Onion mail delivery: so delicious!
Even if you use TLS for your connections they are opportunistic. Even if you use OpenPGP for your connections, it is relatively easy for someone passively monitoring email traffic to correlate interesting metadata: who is communicating with whom, when and how much. Worse, it is trivial for a third party to know that two people are communicating.
By joining our little caramelized onion party, we can deliver mail over Tor onion services, and we can prevent this unauthorized privacy violation.
Let’s turn out the lights and cook some onions.
The problem with this approach is that most exit nodes are blacklisted by RBLs so it’s very probable that the emails sent will either not reach their target or will get marked as spam.
Also with onion services you get to omit the potential of malicious exit nodes sniffing your traffic.
You could create hidden services and make users send emails to each other at their hidden service domains, eg. email@example.com. But no time in the near future will this ever get adopted by normal users, the onion address is too painful for people to remember. The easiest approach to get things going is to setup a map of the real domains to the Tor onion services so the delivery is transparent to the users.
However, there is a way to deliver to onion addresses also, we need to add this information.
Yes. We’ve been doing this for over a year, and it works dandy. We would like to do this with more of the internet.
When things are working, it looks like this:
Nov 23 09:05:39 mx1 postfix/smtp: AA7C9411DC: to=<firstname.lastname@example.org>, relay=wy6zk3pmcwiyhiao.onion[127.0.0.1]:25, delay=1414, delays=1160/249/3.2/1.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E8798A0DE7)
We want to do this first, because if you don’t get this setup right, you may become an open relay, that is bad.
Open relays are bad. Do not become one!
This is the hardest part, and the most important: do not fail to do this right.
Spend some time making sure you aren’t an open relay.
Now get Tor going
Are there problems? Why yes there are!
There is a mailing list to discuss the development of this proposal.
Maybe you have a better way? Create issues or pull requests!
Get your favorite email provider to do this, tweet at them, file a support request, get them off the clearnet!
What would be nice is if someone went to postfix and asked them to add native SOCKS5 support. Ideally, postfix would handle a .onion address to go through a SOCKS proxy by default.
Depending on torsocks is not an elegant solution, and if we are going to scale this it probably is better to do it more “native” than some duct-taped script.
Can you help us get SOCKS5 support in postfix?
Send a mail to email@example.com. Delivery through onionmx will be blackholed whereas normal delivery bounces.
If you got things setup, you aren’t an open relay, then you should publish a SRV record in DNS and people can use that. Otherwise scaling is hard.
However, if you can’t do that, and you can prove the onion you have is valid, then make pull request for the onion service map to add your domain and onion service.
The ones in this file we have verified, you can trust us on that, or not.