 left)
This indicates to me that the connection was tls/ssl-Stunnel
inside the tor connection.
This maybe redundent because it looks like tor is a variation on
stunnel anyway.
Now to extend this even more is there a way to send this to a
smtp onion address,
and if so does that mean that tor encryption reaches all the way
to the secret onion service?
Anyone know how do I get the tor logs to work?
Sincerely Yours,
Persona Non Grata
- -----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBQfRmpHUKMDx9o/xjAQHX1gf/a9M144QtukkA2Hybm0BIipzxFE5UqkRa
7xSkCf5ZQQh947IgkXF7lcwMYoNjdb0SzPf//arz4THf3V0je2wXEFx3y1aOslrq
glEnaXZzC8Ib1OO/ EZyKkuYL0abreltsV9w6YTIAVf2QjcxwIpYU2QPH
QriIH1VP
ejnp8o1K5cizm6A60ljM3CilRyCpI7M+qf0et2Mc
lQ0gtX3weX4gp5UTbbEqUpdh
aGTkPogKYMDOxqDxjZDnMUE/ MfWHjIm+Yn9dwRsLNXYPJ2rZICrGBiQzpCW9Xs3O
00zzeAppVQXHZIOWdCqE+PpDQ7WhJpi+mqBQ5OHX
vA34zBCBv76GfQ==
=/wcP
- -----END PGP SIGNATURE-----
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of hod.aarg.net.
Date: Mon Jan 24 04:12:47 2005 GMT
From: personanongrata@hod.aarg.net
-----BEGIN PGP SIGNATURE-----
iD8DBQFB9HW/795fGjAugpQRAtWfAKCcJQCXKjVH/t8sMHh9owy8vZ/HZACeLJ0q
BTL/WIdBZXOWCvh62FAq5j4=
=UKB9
-----END PGP SIGNATURE-----
| |
| Doctor Who@any.place 2005-01-24, 5:45 pm |
| On Sun, 23 Jan 2005 20:31:29 -0500, An Metet <anmetet@freedom.gmsociety.org> wrote:
<snipped>
>: Hashcash is supposed to be a pain in the XXX.
Well it certainly is that at present, at least when using it with QS.
Does JBN fare any better?
Doctor Who
Get the FAQ here:
http://www.panta-rhei.dyndns.org/pa...ndEncryptionFaq
| |
| Doctor Who@any.place 2005-01-24, 5:45 pm |
| On 24 Jan 2005 01:00:41 -0000, panta-admin <anonymous@panta-rhei.dyndns.org> wrote:
<snipped>
>:You seem to confuse matters here. Please check my website for the specifics
>:of hashcash.
I have read your Website very carefully. I am not blaming you, but it took me a long time
realize I was supposed to copy and paste the hashcash strong from within the Panta.db file
into the news client headers. I know for a fact I am not the only one confused by this.
Reading both your site and the dedicated Hashcash site did not actually tell me what one
is supposwed to do. When I eventually twigged, I just could not believe how convoluted it
was. If this is meant to stop spam, I am absolutely sure it will. Trouble is, it will
also kill Usent as well, unless it is integrated into the news client.
Just a thought: does JBN integrate Hashcash?
Doctor Who
Get the FAQ here:
http://www.panta-rhei.dyndns.org/pa...ndEncryptionFaq
| |
| Italy Anonymous Remailer 2005-01-24, 5:45 pm |
| In article <ifrav0lr803jsqsm888btguenno6cqlnrq@4ax.com>
Doctor Who@any.place wrote:
>
> On 24 Jan 2005 01:00:41 -0000, panta-admin <anonymous@panta-
rhei.dyndns.org> wrote:
>
> <snipped>
>
specifics[vbcol=seagreen]
>
> I have read your Website very carefully. I am not blaming you, but it
took me a long time
> realize I was supposed to copy and paste the hashcash strong from within
the Panta.db file
> into the news client headers. I know for a fact I am not the only one
confused by this.
> Reading both your site and the dedicated Hashcash site did not actually
tell me what one
> is supposwed to do. When I eventually twigged, I just could not believe
how convoluted it
> was. If this is meant to stop spam, I am absolutely sure it will.
Trouble is, it will
> also kill Usent as well, unless it is integrated into the news client.
