Francina Oates:
> The lack of socks support is an increasingly serious shortcoming
> of Postfix.
You are welcome to donate code.
Wietse
---
I looked at the code in smtp_connect.c, it looked too complicated for me :)
That's sad, because the socks protocol is very simple.
Someone you emailed with in 2002 claimed to have done it, and then
there are a handful of claims on the Internet that do not work.
I looked at installing an mta in parallel with Postfix, and it's only
the big ones courier, exim, qmail that are actually routing and they
don't like to be installed together with Postfix. I even tried to run
a tsocks-wrapped second Postfix. Not easy. Not working.
So, what I will do is to write a pipe delivery agent. Postfix provides
enough macros for the MX dns lookup and the envelope, and I can use
the bash script as a tsocks wrapper, launching a second script
utilizing some smtp library. That looks like a suitable weekend
project.
- macros are provided as command line arguments
- the message text is available at stdin
- status code 75 means defer, 0 means success
- Postfix copies stdout output to mail.log
To clarify for lists()rhsoft.net:
Adding the socks protocol to smtp allows for end-to-end TLS encryption
despite that the email appears to be sent from an intermediate node.
Socks removes the requirement to trust the provider of that
intermediate node and public IP address. A traffic logger or disk
image snooper will see the destination mta ip but none of the message.
Frequently, the destination is common like gmail, and the obtained
information is of little value.
The hundreds of Bitcoin breaches are symptoms of cloud security being
nonexistent. It would surprise me if the NSA are responsible for
those.
