Use *@mail.i2p email addresses

Issues with this Forum? Post them here
Post Reply
calzone
Posts: 1
Joined: 01 Jun 2018 12:40

Use *@mail.i2p email addresses

Post by calzone »

Could you guys make it so people can register for this forum using their mail.i2p addresses? It would prevent data leakage to the clearnet every time someone registers.
echelon
Posts: 204
Joined: 10 Feb 2018 13:36

Re: Use *@mail.i2p email addresses

Post by echelon »

Hi

You can use *@i2pmail.org email address instead, its the same address.
The dataflow of the emails is same if *@mail.i2p or *@i2pmail.org is used, it is local and not leaked to clearnet.

Background: currently I do not find the correct function for valid email checks in PHPbb3.x. Even if that is changed, the mail will be sent locally to the same i2prouter as it is know and forwarded to postmans mail service.

echelon
Unconscious
Posts: 3
Joined: 04 Mar 2018 11:11

Re: Use *@mail.i2p email addresses

Post by Unconscious »

Hi eche|on

try to replace:

return '((?:[\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+)@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';

with

return '((?:[\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+)@(mail\.i2p)|(i2pmail\.org)';

in phpBB3/includes/functions at line 2755 (for version 3.2.2) to check valid mail address

And if you replace the file 'functions_messenger.php' inside phpBB3/includes with
functions_messenger.php.zip
(12.27 KiB) Downloaded 785 times
, I think you can send mails through i2p.
Go to line 1152,1153,1154 to fill real values (username, password) and 1117 for smtp_host address

NOTE: I don't have a running phpBB to test the code, use with caution.
echelon
Posts: 204
Joined: 10 Feb 2018 13:36

Re: Use *@mail.i2p email addresses

Post by echelon »

Hi

That has been helpful to find the correct place :-). I changed the mail checker function to allow a i2p TLD in addition to all current accepted.
Now I need to check the mail forward (not in phpBB, thats handled by the server itself, no need to fiddle with that functions).

echelon
Unconscious
Posts: 3
Joined: 04 Mar 2018 11:11

Re: Use *@mail.i2p email addresses

Post by Unconscious »

The script used on visibility.i2p

note that all mail request are pushed in database, and launched by a cron job (every 5 mn)
Important!
$from = $row['tofrom']; must be the same as the account (eg tofrom = "visibility@mail.i2p" cause $username = "visibility";)

<?php

include_once("settings.php");
include_once("lib/configuration.php");
global $CONFIG;


$dbhost = $CONFIG->dbhost;
$dbuser = $CONFIG->dbuser;
$dbpass = $CONFIG->dbpass;
$dbname = $CONFIG->dbname;
$dbport = $CONFIG->dbport;

// Connect to database
if (!$connexion = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname, $dbport)) {
exit;
}

// Set DB for UTF8
mysqli_query($connexion, "SET NAMES utf8");

$result = mysqli_query($connexion, "SELECT * from {$CONFIG->dbprefix}users_mails");
if ($result) {
while ($row = mysqli_fetch_array($result)){

$id = $row['id'];
$from = $row['tofrom'];
$to = $row['todo'];
$subject = $row['subject'];
$body = $row['body'];
$headers = $row['headers'];
//SMTP + SERVER DETAILS
/* * * * CONFIGURATION START * * * */
$smtpServer = "127.0.0.1";
$port = "7659";
$timeout = "60";
$username = "visibility";
$password = "xxxxxxxxxxxxxxxxxxxxxxx";
//$localhost = "visibility.i2p"; not needed
$newLine = "\r\n";
/* * * * CONFIGURATION END * * * * */

//Connect to the host on the specified port
$smtpConnect = fsockopen($smtpServer, $port, $errno, $errstr, $timeout);
$smtpResponse = fgets($smtpConnect, 515);
if(empty($smtpConnect))
{
$smtpServer = "192.168.0.xx"; //in case of failure fronm local host
$smtpConnect = fsockopen($smtpServer, $port, $errno, $errstr, $timeout);
$smtpResponse = fgets($smtpConnect, 515);
}
if(empty($smtpConnect))
{
$output = "Failed to connect: $smtpResponse";
return $output;
exit;
}
$logArray['connection'] = "Connected: $smtpResponse";