Actually, the Hashcash minter from panta includes a shortcut, which if
clicked upon, will automatically put the hashcash header right into your
clipboard which can then be pasted wherever you want it -
X-Hashcash: 1:24:050119:banana::Ih8/cbo29Is8AwCt:0000C0yH
for example, without dealing with the db and will automatically be deleted
from the db. Works great when using QS.
You really ought to check out panta's minter in depth.
> Just a thought: does JBN integrate Hashcash?
Panta's JBN mod does. But watch out for that polymorphing DLL! ;0
> Doctor Who
>
>
>
| |
| Doctor Who@any.place 2005-01-24, 8:45 pm |
| On 24 Jan 2005 01:00:41 -0000, panta-admin <anonymous@panta-rhei.dyndns.org> wrote:
<snipped>
>:You seem to confuse matters here. Please check my website for the specifics
>:of hashcash.
I have read your Website very carefully. I am not blaming you, but it took me a long time
to realize I was supposed to copy and paste the hashcash string from within the Panta.db
file into the news client headers. I know for a fact I am not the only one confused by
this. Reading both your site and the dedicated Hashcash site did not actually tell me
what one is supposwed to do. When I eventually twigged, I just could not believe how
convoluted it was. If this is meant to stop spam, I am absolutely sure it will. Trouble
is, it will also kill Usenet as well, unless it is integrated into the news client.
Just a thought: does JBN integrate Hashcash?
Doctor Who
Get the FAQ here:
http://www.panta-rhei.dyndns.org/pa...ndEncryptionFaq
| |
| Frog-Admin 2005-01-25, 7:45 am |
| -----BEGIN PGP SIGNED MESSAGE-----
In article <ifrav0lr803jsqsm888btguenno6cqlnrq@4ax.com>, Doctor
Who@any.place wrote:
>On 24 Jan 2005 01:00:41 -0000, panta-admin
><anonymous@panta-rhei.dyndns.org> wrote:
>
><snipped>
>
>
>I have read your Website very carefully. I am not blaming you, but it took
>me a long time
>realize I was supposed to copy and paste the hashcash strong from within
>the Panta.db file
>into the news client headers. I know for a fact I am not the only one
>confused by this.
>Reading both your site and the dedicated Hashcash site did not actually
>tell me what one
>is supposwed to do. When I eventually twigged, I just could not believe
>how convoluted it
>was. If this is meant to stop spam, I am absolutely sure it will.
>Trouble is, it will
>also kill Usent as well, unless it is integrated into the news client.
>
>Just a thought: does JBN integrate Hashcash?
>
>
Yes. Panta-Admin has done an excellent job of integrating hashcash
functions in his JBN MODs. You still need to invest CPU Cycles to mint the
tokens, but his MODs allow JBN to automatically insert hashcash tokens when
they are needed.
>Doctor Who
>
>
>Get the FAQ here:
>http://www.panta-rhei.dyndns.org/pa...ndEncryptionFaq
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBQfQ6gTzX1EYjC/u5AQFa/gf/YpGsCx9votdUCns8Z/TaCDG7fxCozZDx
Pb19J2/p5ke4Gd+g8RkB1RaLeSVpp+T1EWjx9b+Aocr/3lOgryO6bbWG3lRsa6G0
OpS9jb+Y22xYKxMWWEGoraOQmA47f2Zox/Px2YnJ3/wHXJgZPUoXM6jrZ4iR7kkL
NH3A2FMfpcCBRJLlXlRDjxT5b2KyLsgqXhJ1qfPB
kjCDD2M18U/Dd+WpEj/qcbom
3vtU/ 3JM0rWT3vhtsW+xjoe9IWxUr8j4f+sqvqts+FpNJ
mq9HdmhuYIne4g48jyB
geMgAEWtKCJIlpsaCTWpEM4z+YW+1AfCyqhOSCWV
KwYZQL811KSdxg==
=+ENE
-----END PGP SIGNATURE-----
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.
| |
| Thrasher Admin 2005-01-25, 8:45 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hi Doc,
On Mon, 24 Jan 2005 21:56:08 GMT, you wrote:
>I have read your Website very carefully. I am not blaming you, but
>it took me a long time realize I was supposed to copy and paste the
>hashcash strong from within the Panta.db file into the news client
>headers. I know for a fact I am not the only one confused by this.
