[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Proxy support patch

To: msmtp-users@lists.sourceforge.net
Subject: Re: [msmtp-users] Proxy support patch
From: Martin Lambers <marlam@...23...>
Date: Thu, 16 Oct 2014 23:00:44 +0200
In-reply-to: <20141014094902.GA29201@...374...>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=msmtp-users>
List-help: <mailto:msmtp-users-request@lists.sourceforge.net?subject=help>
List-id: "General discussion, questions & answers" <msmtp-users.lists.sourceforge.net>
List-post: <mailto:msmtp-users@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=unsubscribe>
References: <CAD2Ti2-XYm33QVPb7zFkb5s0NcFjbDnSpn9cLLhmvLvxzp7wPQ@...26...> <20141007114623.GA5321@...374...> <20141013222913.5530e09f@...292...> <20141013234305.GA20056@...374...> <20141014104720.4eb74064@...292...> <20141014094902.GA29201@...374...>

Hi!

On Tue, 14 Oct 2014 09:49:02 +0000, CustaiCo wrote:
> > I propose the attached patch, which currently uses "localhost:1080"
> > as hardcoded proxy (this can be changed later). I tested it
> > against  'ssh -D 1080 -N mys-ssh-server'.
> > 
> > It is similar in functionality to your patch, but
> > - only implements SOCKS5 without authentication
> > - improves error diagnostics for the proxy connection
> > 
> > What do you think?
> 
> I tested the patch as well; it works just fine. 

OK, I pushed the patch to the git repository, complete with new
proxy_host and proxy_port commands and corresponding options, and
documentation.

Please test.

> My only concern is
> that it doesn't give the AI_NUMERICHOST hint when resolving the proxy
> server's address. Without that hint a malconfigured client could
> possibly attempt to do a nameserver query. Yes, it's the person who
> set it up's fault if that happens, but everybody makes mistakes. 

Hm, this may be a valid concern.

Should we add a new command "tor (on|off)" that does the following:
- Enforce proxy_host=127.0.0.1
- Enforce proxy_port=9050
- Enforce tls=on
- Enforce domain=localhost

The first and second should always have these values for Tor, right?

The third is highly recommended or even necessary for Tor as far as I
understand, because otherwise the exit node can read your SMTP session.

The fourth may be paranoid: it is the only place I can think of that
an SMTP session might leak clear text information before
TLS-via-STARTTLS sets in. And that requires user action, because
domain=localhost is the default.

The new command would serve only two purposes:
1) to add convenience and
2) to make it more difficult to shoot yourself in the foot.
It would not have another function; in particular you could achieve the
same effect by setting the four commands manually. So you still have a
way to configure for special cases, and if you then shoot yourself in
the foot, it is your own fault.

Does this make sense? Are there better ideas?

Martin

Follow-Ups:
- Re: [msmtp-users] Proxy support patch
  - From: Ángel González <angel@...372...>
- Re: [msmtp-users] Proxy support patch
  - From: grarpamp <grarpamp@...20...>

References:
- Re: [msmtp-users] Proxy support patch
  - From: grarpamp <grarpamp@...20...>
- Re: [msmtp-users] Proxy support patch
  - From: CustaiCo <custaico@...373...>
- Re: [msmtp-users] Proxy support patch
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] Proxy support patch
  - From: CustaiCo <custaico@...373...>
- Re: [msmtp-users] Proxy support patch
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] Proxy support patch
  - From: CustaiCo <custaico@...373...>

Prev by Date: Re: [msmtp-users] [mpop-users] SSLv3 option removed
Next by Date: Re: [msmtp-users] Proxy support patch
Previous by thread: Re: [msmtp-users] Proxy support patch
Next by thread: Re: [msmtp-users] Proxy support patch
Index(es):
- Date
- Thread