Re: [Tails-dev] send anonymous mail without registration - …

Borrar esta mensaxe

Responder a esta mensaxe
Autor: adrelanos
Data:  
Para: tails-dev
Asunto: Re: [Tails-dev] send anonymous mail without registration - Mixmaster over Tor
intrigeri:
> Hi,
>
> adrelanos wrote (30 Dec 2012 19:02:32 GMT) :
>> What if there where a bookmark pointing to mail.local (or something like
>> that) where you can simply enter an e-mail address, from (optional)
>> subject and text, click send and mail is on it's way? No
>> sign-up/registration/smtp server required. Could look like this. [1] (Or
>> this [2] or this. [3]) Could perhaps also be used as an alternative to
>> Tails whisperback smtp server.
>
>> I am currently doing an experiment tunneling Mixmaster over Tor. [4]
>
> Interesting ideas -- thanks a lot for sharing them!
> (And, as usual, sorry for the delay in getting back to you ;)


I understand your reasons and got used to it. Still fun. :)

> Disclaimer: I must say I have no clue what the current state of the
> art is in the remailers field.


I made a summary:
https://sourceforge.net/p/whonix/wiki/Remailer/

(Mixminion is not listed there, but most remailers run Mixmaster,
Cypherpunk and Mixminion at the same time. Since Mixminion isn't ready
yet (there own statement) and Mixmaster has too few users, not too much
has to be learned about remailers.

> Is Mixmaster the best current solution?


No. Refer to mixmaster as a tool to send mails. Ignore any mixmaster
anonymity giving aspects. Anonymity is provided by Tor. And this is
about running a mail sending tool over Tor.

> How serious are the
> known attacks?


There are too few users.

I consider it off topic here, but anyway, Roger Dingledine made very
nice comparison:
http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg00022.html

>> It's small.
>> ~3 MB for postfix
>
> I like Postfix very much, and its security record is pretty good, but
> I'm not sure a full blown MTA in Postfix' class is needed for this
> usecase. Wouldn't e.g. msmtp-mta be enough?


Perhaps Mixmaster can be convinced to talk to it. I don't know. Further
implementations (Mixfaster, Mixminion) will not require an extra
mailserver anymore.

>> ~0,1 MB for Mixmaster
>> guess ~1 MB for web frontend.
>
> Does the web frontend include a webserver in this ~1MB?


Unfortunately, not.

>> Would you consider it for Tails? (Given an implementation which easily
>> exposes the web interface to the user.)
>
> I'm only speaking for myself, but I'd be happy to consider an
> implementation of this for Tails.
>
>> Do you have any suggestions, especially on getting ride of the
>> MX record?
>
> I'm sorry if this question is naive, but... why exactly does Mixmaster
> send MX queries?


It is my understanding, that Mixmaster itself doesn't, but Postfix does.
It looks like the standard way for an MTA to resolve the MX for a given
mail server domain. I haven't found a way to disable it.

I tried k54ids7luh523dbi.onion (remailer.frell.eu.org) or
gbhpq7eihle4btsn.onion (snorky) as relayhost in /etc/postfix/main.cf,
but still keep getting "status=deferred (Host or domain name not found.
Name service error for name=gbhpq7eihle4btsn.onion type=MX: Host not
found, try again)".

> Can't we get rid of the need at the root?


I don't know. Either getting the hidden mailservers to work, somehow
deactivating need for it, patching the MTA (beyond my abilities) or... I
really don't know. At the moment it's the biggest obstacle.

Cheers,
adrelanos