>Reading both your site and the dedicated Hashcash site did not
>actually tell me what one is supposwed to do. When I eventually
>twigged, I just could not believe how convoluted it was. If this
>is meant to stop spam, I am absolutely sure it will. Trouble is, it
>will also kill Usent as well, unless it is integrated into the news
>client.
Panta's hashcash minter has shortcuts included that copy the required
token to the clipboard (not just Panta's). Put them on your desktop
or anywhere else that is easily accessible and the hassle is reduced
to a minimum. It also lets you know when you are low on tokens and
gives you the option of minting more while you go about your
business.
Personally, I don't like the principal of hashcash, but for those
that do, Panta's minter takes away the pain but still achieves the
end for which it was designed.
>Just a thought: does JBN integrate Hashcash?
Once again, Panta Admin has come to the rescue and has a patch/mod
for JBN that does just that.
(I hope Panta's check is in the mail...)
- --
Cheers
Thrasher Admin
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQEVAwUBQfZ4GWe9vBuCUlx7AQHXKwf/XTufkBoym0A/1ij9+swcOA/shTFDm40+
68XcoSgMwbtyJhiaTmS17oVYpQnOQ6qWxEKbZ4v5
BviE12ho1jppLDGoW4u93joC
h6rGjq6whIgtWP16RgvUMRzDqRLS1ibmZEbAeleV
r1v7GiwuItnNGiMzsg9xxHSR
fDqJXIOWSn4gLA3wGIbwS/ wcYFOQ+qyTGvdVkTIqz82ON1DD0pJnCcSh0EXkoT
ML
PaG/ aANQMW74LeAL8aZZlh53EY1iZhP7vDrt7ECmTomt
6sAWJSnPgh73KD/3NGra
rRvuCkLeVUWZhVpyefr7kuwBEHOVZhgGOWGRTFDk
NsJ0lknQWz5nZQ==
=eOl8
-----END PGP SIGNATURE-----
| |
| Doctor Who@any.place 2005-01-25, 8:45 pm |
| On 25 Jan 2005 09:28:58 -0000, Frog-Admin <anonymous@panta-rhei.dyndns.org> wrote:
<snipped>
>:>Just a thought: does JBN integrate Hashcash?
>:>
>:>
>:Yes. Panta-Admin has done an excellent job of integrating hashcash
>:functions in his JBN MODs. You still need to invest CPU Cycles to mint the
>:tokens, but his MODs allow JBN to automatically insert hashcash tokens when
>:they are needed.
Thanks for the info. That is very interesting. I knew I ought to check out JBN. I
haven't used it for years. I dropped it because I always found it a hassle to update the
remailers. Possibly it is easier now. Can't remember why it was difficult.
Doctor Who
Get the FAQ here:
http://www.panta-rhei.dyndns.org/pa...ndEncryptionFaq
| |
| Thomas J. Boschloo 2005-01-30, 5:45 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Thrasher - Anonymous Remailer wrote:
| In article <41f3f39e$0$4320$3a628fcd@reader10.nntp.hccnet.nl>
| "Thomas J. Boschloo" <nospam@hccnet.nl.invalid> wrote:
|
|>-----BEGIN PGP SIGNED MESSAGE-----
|>
|>Thomas J. Boschloo wrote:
|>
|
| <snipped the lot>
|
| Thomas, you are really starting to muddy the waters. Forget Tor
| headers in QS Betas as it is all handled by simple, protocol
| specific, drop-downs and the proxy manager.
|
| Tor won't exit at 127.0.0.1
|
| QS itself supports all socks so port forwading is all that is
| required, not socks 4/4a support.
But Persona Non Grata wanted to have Tor /AND/ TLS support. That sort of
complicates things.. But as another (anonymous) poster pointed out, you
can Sockscap STunnel..
So QS --> STunnel --> Sockscap --> Tor --> rjgcfnw4sd2jaqfu.onion:25
You can setup STunnel as specified on the
<http://www.bananasplit.info/mailtls.html> site.
