[tor-bugs] #30608 [Internal Services/Tor Sysadmin Team]: Have a SMTP out only server
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 13 21:17:37 UTC 2019
#30608: Have a SMTP out only server
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: anarcat
Type: enhancement | Status:
| accepted
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Old description:
> I do use my @tpo email address for many communications outside torproject
> lists or @tpo people.
>
> Lately, I discovered that many of my emails were silent drop by the
> remote server or put in SPAM. And that was because the person came back
> to me asking where was my email. For instance, gmail sometimes put it in
> the SPAM still because we lack DKIM/SPF so it hurts our reputation.
>
> Th reason why is quite simple: I use my own SMTP server to send the
> emails while forging the `From` address.
>
> It would honestly be of a great help if we could simply have an
> authenticated SMTP server that I could use with let say my LDAP account
> for sending emails with my @tpo and not being worried that it gets
> dropped...
New description:
I do use my @tpo email address for many communications outside torproject
lists or @tpo people.
Lately, I discovered that many of my emails were silent drop by the remote
server or put in SPAM. And that was because the person came back to me
asking where was my email. For instance, gmail sometimes put it in the
SPAM still because we lack DKIM/SPF so it hurts our reputation.
Th reason why is quite simple: I use my own SMTP server to send the emails
while forging the `From` address.
It would honestly be of a great help if we could simply have an
authenticated SMTP server that I could use with let say my LDAP account
for sending emails with my @tpo and not being worried that it gets
dropped...
The steps required for this change are:
1. [x] create a new field (`emailPassword`?) in the LDAP schema (done)
2. [ ] update the mail gateway to support changes to the field
3. [ ] update the web interface (to support changing the field as well?)
4. [ ] optionally, setup a separate email server to accept submissions
and keep mail servers aware that not only eugeni sends email
5. [ ] hook up the password field as authentication in Postfix in the
server (probably through ud-generate?)
4. [ ] do tests with the users in this ticket, and if this works,
propagate to all current LDAP users
5. [ ] create LDAP accounts for more users who want to use the system
We should also make a design document to follow along.
--
Comment (by anarcat):
moved the checklist to the issue summary.
created the new field, named `mailPassword` in LDAP, and restarted slapd.
documented the procedure in
https://help.torproject.org/tsa/howto/ldap/
i think i'll need to think more about the implementation of the next steps
before i move on. i'll make a proper design document and all that jazz and
*then* deploy. but at least the first step is done and i confirm i can
modify the LDAP schema, yaay!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30608#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list