JAP,TOR,Socks proxy ,tunneling and Stunnel

Any SMTP server which did not add the IP address to the header would be jumped on by spammers the world over since normal ones can catch out a spam-SMTP server using a fake HELO. They do exist (mainly ones running outdated software) but are quite likely to be blacklisted.

As for SpamGourmet, it is not an email anonymiser - it does include your original address in the headers.

Given the problems of spam, I would suggest that your only method of using anonymous email is via a web page (accessed via Tor, JAP or whatever...). Just another reason to kick any spammers you know. Or better yet, subscribe them to the Scientologists and let them spam each other...

 

Don't quite get what you are saying

[/Quote]
They do exist (mainly ones running outdated software) but are quite likely to be blacklisted.[/Quote]

That's why if Tor could work, it would be great. No need for the SMTP server to fake anything.

 

Adding IP addresses to mail headers is a standard feature of any mailserver software. Only very old versions do not do this.

It would be great for spammers who would then deluge Tor with all their junk mails. If this happened, Tor's performance would drop through the floor until every Tor server ended up on an email blacklist.

 

Huh? The smtp servers would allow you access only if you could authicate yourself. So if anything goes wrong, they know who exactly to shut down. No?

 

SMTP (as defined in RFC 821) offers no means of authentication. Either a mail server has to use an extension to SMTP (such as that covered in RFC 2554) or require a POP3/IMAP connection first (which does require authentication). SMTP extensions may not be supported on all servers and the POP3/IMAP approach requires you to use the same IP address for the SMTP connection - which cannot be guaranteed on Tor where each connection may exit via a different server.

 

Looks like JAP is back dored
http://lists.netsys.com/pipermail/full-disclosure/2003-August/009084.html
http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm

 

Already discussed at length.

 

I wonder when people look up JAP on Google and then post the backdoor notices they don't also find links to the posts that show that what happened, in the long run, was a good thing. It is a perfect example as to how and why open source works! Had this been a closed souce private compnay that received that subpoena and complied, it might still be backdoored and nobody would know. It's a textbook case of why open source is always better when it comes to security tools.
Gerard
ps: Another example is Window Washer and a BIG bug. If you run WW, do yourself a favor and run a quick test. Make a simple text file, make sure WW is set to 'bleach' at its safest level and run the program. Now, check with WinHex or Directory Snoop or something similar. Is it gone? Surprise if you're using almost all releases of 5.0+ The file is still there and fully recoverable! If it had been an open source program, it would have been discovered right away that the program itself was actually disabled to 'bleach' for nearly a year.

 

I tried to send to myself an email using SOCKSified Thunderbird. It works, but... my local IP is stored in headers together with TOR IP. Any workaround?

 

An excellent point indeed.

Your email software adds this information. To avoid having your address included in email headers you need to use an anonymizing remailer service (AJohn mentions a couple above).

 

What if I register and use whichever webmail service using TOR? That's because in the past I used remailers Ajohn mentioned and they lost a lot of messages

 

That was the recommendation given in post #26 above...

 

Please can you tell how this can be configured on a firewall. I'm using sockscap, with TOR, along Sygate Pro.
Thanks for your help

 

Please see the Setting up Tor/Proxomitron+SocksCap thread for details on firewall configuration.

Do note however that Sygate has a rather nasty loopback vulnerability which means that any application can gain Internet access using the permissions given to local proxy applications like Tor or Proxomitron. Since this can include any trojans or malware, using another firewall that can filter localhost traffic better is advisable - or using an anonymizing service that does not need a local proxy (Anonymizer's basic service where your browser makes an encrypted SSL connection to its website being one example).

 

P2K, thanks for your reply.
I already have TOR, and sockscap running and configured. My concerne is only how to restrict the browser to contact the proxy only, and do not accept a direct connection to web page?

I didn't get the idea, if I restrict through ports, how can the firewall tell if the connection is comming from a proxy server, or directly from the web page?

 

Allow the browser to connect to the localhost address 127.0.0.1 only

Most personal firewalls (Sygate included) monitor which applications are requesting a connection, so it is possible to create a rule for application X allowing it access to address Y using port Z. However, Sygate does not filter attempts to access local proxies so if you create a rule for such a proxy, any other application can connect to this proxy and send data through it, gaining network access.

 

Thanks P2K, your expertise is highly appreciated

 

That is because TOR blocks SMTP on the regular SMTP port (forgot what it is). I've been wanting to set up my own mail server using MS XP IIS, setting it to a diffferent port for SMTP, and then seeing if I can send using my own SMPT server on my regular box. I'll bet it would work. If so, we can all ahve our own proxified, encrypted SMTPs, and there is nothing anyone can do about that. Note that some ISPs block the normal SMTP port, so you will need to change it. Cox blocks port 80 so people can't easily run webservers. You can use a service that will automatically redirect traffic to your odd web port, or you can use any other port. If you use a web server for personal traffic (I use mine to exchange large files with friends and with my small web design business between clients) simply changing the port for HTTP to 8080 work, and looks like: yourispnumber:8080 as a URL.

 

If I'm running Tor and Privoxy, is there any further benefit to adding Sockscap to the mix?

If so, how do you go about it? (I saw the configuration screen for SocksCap in another thread, but I couldn't figure out whether that was in a set-up that already had Tor & Privoxy running, or just for Tor and Sockscap).

Darn - it's geting complicated, ain't it?Pete

 

Spy1: Privoxy handles web traffic, so SocksCap would only become necessary if you wanted to run other applications over Tor (Usenet for example, though this appears to be restricted if you check related threads). See the Setting up Tor/Proxomitron+SocksCap for setup details about SocksCap - setup is simple but the 5-second splash screen gets annoying fast. FreeCap is another option, but I've not been able to get it to work on my system.

Spanner: VPN's are not within the topic of this thread - I'd suggest you create a new one instead in the Other Firewalls forum (your problem is really ZA-related).