[tor-bugs] #30608 [Internal Services/Tor Sysadmin Team]: Have a SMTP out only server

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 3 18:05:42 UTC 2019


#30608: Have a SMTP out only server
-------------------------------------------------+---------------------
 Reporter:  dgoulet                              |          Owner:  tpa
     Type:  enhancement                          |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+---------------------

Comment (by anarcat):

 > Anyone able to impersonate a @tpo is a _serious_ problem imo and we have
 *no* defenses in place against that. They won't be perfect but it would at
 least be a start...

 If you're not talking about DKIM/SPF, then I'm not sure this is an
 argument - anyone can still impersonate @tpo if you enable SMTP-AUTH.

 > But for now I would _just_ simply want my email to STOP BEING DROPPED by
 email servers that check the origin server of the From: address (which
 honestly I can't blame them to do).

 I would love to help with that. I would need details about email
 configuration and the emails delivered.

 For now we don't know why/when/who and how do those emails get dropped,
 because I have no information on when that happens and to who.

 I have already asked people here to provide concrete reports of email
 delivery failure, and I'm still waiting for that proper bug report.

 Come on people, you are developers, I'm sure you understand the value of a
 good bug report! :) I understand this is a feature request, but for now, I
 need you to help me help you and give me information I can work with.

 I have made a short guide to detail the kind of information we need for
 failure reports:

 https://help.torproject.org/tsa/doc/reporting-email-problems/

 > And whatever Gmail/Facebook do, at this point, I honestly do not care, I
 just want, by all means necessary, to be able to use my @tpo without
 ending up in SPAM or being silently dropped... This is not happening to
 only me and it will get worsts as big providers tighten their email rules
 over time.

 I agree! We all want email to work.

 But "just do SMTP-AUTH" is not necessarily a solution here. For example,
 we had troubles delivering to gmail.com from mailing lists as well, and
 that, as far as I know, would not necessarily have been solved by SMTP-
 AUTH.

 > For LDAP password usage I do agree that I don't think it's good to re-
 use the same password everywhere, but there must be some solution to that?
 If I recall correctly, Postfix's authentication system is _very_ flexible
 and we should be able to find a solution to that problem if we think it's
 a blocker.

 It's definitely a blocker, and there's a solution (#6367). But there's
 more to SMTP-AUTH than just hooking it into Postfix...

 > In a fit of desperation, I set up my mail client to use an SSH
 LocalForward to iranicum as a SMTP server. Preliminary testing indicates
 that my emails aren't going into SPAM folders of MIT and gmail anymore.

 For those wishing to send email over SSH, which is an ... interesting
 solution, to say the least, you might want to review the notes I have made
 for my personal use in https://gitlab.com/anarcat/rsendmail It details,
 among other things, how to setup a passwordless, but restricted, SSH key
 to ensure unattended delivery works, along with integration with normal,
 local MTAs.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30608#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list