|
Home > Archive > Anonymous Servers > February 2007 > Question for TOR experts
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Question for TOR experts
|
|
| Newsanon Admin 2007-02-19, 1:12 pm |
| If I set up a TOR server with an exit policy of allowing output only to my
ip, on port 25, could somebody running a javascript application like
privat-anon's, and running TOR, send an email message to my server?
If something like that could be done, perhaps it would allow me to receive
the email and then send it, via the newsanon gateway, to the desired
newsgroup.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 19 Feb 2007 17:31:38 GMT, Newsanon Admin wrote in
Message-Id: <20070219173305.0avTWM051MZq@anonymous.poster>:
> If I set up a TOR server with an exit policy of allowing output only to my
> ip, on port 25, could somebody running a javascript application like
> privat-anon's, and running TOR, send an email message to my server?
Providing you have a MTA listening on your local IP, (or localhost) then
yes. There is a gotcha though; connections from your Tor node to your
MTA are local -> local. A commonly configured MTA will see this as mail
coming from a local user which means it will relay it to a non-local
destination. This may not be what you want.
> If something like that could be done, perhaps it would allow me to receive
> the email and then send it, via the newsanon gateway, to the desired
> newsgroup.
Your Tor exit-policy will not stop it acting as a normal Tor server for
non-exit traffic. It sounds to me that what you want is an exit-point
from Tor but without functioning as a Tor server. Take a look at
Location Hidden Services.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRdnoz2oLu9HNUqmMAQr27wf/S/54Vwp8QAjWouLmdTNjzhy/n4ai3Clc
jJa+KDCBfOjMrDJBH1gDaIGQG6pkzcxLVGQZ3QB7
EeQc9VVCWCnn0OgcQZ4xTFMe
7e/zLOjU1N/y/uMP4QaA1oLlXr+sFs+sRwXCoSSiv+DW5/6vnwZvST7VkULM+KpC
Vydsx7lgc/5BSTvCvI/nW8M6pyN6AIt/02W5Rx+WKdq6V3BInIIGns4yxg5yvFDK
PPKeyzPLXNYK/ JHoSx4MSK6Bua1LRB9VjZOYeTIRhOpQqXYO5LWDe
WS4JxNN86op
mek4lO+40URPFmBxNi1geh7ZKmO6H/dPV8M200nQWqmWHWoiq9O1Xg==
=WrfH
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Anonymous 2007-02-19, 1:12 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 19 Feb 2007 18:13:36 +0000, Zax wrote:
>
> On 19 Feb 2007 17:31:38 GMT, Newsanon Admin wrote in
> Message-Id: <20070219173305.0avTWM051MZq@anonymous.poster>:
>
>
> Providing you have a MTA listening on your local IP, (or localhost) then
> yes. There is a gotcha though; connections from your Tor node to your
> MTA are local -> local. A commonly configured MTA will see this as mail
> coming from a local user which means it will relay it to a non-local
> destination. This may not be what you want.
Thanks, I'll have to see if I can control that with a rule, else it will
be a showstopper.
>
>
> Your Tor exit-policy will not stop it acting as a normal Tor server for
> non-exit traffic.
Good catch. I never considered that. I could let it run as a middleman
server in addition, but it would probably chew up more bandwidth than I
want to allow.
> It sounds to me that what you want is an exit-point
> from Tor but without functioning as a Tor server. Take a look at
> Location Hidden Services.
I will.
One other question: assuming it is set up, can you give an example of the
format of the email that would be used. Assume it is not a hidden service.
I've copied/edited a template from the panta wiki which seems close to
what I would want, though I've never gotten variations of it to work in
QS. I'm not using https or ssl or anything like that.
Host: 127.0.0.1:2525
From: anon@bananasplit.info
From: your nym here
To: mail2news@newsanon.yi.org?
or
To: name of tor server:port?
Newsgroups:
References:
Subject:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF2fGknCWE8SEbcIsRAizDAKDaZGYyznRP
x22xC4Ntd7JoK92wxQCgtxrD
fb5XzsfRlFTH3HcIeOhgfF0=
=pDsy
-----END PGP SIGNATURE-----
| |
| admin@eelbash.yi.org 2007-02-19, 1:12 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 19 Feb 2007 18:13:36 +0000, Zax wrote:
>
> On 19 Feb 2007 17:31:38 GMT, Newsanon Admin wrote in
> Message-Id: <20070219173305.0avTWM051MZq@anonymous.poster>:
>
>
> Providing you have a MTA listening on your local IP, (or localhost) then
> yes. There is a gotcha though; connections from your Tor node to your
> MTA are local -> local. A commonly configured MTA will see this as mail
> coming from a local user which means it will relay it to a non-local
> destination. This may not be what you want.
Thanks, I'll have to see if I can control that with a rule, else it will
be a showstopper.
>
>
> Your Tor exit-policy will not stop it acting as a normal Tor server for
> non-exit traffic.
Good catch. I never considered that. I could let it run as a middleman
server in addition, but it would probably chew up more bandwidth than I
want to allow.
> It sounds to me that what you want is an exit-point
> from Tor but without functioning as a Tor server. Take a look at
> Location Hidden Services.
I will.
One other question: assuming it is set up, can you give an example of the
format of the email that would be used. Assume it is not a hidden service.
I've copied/edited a template from the panta wiki which seems close to
what I would want, though I've never gotten variations of it to work in
QS. I'm not using https or ssl or anything like that.
