As I posted earlier, I have migrated to use tor on my machine. Though I had a couple of unsolved issues back then. One of them being my Mail Transport Agent (MTA) did not support tor.
A regular user might not have a lot of use for a MTA on their laptop. However, it is needed for a lot of Debian development scripts (bts, mass-bug, nmudiff), if they are to file/manipulate bugs for you.
I have some requirements for my MTA
- tor support (or at least “torsocks”-able)
- support end-to-end encryption with my provider (STARTTLS)
- verify that it is talking to my provider.
- rewrite my “From” if it is not correct (otherwise the mail will just be rejected)
- support the auth mechanisms of my provider
- it should be simple to configure
I also have some non-requirements:
- Local mail delivery is not required
- The MTA will not be used as a general mail relay.
- One target relay
- No relaying from other hosts
- Mail delivery queue is nice to have but not a strict requirement.
Originally, I used postfix, which supported most of these requirements. Except:
- My attempt to make it use tor failed. The best suggestion I found was to divert its smtp handler and then replace it with a torsocks call to the original handler. Sadly, it just seg. faulted.
- While postfix is almost certainly able to verify it is talking with my provider, I never got it configured to do that. In the end, postfix was to complicated for what I was ready to put up with.
Per suggestion of Jakub Wilk, I tried msmtp, which turned out do what I wanted.
- There is a trivial config file example to start with. I did not need to read any manuals or extended documentation to figure out what they were doing.
- You probably also want to specify tls_priorities (assuming msmtp is linked against gnutls)
- A code dive suggests it defaults to “NORMAL:-VERS-SSL3.0″ if not set. It is probably not too bad, but could be better. :)
- From a quick look at the gnutls manual “PFS:%PROFILE_<name>” seems like decent value (requires gnutls >= 3.2.4 and that your provider has decent/modern SSL setup).
- You probably want to have a look at the values for the %PROFILE_<name> before deciding on one.
- A code dive suggests it defaults to “NORMAL:-VERS-SSL3.0″ if not set. It is probably not too bad, but could be better. :)
- The msmtp program supports connecting through SOCKS proxies and even has a sample config snippet for using it with tor.
- Of course, by the time I had discovered that I had already been using “torsocks /usr/sbin/sendmail” a couple of times. :)
The only feature I will probably miss is having a local queue, which can be rate limited. But all in all, I am quite happy with it so far. :)
Filed under: Debian
