Re: [Tails-dev] Testing EHLO messages: simplification propos…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Testing EHLO messages: simplification proposal
Hi,

Alan wrote (18 Mar 2014 17:09:06 GMT) :
> I don't see what the first of these tests would check that is not also
> checked by the second.


I agree these two tests are quite unclear and confusing, as currently
written: e.g. the Message-Id and Received fields should also be
checked for a hostname or local IP application-level leak.

But they are meant to test entirely different things, and I don't
think we can simply drop one of these tests.

The first test is mainly about the TCP/IP layer: it checks that the
email is sent over Tor, based on the Received headers in the email the
recipient can see.

The second test is primarily about the application layer: it checks
that the hostname and local IP are not leaked via SMTP commands, by
sniffing the network connection.

> In addition, it's not easy to access a "non-anonymizing SMTP relay"
> through Tor.


Could you please share what SMTP relays you've tried, and were blocked
by? This would help anyone willing to improve these test by
documenting example non-anonymizing SMTP relays one can use to
"run" it.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc