[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Proxy support patch



On Fri, Oct 3, 2014 at 5:04 PM, CustaiCo <custaico@...373...> wrote:
> To just yank in somebody's code and bloat the code
> base with a bunch of proxy code seems pretty pointless.

Once you exec msmtp it's in there anyways. Guess I don't
see a problem with putting the little bit of socks5 in msmtp
directly. It's not like socks5 RFC will ever change, for which
I could see handing that off to external library people (if it
was actually maintained).

If antinat does meet socks5 RFC spec, gives IPv6 and DNS
through it, msmtp gets --socks5 option, and you could bundle
antinat tarball/code with msmtp and have it build in one shot,
that could work. But it's not really any different.

>> Is anyone actually using TLS/GSSAPI in the socks5 client-server path?

I mean the path between socks5-client and sock5-server,
TLS in the socks5 protocol itself (not between your app
and the app server). That might be covered in these first two
links, but I've never heard of such use:

https://tools.ietf.org/html/draft-ietf-aft-socks-ssl-00
https://tools.ietf.org/html/rfc1961  # socks5 gss-api

https://tools.ietf.org/html/rfc1928  # socks5
https://tools.ietf.org/html/rfc1929  # socks5 user/pass

> http://lelantoss7bcnwbv.onion/help.html
> That hidden service *requires* you to use tls. Yes, it is stupid. There
> are many others like it.

Yes, some onions front their services with TLS, I would too.
Plaintext won't die if admins keep setting it up and telling people
how to use it. It's not stupid, TLS on darknets does have uses,
but that talk is offtopic.

> If it wasn't something that some services
> needed, I would not have bothered with getting the tls working.

msmtp does the TLS (openssl) to the smtp server, otherwise
the TLS session would break/MITM at the socks5 proxy.
Well, maybe work to preserve the TLS session when talking
through socks5, which is cool.

>> The patch has dos CRLF instead of unix CR at line end.
>
> It doesn't when I check it in my outbox or when I download it from the
> web archive and check it with file. Perhaps it's a problem with the
> list?

SF archive works for me. Could be webgmail doing something with
this in the original (gmail sucks regardless)...
Content-Type: text/x-diff; charset=us-ascii

There are '[sp]$'s here...
30:+#elif HAVE_PROXY
50:+#elif HAVE_PROXY
59:+
89:+    error_code = getaddrinfo(hostname, port_string, &hints, &res0);
128:+#else
189:+ssize_t net_push_tls(sock_t fd,void* data, size_t size)
194:+ssize_t net_pull_tls(sock_t fd,void* data, size_t size)
198:+#endif
260:+ssize_t net_pull_tls(sock_t fd,void* data, size_t size);

>> Another code reference...
>> https://gitweb.torproject.org/torsocks.git
>
> torsocks and proxychains are exactly the type of thing I was trying to
> avoid.

I meant that, as with nc (etc), torsocks was another well maintained
place to get socks5 client code from, it's GPLv2.

Not sure if torsocks supports IPv6 yet, which would be needed for
clearnet, CJDNS, Phantom and OnionCat/GarliCat.

Due to current maintenance, of all the LD_PRELOAD apps, torsocks
seems the best preloader if you're stuck with using that method.

> It's a nasty hack of LD_PRELOAD that fails many times when you
> want it to work. I have a few applications that are using it due to
> lack of any alternative, but I would like to avoid it if possible.

Having a native --socks5 <server:port> option to msmtp/mpop
that worked would be good, and would also allow static compile
msmtp to still use socks5 proxies.

> Plus, a lazy I2P user would just use susimail anyway. :P

Yes, there are times to interface with clearnet, others to not.