|
@@ -225,6 +225,7 @@ function email_create_template {
|
225
|
225
|
}
|
226
|
226
|
|
227
|
227
|
function create_email_onion_address {
|
|
228
|
+ email_hostname='/var/lib/tor/hidden_service_email/hostname'
|
228
|
229
|
if ! grep -q "hidden_service_email" /etc/tor/torrc; then
|
229
|
230
|
{ echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/';
|
230
|
231
|
echo 'HiddenServiceVersion 3';
|
|
@@ -238,18 +239,21 @@ function create_email_onion_address {
|
238
|
239
|
function_check wait_for_onion_service
|
239
|
240
|
wait_for_onion_service email
|
240
|
241
|
|
241
|
|
- if [ ! -f /var/lib/tor/hidden_service_email/hostname ]; then
|
|
242
|
+ if [ ! -f $email_hostname ]; then
|
242
|
243
|
echo $"email onion site hostname not found"
|
243
|
244
|
systemctl restart tor
|
244
|
245
|
exit 782352
|
245
|
246
|
fi
|
246
|
247
|
|
247
|
|
- onion_address=$(cat /var/lib/tor/hidden_service_email/hostname)
|
|
248
|
+ onion_address=$(cat $email_hostname)
|
248
|
249
|
set_completion_param "email onion domain" "${onion_address}"
|
249
|
250
|
add_email_hostname "$onion_address"
|
250
|
251
|
else
|
251
|
|
- onion_address=$(cat /var/lib/tor/hidden_service_email/hostname)
|
|
252
|
+ onion_address=$(cat $email_hostname)
|
252
|
253
|
fi
|
|
254
|
+ cp $email_hostname /etc/skel/.email_onion_domain
|
|
255
|
+ cp $email_hostname "/home/$MY_USERNAME/.email_onion_domain"
|
|
256
|
+ chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.email_onion_domain"
|
253
|
257
|
}
|
254
|
258
|
|
255
|
259
|
function configure_email_onion {
|
|
@@ -262,17 +266,17 @@ function configure_email_onion {
|
262
|
266
|
|
263
|
267
|
create_email_onion_address
|
264
|
268
|
|
265
|
|
- #apt-get -yq install tinycdb perl
|
|
269
|
+ apt-get -yq install perl
|
266
|
270
|
|
267
|
271
|
# MX record should be:
|
268
|
272
|
# _onion-mx._tcp
|
269
|
273
|
# 20:$onion_address
|
270
|
274
|
# 3600 IN SRV 0 5 25 $onion_address
|
271
|
275
|
|
272
|
|
- # Test with: exim -d -bt username@$onion_address
|
273
|
|
-
|
274
|
|
- #echo "$DEFAULT_DOMAIN_NAME $onion_address" > /etc/exim4/onionrelay.txt
|
275
|
|
- #cdb -m -c -t ~/onionrelay.tmp /etc/exim4/onionrelay.cdb /etc/exim4/onionrelay.txt
|
|
276
|
+ # To test the system, on receiving server:
|
|
277
|
+ # exim -bd -d -oX 25
|
|
278
|
+ # On the sensing server:
|
|
279
|
+ # exim -d -oX 25 -bt username@$onion_address
|
276
|
280
|
|
277
|
281
|
{ echo "perl_startup = do '/etc/exim4/perl-routines.pl'";
|
278
|
282
|
echo "perl_at_start"; } > /etc/exim4/conf.d/main/00_exim4-config_perl
|
|
@@ -290,26 +294,32 @@ function configure_email_onion {
|
290
|
294
|
echo " return 'no_such_host';";
|
291
|
295
|
echo "}"; } > /etc/exim4/perl-routines.pl
|
292
|
296
|
|
293
|
|
- #{ echo "ONION_RELAYDB=/etc/exim4/onionrelay.cdb";
|
294
|
|
- # echo "domainlist onion_relays = cdb;ONION_RELAYDB"; } > /etc/exim4/conf.d/main/48_exim4-config_onion_relays
|
295
|
|
-
|
296
|
297
|
{ echo "riseup:";
|
297
|
298
|
echo " driver = manualroute";
|
298
|
299
|
echo " domains = riseup.net";
|
299
|
300
|
echo " transport = onion_relay";
|
|
301
|
+ echo " headers_remove = Received:Message-ID:X-Mailer:User-Agent";
|
|
302
|
+ echo " headers_add = Message-ID: <\${lc:\${sha1:\$message_id}}@\$sender_address_domain>";
|
300
|
303
|
echo " route_data = \${perl{onionLookup}{$RISEUP_EMAIL_ONION}}"
|
301
|
|
- echo " no_more"; } > /etc/exim4/conf.d/router/049_exim4-config-riseup
|
|
304
|