Host: 127.0.0.1:2525
From: anon@bananasplit.info
From: your nym here
To: mail2news@newsanon.yi.org?
or
To: name of tor server:port?
Newsgroups:
References:
Subject:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF2fGknCWE8SEbcIsRAizDAKDaZGYyznRP
x22xC4Ntd7JoK92wxQCgtxrD
fb5XzsfRlFTH3HcIeOhgfF0=
=pDsy
-----END PGP SIGNATURE-----
| |
| Anonymous Remailer (austria) 2007-02-19, 7:12 pm |
|
Newsanon Admin <admin@eelbash.yi.org> wrote:
>
> If I set up a TOR server with an exit policy of allowing output only to my
> ip, on port 25, could somebody running a javascript application like
> privat-anon's, and running TOR, send an email message to my server?
>
> If something like that could be done, perhaps it would allow me to receive
> the email and then send it, via the newsanon gateway, to the desired
> newsgroup.
>
I don't get the point of this. If you have an exit policy only
allowing connectings to your own IP on port 25, how is this different
from accepting connections from any tor server to your computer on
port 25? It doesn't give increased anonymity at all...
| |
| Newsanon Admin 2007-02-19, 7:12 pm |
| On Mon, 19 Feb 2007 21:29:19 +0100, Anonymous Remailer (austria) wrote:
>
> Newsanon Admin <admin@eelbash.yi.org> wrote:
>
> I don't get the point of this. If you have an exit policy only
> allowing connectings to your own IP on port 25, how is this different
> from accepting connections from any tor server to your computer on
> port 25? It doesn't give increased anonymity at all...
I admit I'm fuzzy on the architecture of it. The idea was that somebody
could connect anonymously to my tor node, after going through two other
nodes, with an email message that would exit to my mail server. But I
think I see what you are saying: he would have to connect to my tor node
as the first node. If that's the case, it makes no sense at all.
| |
| George Orwell 2007-02-20, 7:13 am |
| Newsanon Admin wrote:
> On Mon, 19 Feb 2007 21:29:19 +0100, Anonymous Remailer (austria)
> wrote:
>
>
> I admit I'm fuzzy on the architecture of it. The idea was that
> somebody could connect anonymously to my tor node, after going
> through two other nodes, with an email message that would exit to my
> mail server. But I think I see what you are saying: he would have to
> connect to my tor node as the first node. If that's the case, it
> makes no sense at all.
It's you who is making no sense. There's no reason to connect to your
node first, in fact you couldn't do it that way. Your node has to be
last for any exit policy to have an effect. But it will never work
anyway.
And FWIW Zax's gibberish about a MTA delivering remotely because
messages would appear to originate locally is just as senseless. Mail
software will deliver locally or remotely according to what domains
it's told are local, and it doesn't matter where the message comes
from. If anyone has a mail server that does different they need to hire
someone to sort out their configuration problems or dump whatever
broken mail transport they're using.
The problem with your latest gimmick is you'll never get a Javascript
web page to make the connection properly. Even you should be able to
understand that if you're going to connect to a mail server you need a
mail client. Web browsers don't speak SMTP, and you can't force them to
with JS. So even if you do manage to get a connection to the proper
host:port established, you'll never negotiate the transfer. And getting
the connection established won't be a piece of cake to begin with.
What's your URI going to look like? Something along the lines of
"http://server.domain.tornode.exit:25"? It's never going to fly. No
how no way. Sorry. That's why server side webmail scripts/cgi exist.
There's other huge problems, like taking anonymous connections forcing
you to run an open mail relay, but they're pretty much moot because of
the above.
This is essentially why Tor hidden services exist, but it's useless to
use them for mail with a normal client. Normal clients don't
sanitize headers. That is why JBN and QS exist. And oddly enough the
speak SMTP and connect just fine through Tor hidden service
connections. Just ask Panta Admin.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Tue, 20 Feb 2007 08:55:14 +0100 (CET), George Orwell wrote in
Message-Id: < 967773b19b3d4f7390e2ceb7482796d3@mixmast
er.it>:
> And FWIW Zax's gibberish about a MTA delivering remotely because
> messages would appear to originate locally is just as senseless. Mail
> software will deliver locally or remotely according to what domains
> it's told are local, and it doesn't matter where the message comes
> from. If anyone has a mail server that does different they need to hire
> someone to sort out their configuration problems or dump whatever
> broken mail transport they're using.
Sorry, disagree. This has actually occurred in a live situation where a
remailer admin advertised his MTA as a Location Hidden Service. Domain
names do not dictate which incoming messages are treated as local or
remote, this is done by defining what IP's and subnets are local. (In
Postfix this is the my_networks parameter).
By default a non open-relay will relay:
local -> remote
remote -> local
local -> local
An open relay would add remote -> remote to this list.
If localhost is defined in my_networks (and it should be) then messages
from Tor are deemed to be arriving at the MTA from a local sender. This
means the MTA will happily relay them remotely, making the Hidden
Service an open relay. This is probably not desirable and special
consideration needs to be given to the MTA configuration.
> And oddly enough the speak SMTP and connect just fine through Tor
> hidden service connections. Just ask Panta Admin.
