[tor-talk] Help with getting a good automated sign up script for an email service on TOR

Conrad Rockenhaus conrad at rockenhaus.com
Tue Sep 17 21:45:33 UTC 2013


Nathan,

That's exactly what I'm doing with this project.

Internet<---->MTAs(Just running Postfix with ABSOLUTELY no logging) also
running TOR as a (client only)<------>Data Server(Running as Hidden Service
only, no logging)<----->TOR End User

Basically, to the normal Internet, it will just be a plain jane email
address that is coming from a plain jane MTA.  The MTAs will not know the
IP address of the data servers because they will only deliver the email via
TORified SMTP to the data server.

Of course, standard SPAM limiting measures will be in place (limits on
number of addressees in a message, limits on how many messages can be sent
per minute, per hour, etc.)

Now I've got the MTAs, I'm just perfecting the configuration and trying to
figure out a good domain name to use for the service (I would rather not
use networks.rockenhaus.com, which is the placeholder for now.)  I also
need to come up with a secondary domain name in case people start blocking
emails from the domain.

I'm funding the initial proof of concept.  What I'll be asking for is
either a honor system payment (so those who can't afford to pay can still
use the service) or a donation based model, and also try to fund the
service with tor based web hosting (which I doubt will bring in any needed
cash) and ask for donations of bandwidth and servers.

The primary main objective, heh, is to ensure a failsafe system to provide
freedom of expression, freedom of government intrusion, and freedom of
ensuring access to an experimental anonymous email system that won't turn
over anything on it's servers, as if authorities seize MTAs, they won't
find any evidence on there, and if they seize a data server, there's
another data server standing by to automatically fail over (not putting the
eggs in one basket like tormail.)  The only lines of compromise are
sniffing the traffic in the MTAs, most TOR users are capable of utilizing
encryption for their emails anyway.

Sorry for the long response.  I just wanted to paint a picture of how it
would work.

Now, for those who are curious about a guy who appeared out of no where and
started building this - I've been lurking for a while, and I didn't want to
say anything until I had the resources to build this.  If you want further
information about me please feel free to contact me and I'll let you know
who I am and why I am very pro free speech and pro tor, even when it's used
to personally attack me.

Thanks,

Rock


On Tue, Sep 17, 2013 at 3:51 PM, Nathan Suchy <
theusernameiwantistaken at gmail.com> wrote:

> If your willing to use a few servers one could be a Tor Node and one could
> be an Email Relay which seemed normal and custom code your project..
>
> Sent from my Android so do not expect a fast, long, or perfect response...
> On Sep 17, 2013 10:26 AM, "Conrad Rockenhaus" <conrad at rockenhaus.com>
> wrote:
>
> > Thanks. The service that I'm starting up is connecting to external mtas
> > that aren't tor exit nodes.  So basically, the way tormail was set up to
> a
> > degree. Starting out small until so I can prove the viability so people
> > will start using and hopefully donating either bandwidth or etc to keep
> it
> > alive.
> >
> > There's going to be one major difference between this project and tormail
> > though - the data/web backend won't be in one place. More on that later,
> > I'm trying to get the proof of concept off the ground.
> >
> > -Rock
> > On Sep 17, 2013 10:11 AM, "Harold Naparst" <harold at alum.mit.edu> wrote:
> >
> > > > http://eq4xhu6y7nmemcb2.onion/squirrelmail
> > >
> > > > is almost online.  Working out some kinks and need to get the bigger
> > MTAs
> > > > set up.  However, I need to find a good automated sign up script
> > because
> > > I
> > > > don't feel like coding one.  Anyone know of a good one?  I've tried
> the
> > > > Google and came up empty handed.
> > >
> > > Rock, you can check out mine:  http://secmailmzz5xe4do.onion
> > >
> > > I haven't had time to add a CAPTCHA yet, because I'm more interested in
> > > working on getting mail sent to non-onion sites to use the tor network
> > > without leaking DNS and so on.  The registration script depends on how
> > you
> > > are storing your login information, and there are a lot of ways to do
> > that.
> > >  I'm using vpopmail, and I hacked vqregister, which is mentioned in the
> > > squirrelmail plugins page.  Vqregister is truly horrible, and I had to
> > hack
> > > it pretty badly to get it to work.  If you want it, though, you can
> have
> > > it.  But probably you're using something else (like
> > postfix/postfixadmin),
> > > and so the architecture won't work for you.
> > >
> > > This hidden mail service will probably only be useful for mail to other
> > > .onion sites, because most large e-mail providers block e-mail from tor
> > > exit nodes, as I found out during testing.
> > >
> > > Harold
> > > --
> > > tor-talk mailing list - tor-talk at lists.torproject.org
> > > To unsusbscribe or change other settings go to
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> > >
> > --
> > tor-talk mailing list - tor-talk at lists.torproject.org
> > To unsusbscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


More information about the tor-talk mailing list