+ echo " no_more"; } > /etc/exim4/conf.d/router/905_exim4-config-riseup
|
|
305
|
+
|
|
306
|
+ if ! grep -q "*.onion" /etc/exim4/conf.d/router/200_exim4-config_primary; then
|
|
307
|
+ sed -i 's|domains = ! +local_domains|domains = ! +local_domains : ! *.onion : ! riseup.net|g' /etc/exim4/conf.d/router/200_exim4-config_primary
|
|
308
|
+ fi
|
302
|
309
|
|
303
|
310
|
{ echo "onionrelays:";
|
304
|
311
|
echo " driver = manualroute";
|
305
|
312
|
echo " domains = *.onion";
|
306
|
313
|
echo " transport = onion_relay";
|
307
|
|
- #echo " route_data = \${lookup dnsdb{a=\$domain}}";
|
|
314
|
+ echo " headers_remove = Received:Message-ID:X-Mailer:User-Agent";
|
|
315
|
+ echo " headers_add = Message-ID: <\${lc:\${sha1:\$message_id}}@\$sender_address_domain>";
|
308
|
316
|
echo " route_data = \${perl{onionLookup}{\$domain}}"
|
309
|
|
- echo " no_more"; } > /etc/exim4/conf.d/router/050_exim4-config-onionrelays
|
|
317
|
+ echo " no_more"; } > /etc/exim4/conf.d/router/910_exim4-config-onionrelays
|
310
|
318
|
|
311
|
319
|
{ echo "onion_relay:";
|
312
|
320
|
echo " driver = smtp";
|
|
321
|
+ echo " helo_data = \"\$address_data \$original_domain\"";
|
|
322
|
+ echo " hosts_avoid_tls = *";
|
313
|
323
|
echo " socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/050_exim4-config_onion_relay
|
314
|
324
|
|
315
|
325
|
if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
|
|
@@ -366,7 +376,7 @@ function check_email_address_exists {
|
366
|
376
|
|
367
|
377
|
if [[ $ONION_ONLY != 'no' ]]; then
|
368
|
378
|
my_email=$onion_address
|
369
|
|
- MY_EMAIL_ADDRESS=$onion_address
|
|
379
|
+ MY_EMAIL_ADDRESS="${MY_USERNAME}@$onion_address"
|
370
|
380
|
write_config_param "MY_EMAIL_ADDRESS" "$MY_EMAIL_ADDRESS"
|
371
|
381
|
fi
|
372
|
382
|
}
|
|
@@ -650,6 +660,14 @@ function email_client {
|
650
|
660
|
echo '# Optional relay of SMTP via ISP';
|
651
|
661
|
echo '#set smtp_url="smtps://username:password@isp_mail_domain:465/"'; } > /etc/Muttrc
|
652
|
662
|
|
|
663
|
+ if [[ "$ONION_ONLY" != 'no' ]]; then
|
|
664
|
+ # On onion only systems email is onion router anyway, with its
|
|
665
|
+ # own encryption system, so we don't need the additional pgp layer
|
|
666
|
+ # except perhaps for some additional confidence
|
|
667
|
+ sed -i 's|set pgp_autoencrypt|unset pgp_autoencrypt|g' /etc/Muttrc
|
|
668
|
+ sed -i 's|set pgp_autosign|unset pgp_autosign|g' /etc/Muttrc
|
|
669
|
+ fi
|
|
670
|
+
|
653
|
671
|
# For viewing long URLs
|
654
|
672
|
echo 'REGEXP (((http|https|ftp|gopher)|mailto)[.:][^ >"\t]*|www\.[-a-z0-9.]+)[^ .,;\t>">\):]' > "/home/$MY_USERNAME/.urlview"
|
655
|
673
|
echo 'COMMAND lynx -dump -width=78 -nolist %s' >> "/home/$MY_USERNAME/.urlview"
|
|
@@ -1094,7 +1112,8 @@ function spam_filtering {
|
1094
|
1112
|
# This configuration is based on https://wiki.debian.org/DebianSpamAssassin
|
1095
|
1113
|
sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
|
1096
|
1114
|
sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
|
1097
|
|
- sed -i "s/accept/accept condition = \${if eq{\$acl_m0}{rfcnames} {1}{0}}/g" /etc/exim4/conf.d/acl/40_exim4-config_check_data
|
|
1115
|
+ # This prevents .onion domains from being accepted
|
|
1116
|
+ #sed -i "s/accept/accept condition = \${if eq{\$acl_m0}{rfcnames} {1}{0}}/g" /etc/exim4/conf.d/acl/40_exim4-config_check_data
|
1098
|
1117
|
|
1099
|
1118
|
{ echo "warn message = X-Spam-Score: \$spam_score (\$spam_bar)";
|
1100
|
1119
|
echo ' spam = nobody:true';
|