This is the example I cited above. Panta had to configure his MTA to
listen on an additional port and then direct the Hidden Service to
deliver to it. Within the MTA configuration he could then define that
messages arriving on that port could only be relayed to local
destinations.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRdrUiWoLu9HNUqmMAQrr9gf+NtLJSG1r
fm2bLQBMTHbg9dgvkhhxehUh
MtPh4ZumSMt1TJkY5c0Y0XaHDbd84feXm47RrAYt
cSqMiKHC/1NmKK8LeODosL0e
Um/ YwYugOJg5+nkg9a2H4SF8O88VEh7OQYQjlJWbLpi
hcUHonvVrfgFGdCVTeiCG
9D5CMJ7MO4MxfdFcGeOkI0QiCJsSIMmCSJA0VQWg
VilP3B2phrgRcRQPYRNcesbt
nAXLwAUvQk3gZM4HdkDLzELitDeetmpw5N8puxht
2HNJ0SU6DvrunZMdwpnLg2OK
H3ESrmTCnuf8rGOc19yaRyGikRovE+zTuoUcJtuL
bi4q187mPJoDmw==
=xLY0
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Newsanon Admin 2007-02-20, 7:13 am |
| On Tue, 20 Feb 2007 08:55:14 +0100, George Orwell wrote:
>
> The problem with your latest gimmick is you'll never get a Javascript
> web page to make the connection properly. Even you should be able to
> understand that if you're going to connect to a mail server you need a
> mail client. Web browsers don't speak SMTP, and you can't force them to
> with JS.
Isn't there a 'mailto:' statement for js? I assume that the user would
have an smtp server with his isp, or is running one himself, and when he
runs the 'mailto' it would send the message to whatever address the js had
set up.
People do send email from web pages don't they?
If the developers of js forgot to allow for sending email, maybe the js
could write the messsage to the hard drive and it could be read in by a
5-line PERL or Python script which would email it to the desired address.
I assume js can write out text to a file.
> So even if you do manage to get a connection to the proper
> host:port established, you'll never negotiate the transfer. And getting
> the connection established won't be a piece of cake to begin with.
> What's your URI going to look like? Something along the lines of
> "http://server.domain.tornode.exit:25"? It's never going to fly. No
> how no way. Sorry. That's why server side webmail scripts/cgi exist.
That's why I asked about a sample template for sending an email to a tor
node. As you know, you can use QS to send a message to a tor node and then
through a chain of remailers. The idea here was to send the message to a
tor node and the software at that end would send it through a gateway.
If it's possible to do it from QS, why is it impossible to do it through
js?
Of course, as has been pointed out, if the first tor node you connect to
is also the last one there's no anonymity.
My assumptions are:
you can send an email from a javascript page
it's possible for your tor 'chain' to consist of one node, which exits
your smtp message
It would be pleasant if you could connect to a chain of 3 tor nodes, the
last one of which would exit your smtp message, but I have the feeling it
can't work that way. Comment?
| |
| Nomen Nescio 2007-02-20, 1:13 pm |
| Zax wrote:
>
> Sorry, disagree. This has actually occurred in a live situation
> where a remailer admin advertised his MTA as a Location Hidden
> Service. Domain names do not dictate which incoming messages are
> treated as local or remote, this is done by defining what IP's and
> subnets are local. (In Postfix this is the my_networks parameter).
<snip>
You're really a nice guy and all Steve, but when it comes to the
technical stuff you realy should just keep quiet.
First of all it's "mynetworks" not "my_networks".
The mynetworks variable does define what set of IP addresses Postfix
considers local network IP addresses, but it has little or nothing to
do with routing except indirectly. The mynetworks variable is used to
control things what hosts can invoke commands like XVERP (if that's
allowed), and define when domain names get added to the appropriate
headers in outgoing or "internal" mail.
What $mynetworks DOESN'T do is tell postfix which mails to rout locally
unless for some ungodly reason you've added $mynetworks to
"mydestinations" (not my_destinations). That's the comma delimited list
of domains Postfix considers local "end points", and what controls
whether mail will be delivered remotely or retained locally Steve.
If your $mydestinations includes $mynetworks for anything other
than a "closed private" IP network, then I refer you to my previous
advice. Either replace the broken software that thinks a private subnet
is considered "local delivery", or replace the broken operator.
And if you are by some stretch of the imagination thinking about a
typical configuration where local users can have mail delivered remotely
it's irrelevant. Your destination will always be one specific
"remailer@my.host" address. If it's not this is again a problem with
the mail server operator or UI software author, not Postfix.
Which is also another reason why a javascript web based mail client is a
piss poor idea at its core. Nobody in their right mind would consider
it, or any other client side scripting, a usable tool for the job in the
first place.
| |
| George Orwell 2007-02-20, 1:13 pm |
| Newsanon Admin wrote:
> On Tue, 20 Feb 2007 08:55:14 +0100, George Orwell wrote:
>
>
> Isn't there a 'mailto:' statement for js? I assume that the user would
> have an smtp server with his isp, or is running one himself, and when
> he runs the 'mailto' it would send the message to whatever address
> the js had set up.
What are you talking about? Mailto: calls up the default mail client on
the user end and sends through that client's configured SMTP server. It
has nothing at all to do with the Web, Tor, or an exit node with an
exit policy of localhost:25. And even if it did there's no way to pass
all the headers you need in a Mailto link. Let alone pass body text of
sufficient size and format to be useful even if you do happen to stumble
across a modern client that will accept &body.
> People do send email from web pages don't they?
No, they don't. They send from mail clients, or they use what amounts
to remote mail clients in the form of host side scripts or executables.
> If the developers of js forgot to allow for sending email, maybe the
> js could write the messsage to the hard drive and it could be read in
> by a 5-line PERL or Python script which would email it to the desired
> address. I assume js can write out text to a file.
You do?
That shows everyone just how ignorant you really are.