//Request Auth Login
fputs($smtpConnect,"AUTH LOGIN" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['authrequest'] = "$smtpResponse";

//Send username
fputs($smtpConnect, base64_encode($username) . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['authusername'] = "$smtpResponse";

//Send password
fputs($smtpConnect, base64_encode($password) . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['authpassword'] = "$smtpResponse";

//Say Hello to SMTP
/*fputs($smtpConnect, "HELO $localhost" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['heloresponse'] = "$smtpResponse";
*/
//Email From
fputs($smtpConnect, "MAIL FROM: $from" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['mailfromresponse'] = "$smtpResponse";

//Email To
fputs($smtpConnect, "RCPT TO: $to" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['mailtoresponse'] = "$smtpResponse";

//The Email
fputs($smtpConnect, "DATA" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['data1response'] = "$smtpResponse";

//Construct Headers
/*
$headers = "MIME-Version: 1.0" . $newLine;
$headers .= "Content-type: text/html; charset=iso-8859-1" . $newLine;
$headers .= "To: $to" . $newLine;
$headers .= "From: $from" . $newLine;
*/ not needed

fputs($smtpConnect, "To: $to\nFrom: $from\nSubject: $subject\n$headers\n\n$body\n.\n");
$smtpResponse = fgets($smtpConnect, 515);
$logArray['data2response'] = "$smtpResponse";

// Say Bye to SMTP
fputs($smtpConnect,"QUIT" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['quitresponse'] = "$smtpResponse";
//nettoyage
mysqli_query($connexion, "DELETE from {$CONFIG->dbprefix}users_mails where id='$id'");
sleep(10);
}
}
mysqli_close($connexion);
?>

don't use it at all, adapt!
Regards
Xeyed1
Posts: 4
Joined: 19 Jun 2018 17:00

Re: Use *@mail.i2p email addresses

Post by Xeyed1 »

calzone wrote: 01 Jun 2018 13:12 Could you guys make it so people can register for this forum using their mail.i2p addresses? It would prevent data leakage to the clearnet every time someone registers.
echelon has already responded that the way mail is routed in susimail is not affected by which email address you use.
echelon wrote: 01 Jun 2018 17:17 You can use *@i2pmail.org email address instead, its the same address.
The dataflow of the emails is same if *@mail.i2p or *@i2pmail.org is used, it is local and not leaked to clearnet.
echelon
However, what was not clear to me until after I tried registering was that even though I registered as Xeyed1@i2pmail.org and it shows up in my profile as my username that does not mean that I need to use my clearnet email client. Specifically this was a concern to me because, like many other online registration protocols, in order to protect against vandals the i2pforum sends a registration confirmation email to complete the registration process. Users trying to register on the forum need to reply to this to complete their registration. My concern was that because I used the i2pmail.org account name that I would need to use a clearnet email client to reply to the registration email. This is not true.

All email sent to you goes to the same mailbox on the i2p network regardless of whether you or the sender use username@mail.i2p (the i2p network email address) or username@i2pmail.org (the clearnet email address) in addressing the emails. This means that even though the i2pmail.org address is used the email is sent only on the i2p network and goes to the same i2p mailbox that mail.i2p addressed mail goes to. To reply to the registration email I used the susimail client that is included in my i2p installation to receive and reply to the registration confirmation email. None of the communication goes on the clearnet. Consequently I did not have to configure my clearnet email client to access my i2pmail.org account and everything went smoothly.

In Summary:
Use your username@i2pmail.org email address on the registration page to create your new account

Use your username@mail.i2p email address to
  • receive your registration confirmation email
  • reply to your registration confirmation email
  • check for mail from other users on the forum (back channel ie. susimail emails that do not go through the forum's messaging system)
  • send mail to other users on the forum (back channel ie. susimail emails that do not go through the forum's messaging system)
Note: To send and receive back channel emails you must have this feature set in your forum profile. I believe it is allowed by default but check your settings if you are having problems.

I hope this makes things clearer for new users and makes them more confident is registering and participation in these forums.

Cheers

Xeyed1
Post Reply