Thomas
- --
Morrissey - Seasick, Yet Still Docked:
"I am a poor freezingly cold soul"
"So far from where"
"I intended to go"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQfz7dQEP2l8iXKAJAQGLygMfdD2HS6Nc
a535jMrn3n6lZ1r/t3neFjiZ
LG5qQM1Tos0CNv+G3ByyISq+9iZxHte90eWZ+QYF
XDSkRvPSq+8FkcjQCkFOARmU
WJvbft6EC9NK26gqRrVy0w+b1p/Ovh9rOZCJsg==
=+EMe
-----END PGP SIGNATURE-----
| |
| Thomas J. Boschloo 2005-01-30, 5:45 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
PersonaNonGrata wrote:
<snip>
| ok now my new QS header
|
| my QS header
|
| Proxy: 127.0.0.1:9050,4a; nowhere.invalid;
| Fcc: outbox
| Host: 127.0.0.1:26
| From: john@doe
| Chain: banana,*,*,*; copies=4
| References: <courier.41F35FB6.0000711D@meinkeksi.eniac.de>
| <41f3e8d4$0$155$3a628fcd@reader2.nntp.hccnet.nl>
| Newsgroups: alt.privacy.anon-server
| Nym: PersonaNonGrata@hod.aarg.net
| To: mail2news@anon.lcs.mit.edu, mail2news@dizum.com,
| mail2news@news.gradwell.net
| Subject: Re: PGP, Privoxy, Tor, SSL, Mixmaster messages
|
|
|
| ?Question what does the "nowhere.invalid;" in the proxy header
| mean?
I think it has to do with what used to be the Sign-On line in QS-beta.
| my stunnel config file
| ########################################
########################
| #
| RNDbytes = 2048
| RNDfile = bananarand.bin
| RNDoverwrite = yes
| client = yes
| options = ALL
| CAfile = banana.pem
| verify = 3
| debug = 7
| output = banana.log
| #
| #
| [BANANA_SMTP]
| protocol = smtp
| accept = 26
| connect = snorky.bananasplit.info:2525
| delay = no
| #
| ########################################
########################
|
| My stunnel log snippet
<snip long log>
| This indicates to me that the connection was tls/ssl-Stunnel
| inside the tor connection.
I agree what it is TLS encrypted, but why do you think it is Tor
anonymized? The way I read it is that QS goes through Tor to connect to
localhost:26 (basically doing nothing thus since they both are on your
local machine). And STunnel in turn connects directly to
snorky.bananasplit.info:2525 from your computer (localhost:26).
Sorry, I don't believe you are using Tor in the correct way. I would
leave out the Tor proxy headers in QS and use Sockscap to have STunnel
connect through the Tor network or the panta .onion SMTP hidden service..
| This maybe redundent because it looks like tor is a variation on
| stunnel anyway.
STunnel and Tor do two very different things. Tor hides who you are
while TLS tries to confirm who you are and who you are talking to (the
Bananasplit PEM certificate).
The thing you will want by using TLS is the forward secrecy, but I
am pretty sure that Tor also has this capability. Thus indeed making TLS
superfluous for use with Quicksilver. I would only use either TLS or Tor.
| Now to extend this even more is there a way to send this to a
| smtp onion address,
You should paste the onion address into STunnel and make sure STunnel
knows what to do with it (IOW, Use sockscap).
| and if so does that mean that tor encryption reaches all the way
| to the secret onion service?
It's called a -hidden- service and I guess that it does. In fact, the
only way to connect to an onion service is by using the Tor socks 4a proxy.
| Anyone know how do I get the tor logs to work?
That info is probaby on <http://tor.freehaven.net/>. (Having looked
there myself, I cannot find such commandline options right now)
Thomas
- --
Morrissey - Seasick, Yet Still Docked:
"I am a poor freezingly cold soul"
"So far from where"
"I intended to go"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQf0CtQEP2l8iXKAJAQH9rQMeOgZsadsa
Goy490l56CyI1Zt9x77Ea3Rc
MS9B/ wq2glCwXG7VGTWedx4U4FnDhv3yEtQQzObadtMYf
NRMnYPzDLxf9agZndvz
p86t4/krmLCnRArGV6JDLzfFq6oJ2BojzijbGg==
=pitE
-----END PGP SIGNATURE-----
|
|
|
|
|