>
> That's why I asked about a sample template for sending an email to a
> tor node. As you know, you can use QS to send a message to a tor node
> and then through a chain of remailers. The idea here was to send the
> message to a tor node and the software at that end would send it
> through a gateway.
No you can't send email to a Tor node with QS or anything else. You can
send email THROUGH SOME Tor nodes and on to a mail server, but for that
you need a mail client not a web browser. Fortunately, QS is a mail
serviceable client among other things.
>
> If it's possible to do it from QS, why is it impossible to do it
> through js?
Golly. I don't know. Maybe for the same reason you can send mail with
QS, and not a tomato? Maybe because JS has about as much to do with
sending mail as that tomato does?
> Of course, as has been pointed out, if the first tor node you connect
> to is also the last one there's no anonymity.
What nonsense! The entry node and exit node will always be separate and
distinct. To the client the whole network is completely transparent,
existing as a single node in itself.
>
> My assumptions are:
Completely and eternally FUBAR. You've become something of a legend for
your ability to meander around the privacy and anonymity community
without so much as a single fact in your pocket, and no grasp of what
you're messing around with what so ever. It only stands to reason that
any knee jerk conclusions formed out of on that severe lack of
knowledge and understanding would be horribly broken.
> you can send an email from a javascript page
> it's possible for your tor 'chain' to consist of one node, which exits
> your smtp message
You cannot send email from a javascript page. Period. You can only
(indirectly) submit formatted text to some other interim program that
does, and even then only within some very tight constraints.
You can't write files, call arbitrary external programs, or speak to
mail servers in any language they can understand. Sorry, but those are
just SOME of the facts you're missing.
> It would be pleasant if you could connect to a chain of 3 tor nodes,
> the last one of which would exit your smtp message, but I have the
> feeling it can't work that way. Comment?
Yes. You're the APAS village idiot. People connect through normal chains
of Tor nodes and exit to SMTP servers every single day. That's how it
works by default, but here you are wishing it could happen.
Look on the bright side. At least you have amusement value. 
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Tue, 20 Feb 2007 18:40:03 +0100 (CET), Nomen Nescio wrote in
Message-Id: <b2834b27a9bc9cb23e1d0ebc2b2251fd@dizum.com>:
> First of all it's "mynetworks" not "my_networks".
Sorry my error, I didn't bother to check as it wasn't important in the
context of the OP.
> The mynetworks variable does define what set of IP addresses Postfix
> considers local network IP addresses, but it has little or nothing to
> do with routing except indirectly. The mynetworks variable is used to
> control things what hosts can invoke commands like XVERP (if that's
> allowed), and define when domain names get added to the appropriate
> headers in outgoing or "internal" mail.
- From http://www.postfix.org/basic.html#mynetworks:
"The mynetworks parameter lists all networks that this machine somehow
trusts. This information can be used by the anti-UCE features to
recognize trusted SMTP clients that are allowed to relay mail through
Postfix."
If you have a local Tor service connecting to your MTA on port 25, and
mynetworks contains 127.0.0.1, then the MTA will relay those messages,
regardless of whether the destination is local or remote. This has
nothing to do with mydomains or relay_domains, it's to do with what
networks the MTA trusts. It trusts these networks because of the
default smtpd_recipient_restrictions:-
permit_mynetworks, reject_unauth_destination
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRdtUTWoLu9HNUqmMAQovdQf6AjHit0cX
cfPrVmoTlV7ZqftXeSZkveWa
ZNLYdaCcpLwEQLr/ 4XqCif0CjY7AX7+QvS8VIoELaYFhCrPG4AeooS0c
0qiHPS+2
cENuBmGfrB8hut9W1Ujwnxpf5NuokGSKQzXzJ+Ub
A4Rhp8dkpdnd1xypnfc8ud8y
Wd4z8yaFWkV/ jdCCu+TiSwT+2FpPJWAwWXTazSeiQ2CyvQlBXViy
YYy/LmsDoNLj
qeYmp6FHPVnH7DkORX4fxtDh9DtOfZfDr+aJvz7R
W/C4hQ6hg2Me0o0k56kjCc9X
d1mwHkuAxvfTWc+vU/hwNC+mlhyotVD/KrXjtPLHjbnWaZKowXa9cQ==
=LtQg
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Anonymous Remailer (austria) 2007-02-20, 7:13 pm |
|
Newsanon Admin <admin@eelbash.yi.org> wrote:
>
> People do send email from web pages don't they?
No, they post forms to a webmail provider which does the actual sending.
> That's why I asked about a sample template for sending an email to a tor
> node. As you know, you can use QS to send a message to a tor node and then
> through a chain of remailers. The idea here was to send the message to a
> tor node and the software at that end would send it through a gateway.
Uh...that's what already happens. First of all, QS does not send a
message to a tor node. It makes a connection to a mail server through
a chain of Tor nodes. Usually that mail server is the entry remailer you
are using. It then passes on the mixmaster message.
What you are wishing could be done is to connect to a mail server
through tor, and send a mail. That is exactly what is already being
done.
> If it's possible to do it from QS, why is it impossible to do it through
> js?
As Javascript runs in the browser, it doesn't really have any usable
ability to call programs. That would be a security risk...you could
go to a webpage and it could run "format c:".
> Of course, as has been pointed out, if the first tor node you connect to
> is also the last one there's no anonymity.
That never happens. Tor won't create a chain of tor nodes that have
the same entry and exit nodes.
> My assumptions are:
> you can send an email from a javascript page
Not really, as has been said. You can only post a form to a server
which then does the actual sending.
