Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#16369 closed enhancement (invalid)

Privacy-guarding email clients need TCP port 465 or 587, tor blocks both

Reported by: arnt Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:



I am working on an email client. One of the (side) goals is to provide robust access to things like, which means providing IMAP and SMTP/Submit access via Tor (and also doing some things to prevent information leakage).

The IMAP bits work well: I can access riseup via Tor with excellent performance, thanks to a little prefetching and so on. I also don't leak information. But I cannot send mail at all, in any way. AFAICT, it seems to be mostly a side effect: Tor blocks access to port 25 to combat spam and abuse, and ports 465/587 were blocked as part of the same change.

I find that very unfortunate. Blocking 465/587 means that there is no way to write a proper privacy-guarding email client using the IETF protocols. Please reconsider that.

Child Tickets

Change History (2)

comment:1 Changed 5 years ago by yawning

Resolution: invalid
Status: newclosed

This isn't a bug. It's up to each Exit Relay operator to decide on their Exit Policy, and the Exit Policy included in "tor, the application" doesn't reject either of those ports. Thus, this is a configuration time issue that needs to be addressed by talking to said operators.

(I don't think "please consider changing the recommended Reduced Exit Policy" to be something appropriate for this component, but it's not immediately obvious to me what to file that under.)

comment:2 Changed 5 years ago by arnt

My phone has spent hours trying random tor circuits without coming across any that allowed either 465 or 587. It's difficult to believe that each of the those exit node operators has made the same two changes completely independently of each other. It seems likely that there's a default torrc or howto somewhere. Can you guess where that default torrc or howto might be?

Edit: perhaps.

Last edited 5 years ago by arnt (previous) (diff)
Note: See TracTickets for help on using tickets.