[tor-bugs] #30608 [Internal Services/Tor Sysadmin Team]: Have a SMTP out only server

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 14 19:37:38 UTC 2019 

#30608: Have a SMTP out only server
-------------------------------------------------+-------------------------
 Reporter:  dgoulet                              |          Owner:  anarcat
     Type:  enhancement                          |         Status:
                                                 |  accepted
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Old description:

> I do use my @tpo email address for many communications outside torproject
> lists or @tpo people.
>
> Lately, I discovered that many of my emails were silent drop by the
> remote server or put in SPAM. And that was because the person came back
> to me asking where was my email. For instance, gmail sometimes put it in
> the SPAM still because we lack DKIM/SPF so it hurts our reputation.
>
> Th reason why is quite simple: I use my own SMTP server to send the
> emails while forging the `From` address.
>
> It would honestly be of a great help if we could simply have an
> authenticated SMTP server that I could use with let say my LDAP account
> for sending emails with my @tpo and not being worried that it gets
> dropped...
>
> The steps required for this change are:
>
>  1. [x] create a new field (`emailPassword`?) in the LDAP schema (done)
>  2. [ ] update the mail gateway to support changes to the field
>  3. [ ] update the web interface (to support changing the field as well?)
>  4. [ ] optionally, setup a separate email server to accept submissions
> and keep mail servers aware that not only eugeni sends email
>  5. [ ] hook up the password field as authentication in Postfix in the
> server (probably through ud-generate?)
>  4. [ ] do tests with the users in this ticket, and if this works,
> propagate to all current LDAP users
>  5. [ ] create LDAP accounts for more users who want to use the system
>
> We should also make a design document to follow along.

New description:

 I do use my @tpo email address for many communications outside torproject
 lists or @tpo people.

 Lately, I discovered that many of my emails were silent drop by the remote
 server or put in SPAM. And that was because the person came back to me
 asking where was my email. For instance, gmail sometimes put it in the
 SPAM still because we lack DKIM/SPF so it hurts our reputation.

 Th reason why is quite simple: I use my own SMTP server to send the emails
 while forging the `From` address.

 It would honestly be of a great help if we could simply have an
 authenticated SMTP server that I could use with let say my LDAP account
 for sending emails with my @tpo and not being worried that it gets
 dropped...

 ----

 The steps required for this change are:

  1. [x] create a new field (`emailPassword`?) in the LDAP schema (done)
  2. [ ] setup a separate email server to accept submissions and keep mail
 servers aware that not only eugeni sends email
  3. [ ] hook up the password field as authentication in Postfix in the
 server (probably through ud-generate?)
  4. [ ] test with TPA users that can modify their own password directly
 through LDAP
  5. [ ] update the web interface (to support changing the field as well?)
  6. [ ] optionally, update the mail gateway to support changes to the
 field
  7. [ ] do tests with the users in this ticket, and if this works,
 propagate to all current LDAP users
  8. [ ] create LDAP accounts for more users who want to use the system

 We should also make a design document to follow along.

--

Comment (by anarcat):

 reorder the checklist. i don't think having a mail gateway interface is a
 priority because in all likelyhood people will have *trouble* talking to
 the interface in the first place if they do need to talk to it. best to
 work on the web interface instead. furthermore, we should probably setup a
 server before we start distributing the password file.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30608#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list