[tor-bugs] #11139 [BridgeDB]: BridgeDB's email whitelist should include @riseup.net
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 19 07:22:38 UTC 2014
#11139: BridgeDB's email whitelist should include @riseup.net
--------------------------+-------------------------------------------
Reporter: isis | Owner: isis
Type: defect | Status: needs_information
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: bridgedb-email,bridgedb-0.2.x
Actual Points: | Parent ID:
Points: |
--------------------------+-------------------------------------------
Changes (by isis):
* status: new => needs_information
* keywords: bridgedb-email,bridgedb-0.1.x => bridgedb-email,bridgedb-0.2.x
Comment:
I'm not exactly sure what to do about the lack of DKIM. Given bugs like
#12089, one could easily claim to be from any riseup.net address, and
essentially send spam (in the form of unsolicited BridgeDB responses) to
the riseup.net address they spoofed.
I spoke with the Riseup birds earlier, asking about their DKIM setup:
{{{
06:42 isis ) micah: is there any chance that i might convince the
riseup
birds to implement/install/enable DKIM signing for
outgoing
emails from @riseup.net?
06:43 isis ) micah: (re:
https://trac.torproject.org/projects/tor/ticket/11139)
it kind of got stalled for a while
06:57 @taggart ) isis: we do dkim
06:58 isis ) oh? super!
06:58 @taggart ) but......
06:58 isis ) though no DKIM appeared when i tested
06:59 @taggart ) in our dkim record we don't require that riseup.net email
be sent by any particular IPs
06:59 isis ) i tested it by sending through my @riseup.net account
with
msmtp, so it wouldn't have been an IP whitelist stopping
the signature
07:00 isis ) though i suspected that it was because i didn't use the
web interface like a normal person
07:00 @taggart ) we add DKIM headers to lists.riseup.net mail
07:01 isis ) hmm... would it be possible to add it for authenticated
users' outgoing emails?
07:01 isis ) let me test this from the web interface...
07:01 @taggart ) and we publish dkim dns records for both lists.riseup.net
and riseup.net
07:06 @taggart ) oh wait I am getting partially mixed up with SPF
07:06 @taggart ) our SPF records don't specify IPs
07:08 @taggart ) isis: I didn't set it up originally and it's late, but I
will
talk with others about it tomorrow
07:08 isis ) if DKIM is supposed to be enabled for individual riseup
user's mail accounts, something appears to be broken
somewhere:
https://pastebin.mozilla.org/5434253
07:08 isis ) that is what bridges.torproject.org is receiving ^^
07:09 isis ) taggart: okay, thanks!
07:09 isis ) if help is needed anywhere or you want me to test things,
feel
free to ping :)
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11139#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list