[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Proxy support patch

To: msmtp-users@lists.sourceforge.net
Subject: Re: [msmtp-users] Proxy support patch
From: CustaiCo <custaico@...373...>
Date: Tue, 14 Oct 2014 09:49:02 +0000
In-reply-to: <20141014104720.4eb74064@...292...>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=msmtp-users>
List-help: <mailto:msmtp-users-request@lists.sourceforge.net?subject=help>
List-id: "General discussion, questions & answers" <msmtp-users.lists.sourceforge.net>
List-post: <mailto:msmtp-users@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=unsubscribe>
Mail-followup-to: CustaiCo <custaico@...373...>, msmtp-users@lists.sourceforge.net
References: <CAD2Ti2-XYm33QVPb7zFkb5s0NcFjbDnSpn9cLLhmvLvxzp7wPQ@...26...> <20141007114623.GA5321@...374...> <20141013222913.5530e09f@...292...> <20141013234305.GA20056@...374...> <20141014104720.4eb74064@...292...>
User-agent: Mutt/1.5.23 (2014-03-12)

On Tue, Oct 14, 2014 at 10:47:20AM +0200, Martin Lambers wrote:
> > AFAIK, SOCKS4 is totally dead. Some older systems still do SOCKS4a,
> > but it's not that common. It was already implemented so I kept it.
> 
> Then let's start with SOCKS5 only, and add other variants only if
> required.
> 
> > > 2. Nobody protects the SOCKS5 protocol with TLS, right?
> > 
> > I'm sure there exists *some* person who does this, but it's not common
> > in the slightest.
> 
> Good, then let's start with the simple solution here, too.
> 
> > > 3. Is there a valid use case for SOCKS5 authentication? It only
> > > supports unprotected user/password transmission (well, and GSSAPI,
> > > but nobody uses that). This makes it pretty useless.
> > 
> > It's really not any more work to do the basic user/password
> > authentication than it is to do the normal protocol. It just adds one
> > extra step.
> 
> That's right. Still, msmtp currently refuses to send authentication
> data in plaintext over the net unless you force it, and I hesitate to
> add such functionality for proxies. In this day and age, if you add
> network-based authentication methods, they absolutely have to be
> secure.
> 
> I propose the attached patch, which currently uses "localhost:1080" as
> hardcoded proxy (this can be changed later). I tested it against  'ssh
> -D 1080 -N mys-ssh-server'.
> 
> It is similar in functionality to your patch, but
> - only implements SOCKS5 without authentication
> - improves error diagnostics for the proxy connection
> 
> What do you think?
> 
> Martin

Yeah, I'd much rather start out with something simple that works, and
I'm not a huge fan of sending my info in the clear, even over my local
network. Your feedback to the user is much more verbose. I would just
break out the debugger if it didn't work right. :)

I tested the patch as well; it works just fine. My only concern is that
it doesn't give the AI_NUMERICHOST hint when resolving the proxy
server's address. Without that hint a malconfigured client could
possibly attempt to do a nameserver query. Yes, it's the person who set
it up's fault if that happens, but everybody makes mistakes. 

CustaiCo

Follow-Ups:
- Re: [msmtp-users] Proxy support patch
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] Proxy support patch
  - From: Martin Lambers <marlam@...23...>

References:
- Re: [msmtp-users] Proxy support patch
  - From: grarpamp <grarpamp@...20...>
- Re: [msmtp-users] Proxy support patch
  - From: CustaiCo <custaico@...373...>
- Re: [msmtp-users] Proxy support patch
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] Proxy support patch
  - From: CustaiCo <custaico@...373...>
- Re: [msmtp-users] Proxy support patch
  - From: Martin Lambers <marlam@...23...>

Prev by Date: Re: [msmtp-users] Proxy support patch
Next by Date: Re: [msmtp-users] Proxy support patch
Previous by thread: Re: [msmtp-users] Proxy support patch
Next by thread: Re: [msmtp-users] Proxy support patch
Index(es):
- Date
- Thread