> it's possible for your tor 'chain' to consist of one node, which exits
> your smtp message
3 is the minimum tor nodes in a chain. Why on earth would you only
want one node? That would give you no anonymity or privacy at all.
> It would be pleasant if you could connect to a chain of 3 tor nodes, the
> last one of which would exit your smtp message, but I have the feeling it
> can't work that way. Comment?
This already happens, every single day. You are wishing for things
that Tor has been capable of for years.
You don't really seem to understand Tor at all, and I'm really not
sure what you are trying to do here 
| |
| Newsanon Admin 2007-02-20, 7:13 pm |
| On Tue, 20 Feb 2007 21:15:15 +0100, Anonymous Remailer (austria) wrote:
>
> You don't really seem to understand Tor at all, and I'm really not
> sure what you are trying to do here
No I don't. What I was looking for was a way for someone to run javascript
locally and create a file formatted for an smtp server and to send the
file through Tor, which would go through the 3 nodes and end up at a tor
node that would take the properly formatted message:
to:
from:
subject:
message body
that sort of thing - take the message and massage it and send it to the
tor node operator's m2n gateway so that the message ended up on a
newsgroup.
The reason I was hoping something like that could be done was that it
would provide a quick way for someone to create a newsgroup post and send
it through Tor and see it show up immediately on a newsgroup, and the
sender would not have to do any encrypting and would not have to wait and
hope that the remailer system would deliver it.
From the examples given here, javascript seems like a compact way to
create a nice, locally run, platform-independent, gui that does extensive
validation. If it could be used as the front-end to something like the
above, it might be very useful.
If it can't, it can't.
A better way, of course, is the way I tried, using a php display that
allowed the user to fill in the fields and submit the message; but, in my
case, the security of my code was poor, so I had to shut it down.
Zax is running the same thing, but perhaps knows what he is doing in
connection with securing it. He might consider a zero-latency option so
that people using his web2news page would find their message going
immediately to his gateway and to a newsgroup. I know the removal of the
latency weakens anonymity, but my short experience with my own web2news
page gives me the impression that the customers like that sort of thing -
both the quickness, and the certainty of the message getting to its
destination.
He'd be offering a service as secure, pretty much, as the tor stuff he now
offers, and would increase his market share by catering to the needs of
his customers, who are always right.
| |
| Non scrivetemi 2007-02-20, 7:13 pm |
| Zax <admin@bananasplit.info> wrote:
You're not looking at the right part of Postfix's configuration. My
server not only won't deliver localhost mail to anywhere but a local
mail box, it generates special logs for all that mail as well as
anything originating from outside $mynetworks. But mail from local
sub-nets goes pretty much unnoticed (I use SASL).
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Tue, 20 Feb 2007 18:40:03 +0100 (CET), Nomen Nescio wrote in
> Message-Id: <b2834b27a9bc9cb23e1d0ebc2b2251fd@dizum.com>:
>
>
> Sorry my error, I didn't bother to check as it wasn't important in the
> context of the OP.
>
>
> - From http://www.postfix.org/basic.html#mynetworks:
> "The mynetworks parameter lists all networks that this machine somehow
> trusts. This information can be used by the anti-UCE features to
> recognize trusted SMTP clients that are allowed to relay mail through
> Postfix."
>
> If you have a local Tor service connecting to your MTA on port 25, and
> mynetworks contains 127.0.0.1, then the MTA will relay those messages,
> regardless of whether the destination is local or remote. This has
> nothing to do with mydomains or relay_domains, it's to do with what
> networks the MTA trusts. It trusts these networks because of the
> default smtpd_recipient_restrictions:-
>
> permit_mynetworks, reject_unauth_destination
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iQEVAwUBRdtUTWoLu9HNUqmMAQovdQf6AjHit0cX
cfPrVmoTlV7ZqftXeSZkveWa
> ZNLYdaCcpLwEQLr/ 4XqCif0CjY7AX7+QvS8VIoELaYFhCrPG4AeooS0c
0qiHPS+2
> cENuBmGfrB8hut9W1Ujwnxpf5NuokGSKQzXzJ+Ub
A4Rhp8dkpdnd1xypnfc8ud8y
> Wd4z8yaFWkV/ jdCCu+TiSwT+2FpPJWAwWXTazSeiQ2CyvQlBXViy
YYy/LmsDoNLj
> qeYmp6FHPVnH7DkORX4fxtDh9DtOfZfDr+aJvz7R
W/C4hQ6hg2Me0o0k56kjCc9X
> d1mwHkuAxvfTWc+vU/hwNC+mlhyotVD/KrXjtPLHjbnWaZKowXa9cQ==
> =LtQg
> -----END PGP SIGNATURE-----
>
| |
| Anonymous 2007-02-20, 7:13 pm |
| Newsanon Admin <admin@eelbash.yi.org> wrote:
> If I set up a TOR server
Please don't.
| |
|
| On Tue, 20 Feb 2007 23:45:41 +0100 (CET), Non scrivetemi wrote in
Message-Id: < f7f6fe5d7b343f0d39afc093dca23d37@pboxmix
.winstonsmith.info>:
> You're not looking at the right part of Postfix's configuration. My
> server not only won't deliver localhost mail to anywhere but a local
> mail box, it generates special logs for all that mail as well as
> anything originating from outside $mynetworks. But mail from local
> sub-nets goes pretty much unnoticed (I use SASL).
