Opened 3 years ago

Closed 20 months ago

#13006 closed defect (fixed)

EHLO 127.0.0.1 is not a good choice

Reported by: ww Owned by: ioerror
Priority: High Milestone:
Component: Applications/TorBirdy Version:
Severity: Blocker Keywords:
Cc: gk, ter.one.leeboi@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Torbirdy uses 127.0.0.1 to identify itself when sending mail. Unfortunately this value is also commonly used by spammers and so a sensible MTA config will reject connections identifying themselves like this.

Using tor to send mail already identifies the sender as using tor, obviously, because the exit gateway will be known/identifiable. Therefore fingerprinting on this value should not be a concern.

Propose to change this to a valid hostname, which should be created in the DNS, such as,

birdy.torproject.org. IN A 127.0.0.1

Child Tickets

Change History (6)

comment:1 Changed 3 years ago by gk

Cc: gk added

comment:2 Changed 3 years ago by ioerror

I'm not a fan. I do not want to create special names. It is too centralized. Any email server with this problem is broken.

comment:3 Changed 3 years ago by ioerror

Resolution: wontfix
Status: newclosed

comment:4 Changed 3 years ago by ww

Resolution: wontfix
Status: closedreopened

I agree creating special names is a bit icky because DNS is too centralised. localhost -> 127.0.0.1 is a special name, though.

However I disagree that an email server with this problem is broken -- such an email server is expecting clients to follow the SMTP RFCs (i.e. 822, 1869) which say that a conversation starts by identifying yourself. If a client falsely identifies itself as localhost, it makes sense for the server to say, "you're lying, go away". Using localhost/127.0.0.1 is an ugly kludge.

A correct way to solve this would be to make a name like "anonymous" with an RFC that says "in protocols like SMTP where a host is expected to identify itself with a name it MAY use 'anonymous' if it does not wish to reveal its true name" possibly together with an address allocation from one of the reserved blocks. Want to write an internet draft to create anonymity in the naming infrastructure? Could be fun.

comment:5 Changed 3 years ago by leeroy

Cc: ter.one.leeboi@… added

comment:6 Changed 20 months ago by sukhbir

Resolution: fixed
Severity: Blocker
Status: reopenedclosed

Fixed in 0f14f38b7fad2983623157eaedc8af294eeb74fc.

-  "mail.smtpserver.default.hello_argument": "127.0.0.1",
+  "mail.smtpserver.default.hello_argument": "[127.0.0.1]",

More details here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812115

Note: See TracTickets for help on using tickets.