[tor-talk] tordns incapable of MX lookups (was Basics of secure email platform)

Lunar lunar at torproject.org
Sun Nov 24 10:56:48 UTC 2013


tor at lists.grepular.com:
> > >>   1) Create a list of tor exit nodes that do not block port 25
> > >>   2) Command the tor daemon to exit those nodes exclusively.
> > >SSL-SMTP configured to works over 465 port in most cases.
> > On Windows Yes.
> > SMTP over ssl/tls is configured on port 25. Starttls, aca
> > submission, is configured for port 587
> 
> You guys are getting hung up on the wrong thing.  Before talking ports
> (which is a non-issue), realize that tordns cannot do an MX lookup.
> This remains the biggest hurdle to sending mail.
> 
> Postfix must run with a transparent proxy (no SOCKS proxy capability),
> so it relies wholly on tordns for MX lookups.  

It is also possible to some advanced magic around Postfix to avoid that.
The trick is to use a daemon, hooked up to Postfix using a tcp_table(5)
as transport_maps. Then for each mail that Postfix wants to deliver,
that daemon open up a new local port where traffic will be redirected
through Tor to the SMTP server. Postfix is told to use that local
address in order to deliver that particular email. Because that deamon
will be the one doing the MX lookup, it can query a DNS over TCP over
Tor to get the MX record.

I might still have some Ruby code implementing that scheme lying around
somewhere if anyone's interested. I was the first one amazed when it
actually worked.

-- 
Lunar                                             <lunar at torproject.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20131124/cd7da241/attachment-0001.sig>


More information about the tor-talk mailing list