That's fine, you've configured your postfix server to do what you want
it to. My point at the beginning of this thread was that the default
MTA configuration would leave the OP open to abuse by running an
open relay because the Tor exit-point and the MTA are both local.
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| George Orwell 2007-02-20, 7:13 pm |
| Zax wrote:
<discard quibble>
Zax, please.... mail servers that relay authorized mail from remote
hosts (those other than localhost) but only deliver locally originated
mail to local accounts are not only common, they're basically the rule
these days. It's a real easy tweak in postfix. I'm not even sure it
isn't the default config now.
| |
| Borked Pseudo Mailed 2007-02-20, 7:13 pm |
| Zax wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Tue, 20 Feb 2007 18:40:03 +0100 (CET), Nomen Nescio wrote in
> Message-Id: <b2834b27a9bc9cb23e1d0ebc2b2251fd@dizum.com>:
>
>
> Sorry my error, I didn't bother to check as it wasn't important in the
> context of the OP.
Apparently there's a number of things you feel aren't important enough
to bother checking.
>
>
> - From http://www.postfix.org/basic.html#mynetworks:
> "The mynetworks parameter lists all networks that this machine somehow
> trusts. This information can be used by the anti-UCE features to
> recognize trusted SMTP clients that are allowed to relay mail through
> Postfix."
Why are you repeating what I already said?
And why are you being so thick that you can't understand that where
messages come from and where they're allowed to be delivered to are
two different configurations?
One more time Zax:
You're delivering to a local address, and if you're not something is
broken. Its easy to prevent someone who changes the submitted data
from sending mail to external adresses. That's what smtp delivery
restrictions DO for God's sake. Or aren't you aware that Postfix is an
SMTP client as well as an smtpd server?
>
> If you have a local Tor service connecting to your MTA on port 25, and
> mynetworks contains 127.0.0.1, then the MTA will relay those messages,
> regardless of whether the destination is local or remote. This has
> nothing to do with mydomains or relay_domains, it's to do with what
> networks the MTA trusts. It trusts these networks because of the
> default smtpd_recipient_restrictions:-
>
> permit_mynetworks, reject_unauth_destination
Oh for XXXX's sake already! Yes, that defines who is allowed to SUBMIT
mail, NOT where any user, group, or host is allowed to send mail TO.
Do us all a favor and either learn Postfix in a little more detail than
fumbling through installing it, or quit handing out advice regarding a
tool you obviously don't understand.
| |
| Anonymous 2007-02-20, 7:13 pm |
| In article <20070220221409.2k7ihEwDy7zZ@anonymous.poster>
Newsanon Admin <admin@eelbash.yi.org> wrote:
>
>
> He'd be offering a service as secure, pretty much, as the tor stuff he now
> offers, and would increase his market share by catering to the needs of
> his customers, who are always right.
If quick posting through Tor is all you're after there are several ways to
do it. A free email account with one of the free email services which
provide smtp on an alternate port, signed up through Tor and email sent
through Tor to one of the existing mail2news' is one way I do it. Another
is using Tor-enabled Thunderbird or any socksified news client with a free
Tor-signed-up-for news service. Both of which are easier that any web
interface.
Hmmm...marketshare. Where have I heard that before? I'm not really sure
most remailer admins are that concerned with marketshare. With the
exception of, uh, two.
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.eu.org
for abuse and hashcash info.
| |
| Borked Pseudo Mailed 2007-02-21, 1:12 am |
| On Wed, 21 Feb 2007 00:24:13 +0000, Anonymous wrote:
>
> Hmmm...marketshare. Where have I heard that before? I'm not really sure
> most remailer admins are that concerned with marketshare. With the
> exception of, uh, two.
Please expand.
| |
| Anonyma 2007-02-21, 1:12 am |
| Zax wrote:
> On Tue, 20 Feb 2007 23:45:41 +0100 (CET), Non scrivetemi wrote in
> Message-Id:
> < f7f6fe5d7b343f0d39afc093dca23d37@pboxmix
.winstonsmith.info>:
>
>
> That's fine, you've configured your postfix server to do what you want
> it to. My point at the beginning of this thread was that the default
> MTA configuration would leave the OP open to abuse by running an
> open relay because the Tor exit-point and the MTA are both local.
>
I think we understood your point right from the beginning. The problem
is that your statements about default mail server software configs are
incorrect ones. A default source install of Postfix and Exim is no
remote delivery at all, and every packaged configuration I've seen that
didn't walk you through a basic setup was the same. For reasons that
should be obvious. So no matter how you install the default is to have
to set things up properly in any case. Which brings us back to operator
error. ;)
By the way we're talking about SMTP servers not mail transport agents.
Even though most SMTP server software can function as a simple MTA
there's a big difference. Maybe that's what's causing your confusion?
| |
| Anonymous 2007-02-21, 1:12 am |
| "Anonymous Remailer (austria)" <mixmaster@remailer.privacy.at> wrote:
> Why on earth would you only
> want one node? That would give you no anonymity or privacy at all.
Keep in mind who you're talking to.
> You don't really seem to understand Tor at all, and I'm really not
> sure what you are trying to do here
It's Eelxobogshire Admin. What did you expect? Intelligence and logic?
| |
|
| On Tue, 20 Feb 2007 16:43:37 -0700 (MST), Borked Pseudo Mailed wrote in
Message-Id: <e9a63406466a14b19547b7468f89e271@pseudo.borked.net>:
> Oh for XXXX's sake already! Yes, that defines who is allowed to SUBMIT
> mail, NOT where any user, group, or host is allowed to send mail TO.
