ehloonion / onionrouter Goto Github PK

Add logging support, either straight to a file or via syslog.

For large installations it is important to support multiple domains to be whitelisted in onionrouter config file. Comma separated or space separated values of "DOMAIN->hostname" key should be good enough.

• onionrouter version: 0.5.2
• Python version: 3.8
• Operating System: Linux

Description

onionrouter doesn't work and displays this stack trace:

$ onionrouter -d
Process Process-1:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/onionrouter/msockets.py", line 23, in resolve
    result = rerouter.run(addr)
  File "/usr/lib/python3.8/site-packages/onionrouter/rerouter.py", line 64, in run
    domain = self.get_domain(address)
  File "/usr/lib/python3.8/site-packages/onionrouter/rerouter.py", line 48, in get_domain
    split_addr = address.split("@")
TypeError: a bytes-like object is required, not 'str'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
    self.run()
  File "/usr/lib/python3.8/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/lib/python3.8/site-packages/onionrouter/msockets.py", line 30, in resolve
    conn.sendall("500 {0}".format(err))
TypeError: a bytes-like object is required, not 'str'

What I Did

onionrouter -d

When using the following config in onionrouter.ini
hostname: example.com
and a query for EXAMPLE.com is performed against onionrouter, then the hostname is not matched against the configured whitelist but an onion mx query is performed returning results for what was supposedly set as the local domain.

This leads to loop of messages in postfix:

status=bounced (mail for [xyzwwwwwwwwwwww.onion] loops back to myself)

• onionrouter version: 0.6.2
• Python version: 3.9.2
• Operating System: debian bullseye

Description

Once a configuration file exists and the daemon is able to start, it might end up responding to requests with errors about some configuration sections or options missing when postfix sends a request to it.

For example:

$ nc localhost 23000
[email protected]
500 No section: 'IGNORED'

or with only the IGNORED section delimiter present without anything in it:

$ nc localhost 23000
[email protected]
500 No option 'domains' in section: 'IGNORED'

Since the daemon will effectively be useless (and will indefinitely stall queries by postfix) it would make more sense for the daemon to find those configuration problems and noisily exit upon starting up. This would make it easier to debug the problem and make the service functional.

There are cases where we don't want onionrouter to decide on what will happen for a specific domain. Such a case is when there's another transport defined, e.g. in some other file/transport_map, for a domain, so we would like onionrouter to reply with '500' for these domains, even if they have an onion-mx SRV record set, so that postfix will fall back to the other transport defined.

It's very probable that there could be multiple such domains, so the new option should accept a comma separated list of domains.

I'm proposing 'ignore_domains' as the key name for such an option.

Running FreeBSD, since it has proven impossible to get the suggested setup working with the smtp_tor script postfix 3.2.3, '/usr/local/libexec/postfix/smtp_tor: bad command startup -- throttling'
I've setup a transparent tor system with my OpenBSD firewall diverting through tor transport.

Sending a test mail to [email protected] results in the same 550 reject as when connecting clearnet. Study of logs does show connecting through tor (10.192.0.0/11 are tormapped adresses):

Oct 12 21:01:55 mailserv postfix/smtp[46156]: 384483B1AF: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=6.8, delays=0.15/0.02/0/6.7, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as C4F8A3B1B8)
Oct 12 21:01:55 mailserv postfix/qmgr[46127]: 384483B1AF: removed
Oct 12 21:01:55 mailserv postfix/smtp[46170]: Host offered STARTTLS: [ysp4gfuhnmj6b4mb.onion]
Oct 12 21:01:55 mailserv postfix/smtp[46170]: C4F8A3B1B8: to=<[email protected]>, relay=ysp4gfuhnmj6b4mb.onion[10.214.246.181]:25, delay=1.1, delays=0.22/0.03/0.61/0.19, dsn=5.0.0, status=bounced (host ysp4gfuhnmj6b4mb.onion[10.214.246.181] said: 550 [email protected] is only available through onionmx (in reply to RCPT TO command))
Oct 12 21:01:56 mailserv postfix/cleanup[46155]: 00E5D3B1BA: message-id=<[email protected]>

Though obviously I already know that my setup is working it might be nice for others who would go for a similar setup to have a working testing solution ;)
Even nicer would be an automatic reply on the adres to check if the system also correctly receives mail ;)

Can confirm that onionrouter script is working on FreeBSD 10.3 with python2.7

In debug output distinguish between lazy lookups coming from mappings vs DNS lookups.