what about SMTPS over Tor?

anon ymous a.y.main.contact at googlemail.com
Wed Jan 2 08:16:45 UTC 2008

Hash: SHA1

On 12/25/07, anonym <anonym at lavabit.com> wrote:
> So I'm investigating the possibility of using SMTPS (i.e. SMTP over SSL)
> on Thunderbird with Torbutton. In fact, this email should have been sent
> over Tor. But as we know, there are several issues with using a mail
> client and SMTP with Tor.

One way to go would be to offer your SMTPS-server as a hidden service
and publish it's .onion-name to your users.
That works around any exit-policy-issues.

> Standard SMTP seems to be completely blocked. BTW, is it possible to do
> queries over all exit nodes to see which of them that allow certain
> services?

Yes, there is a dns-service that you can use to query if
a given ip is an exit-node and allowes connection to a given port(+ip).
(Not perfect yet.)

> * The mail header might contain identifying information
> - From my experiments, I've seen fields like User-Agent, x-mozilla-status,
>  x-enigmail-version and openpgp (key ID and key URL) which are not

Your smtp-server can send mails through scripts and thus remove/rewrite
these lines. This can also be done on a local sendmail that the client uses
(thus no need to trust the server) instead.
Rewriting all the ".onion" in the headers also helps with servers that
check these
to be valid dns-names.

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org


More information about the tor-talk mailing list