Which is my point exactly. A Tor Hidden Service is allowed to submit
mail because from the perspective of the MTA it's a local (authorised)
user.
This isn't fiction, it's a problem that's actually occured. When Panta
first opened up a Hidden Service for his MTA, it was functioning as an
open relay. It was soon fixed but it took some unusual configuration
that involved making postfix listen to localhost on an alternate port
with permission to only relay to his local remailer account.
I don't see why you find this so difficult to grasp. This is part of
the reason why the default Tor exit-policy excludes local and private
networks. Server operators don't want connections to their local hosts
with potentially elevated privillages because the connection appears to
come from internally.
> Do us all a favor and either learn Postfix in a little more detail than
> fumbling through installing it, or quit handing out advice regarding a
> tool you obviously don't understand.
Yes, I must learn it one day. Then I'll be able to stand up a remailer.
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Cyberiade.it Anonymous Remailer 2007-02-21, 7:13 am |
| In article <erh1ts$668$1@bananasplit.info>
Zax <admin@bananasplit.info> wrote:
>
> This isn't fiction, it's a problem that's actually occured. When Panta
> first opened up a Hidden Service for his MTA, it was functioning as an
> open relay. It was soon fixed but it took some unusual configuration
> that involved making postfix listen to localhost on an alternate port
> with permission to only relay to his local remailer account.
I seem to recall the same problem happened when he opened up his read
only news server as a hidden service. Unintentionally by him, anyone
could connect to it and not only read, but send posts to any newsgroup
too.
In fact, didn't you have a similar problem when you first opened up
your hidden service? I seem to remember that you'd restricted posting
but the server saw anyone connecting as a peer and would accept IHAVE
commands for complete posting and worst of all, header manipulation.
Anyway, it can be solved as you and panta have shown. As you said
earlier, it's worth reminding anyone that is considering opening a
hidden service that the connection comes from the localhost which
usually has elevated rights by default in many servers. Totally
fixable, but needs checking before unleashing on the public.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 21 Feb 2007 12:10:34 +0100, Cyberiade.it Anonymous Remailer wrote in
Message-Id: < cbd7e02eab4ec67d50d14d3544319d0d@remaile
r.cyberiade.it>:
> In fact, didn't you have a similar problem when you first opened up
> your hidden service? I seem to remember that you'd restricted posting
> but the server saw anyone connecting as a peer and would accept IHAVE
> commands for complete posting and worst of all, header manipulation.
That's right. I solved it by closing the Hidden Service as there wasn't
really a lot of practical value to it. People can connect to it using
Tor in the usual manner. Hiding the service itself was pointless.
> Anyway, it can be solved as you and panta have shown. As you said
> earlier, it's worth reminding anyone that is considering opening a
> hidden service that the connection comes from the localhost which
> usually has elevated rights by default in many servers. Totally
> fixable, but needs checking before unleashing on the public.
Perfectly worded.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRdwu3GoLu9HNUqmMAQryYgf/dK3v+GaZDJOP+3YSaKJJQJWE3HQgtLyD
gtS58hG7K6MaXzNtKa5qfSsG6x+Pva3waqdZ6sEW
56Kkvh6GrWASJxwIOQoqUCF9
NPRdslj85EejbuIlCRBjURcSbWet1GjPjTdJjUiY
EmJzNxZ2KguIY97xcnWud84S
D8I1RpAA7sGhImp14uavaj9XBFLO71xqj+YdHMHF
xjwwoiXDBU5oCqemk2nzzf1F
R7gizIXwi9zaM01SBDCkRiJNkGkHOFCMsAsx1JHC
EzjTqkBdLfATi2G4Q5wVv9CC
8MSqDSAiNVTVi2qs5RaQPe1Cj4qQwafV7cRsIr/yH74naFaR9eCChw==
=LRTc
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Anonymous 2007-02-21, 7:13 am |
| In article <ebf2966d3a9950ce60be6d2c364d30e4@pseudo.borked.net>
Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote:
>
> On Wed, 21 Feb 2007 00:24:13 +0000, Anonymous wrote:
>
>
> Please expand.
>
Well eelbash, he's saying that only two remailer admins were
ever concerned with market share. Yourself, and frog-admin.
Nobody else is trying to take 'market share', they just offer
a service. They don't get a hard-on by becoming the most used
remailer, and they don't become impotent by becoming the least
used remailer.
| |
| Anonymous 2007-02-21, 1:12 pm |
| On Wed, 21 Feb 2007 13:17:26 +0100, Anonymous wrote:
> In article <ebf2966d3a9950ce60be6d2c364d30e4@pseudo.borked.net>
> Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote:
>
> Well eelbash, he's saying that only two remailer admins were
> ever concerned with market share. Yourself, and frog-admin.
> Nobody else is trying to take 'market share', they just offer
> a service. They don't get a hard-on by becoming the most used
> remailer, and they don't become impotent by becoming the least
> used remailer.
Even putting the peculiar focus on sex aside, that is a strange way to
view any service. Anyone who takes pride in the service he is offering
will want to make it as easy to use and as reliable as possible.
His success in doing that is measured by how many people use it, compared
to similar services; in other words, how much 'market share' the service
gets.
| |
| Cyberiade.it Anonymous Remailer 2007-02-21, 1:13 pm |
| Zax <admin@bananasplit.info> wrote:
> On Tue, 20 Feb 2007 16:43:37 -0700 (MST), Borked Pseudo Mailed wrote in
> Message-Id: <e9a63406466a14b19547b7468f89e271@pseudo.borked.net>:
>
>
> Which is my point exactly. A Tor Hidden Service is allowed to submit
> mail because from the perspective of the MTA it's a local (authorised)
> user.
Your point misses the real point by miles Zax. Nobody's disputing the
fact that mynetworks and smtpd_recipient_restrictions are what govern
who is allowed to submit mail. What we're saying is that there's other
configuration parameters you apparently aren't aware of, or don't
understand. For most smtpd_ options there's an smtp_ counterpart.
Those are the "class" of configuration optioins you need to tap into
to prevent the problems you're describing. The default .cf file for
2.4 experimental comes configured to reject local -> remote mail
delivery, and I believe 2.3 stable does too now.
>
> This isn't fiction, it's a problem that's actually occured. When Panta
> first opened up a Hidden Service for his MTA, it was functioning as an
> open relay. It was soon fixed but it took some unusual configuration
> that involved making postfix listen to localhost on an alternate port
> with permission to only relay to his local remailer account.
>
> I don't see why you find this so difficult to grasp. This is part of
> the reason why the default Tor exit-policy excludes local and private
> networks. Server operators don't want connections to their local hosts
> with potentially elevated privillages because the connection appears to
> come from internally.
>
>
> Yes, I must learn it one day. Then I'll be able to stand up a remailer.
Setting something up doesn't mean you understand it.
>
> --
> pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
> Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
> uid Admin <admin.bananasplit.info>
>
| |
| Nomen Nescio 2007-02-21, 1:13 pm |
| Newsanon Admin <admin@eelbash.yi.org> wrote:
> From the examples given here, javascript seems like a compact way to
> create a nice, locally run, platform-independent, gui that does extensive
> validation. If it could be used as the front-end to something like the
> above, it might be very useful.
Useful to who? Perverted little Chinks like you who get off on reading
anonymous mail before Mixmaster has a chance to encrypt it, hoping that
a few crumbs which point to a user's identity might slip through your
latest bizarre idea's "security"?
Get a XXXXing job or something already. See a shrink. Or find something
to do besides making a complete jackas out of yourself by annoying
the remailer community.
| |
| Nomen Nescio 2007-02-21, 1:13 pm |
| Zax wrote:
> On Tue, 20 Feb 2007 16:43:37 -0700 (MST), Borked Pseudo Mailed wrote
> in Message-Id: <e9a63406466a14b19547b7468f89e271@pseudo.borked.net>:
>
>
> Which is my point exactly. A Tor Hidden Service is allowed to submit
> mail because from the perspective of the MTA it's a local (authorised)
> user.
My God you're thick....
One more time, typing real slow so you can keep up: Postfix doesn't have
to allow local users to have mail delivered just anywhere. There's a
whole other set of configuration options that will prevent this
"issue" you're whining about. If you and Panta Admin found it this
problematic that's a reflection on you, and nothing else. Thousands of
just barely mediocre mail server admins can manage it, so what's your
problem?
| |
|
| On Wed, 21 Feb 2007 19:10:05 +0100 (CET), Nomen Nescio wrote in
Message-Id: <e09f792e8bf289abeae8d81e39697cf7@dizum.com>:
> My God you're thick....
And you have a lovely way with words.
> One more time, typing real slow so you can keep up: Postfix doesn't have
> to allow local users to have mail delivered just anywhere. There's a
> whole other set of configuration options that will prevent this
> "issue" you're whining about. If you and Panta Admin found it this
> problematic that's a reflection on you, and nothing else. Thousands of
> just barely mediocre mail server admins can manage it, so what's your
> problem?
The problem is that you're trying to take what was a quick warning to
the OP and turning it into an opportunity to display your obvious wealth
of MTA knowledge. I'm not disputing you know a lot and I don't want a
competition over it. Same as with the PGP source code debacle.
The point I was trying to make is that some care is needed when setting
up a Location Hidden Service to a local MTA. In the instance of myself
and Panta we had MTA's up and running prior to configuring a Hidden
Service. We now know that just bringing up said Hidden Service without
consideration of the MTA configuration is a bad idea.
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Non scrivetemi 2007-02-21, 7:12 pm |
| Anonymous wrote:
> On Wed, 21 Feb 2007 13:17:26 +0100, Anonymous wrote:
>
>
> Even putting the peculiar focus on sex aside,
What focus on sex? Or have you just given clues about your own "peculiar
focus" by displaying some bizarre misconception that potency is
measured by dick size.
For a Chink this is understandable though. Not being very well endowed,
most Asiatic males would naturally have this "peculiar focus".
> that is a strange way to
> view any service. Anyone who takes pride in the service he is offering
> will want to make it as easy to use and as reliable as possible.
No dummy, they won't. They'll make it as SECURE as possible and
operate it in line with the standards and policies that KEEP it that
way. Which for the vast majority of sane operators means setting it
up in a stable environment and letting it run unmolested, unless or
until a problem arises. They won't finger XXXX it to death with stupid,
broken, bullshit gimmicks like you have more times than anyone can
count.
>
> His success in doing that is measured by how many people use it,
The XXXX it is. You just told he world you're completely unsuitable as
a remailer operator. Again.
This 'Attention Slut Disorder' of yours has been your downfall since
day one. You have the queer notion that a remailer should be highly
visible or exceptional in some way, when the truth is the best
remailers are the ones you never hear about one way or the other.
> compared to similar services; in other words, how much 'market share'
> the service gets.
>
>
>
>
>
>
>
>
>
And your blank lines give you away on a regular basis......
|
|
|
|
|