Closed mordoviu closed 2 years ago
evilaliv3
commented
2 years ago Thank you for reporting this @mordoviu
I suspect that the email could be blocked by the destination spam filter. Have you checked that?
Are you using our SMTP server or a private one?
mordoviu
commented
2 years ago Hi @evilaliv3 , thanks for the quick response!
Best, Uliana
evilaliv3
commented
2 years ago Thank you Uliana,
From your log i see that you have the option "Anonymize ongoing connections" enabled in your Network Settings in the section Tor. I suspect that your new SMTP serve could be discarding the Tor connections. I invite you to disable this settings and all should work!
mordoviu
commented
2 years ago When I am trying to disable "Anonymize ongoing connections" I get the following error message: Error on input validation [Key (simplified_login) type validation failure]
evilaliv3
commented
2 years ago I see, this in which you occurred could be effectively a bug of your software version.
May i ask why are you still using the version 4.7.14? Could you update to the current version that is way more secure and tested?
stefanw
commented
2 years ago I have the same problem that SMTP connections are timing out. Lots of these in the logs:
Starting factory <twisted.mail.smtp.ESMTPSenderFactory object at 0x7f7ec7de5100>
[E] [1] SMTP connection failed (Exception: Timeout waiting for SMTP server response)
Stopping factory <twisted.mail.smtp.ESMTPSenderFactory object at 0x7f7ec7de5100>GlobaLeaks version: 4.10.14 Database version: 63
"anonymized connections" is not activated and netstat shows that python3 is connected directly to the mail server IP – but for a long time with two other connections hanging in TIME_WAIT.
Switching to a different mail server has not helped. Sending via command line ssmtp works instantly. I suspect there's something broken in mail sending via Twisted SMTP.
evilaliv3
commented
2 years ago Thank you for your feedback, @stefanw
Actually in relation to what reported to @mordoviu i'm quite sure the reason is the one i explained, because he has the "anonymize connections" option activated and that option is bypassed when one test the smtp connection.
I do not excluted what you are reporting is true. If you could provide me some more detail about your setup we may try to assist you with some retesting. On operating system/version is your globaleaks setup based? Are you using our smtp server or a custom one?
stefanw
commented
2 years ago Hey, thanks for taking the time to reply. I'm on a fresh Ubuntu 20.04 and just ran the Globaleaks install script. I tried using the Globaleaks provided default SMTP server and two other ones. I think I found a bug.
I used tcpdump and saw a DNS query for the SMTP server but no SMTP related traffic at all. I found iptables rules that forbid connections by the globaleaks user and traced it back to this init part.
There are two settings under "Network settings" -> "Tor":
resources.network.anonymize_outgoing_connections)resources.network.reachable_via_web)My setup has both these settings disabled (=only reachable via Tor, don't anonymize outgoing connections).
The variable $TOR_SANDBOXING is getting set if reachable_via_web is False.
And here lies the problem:
reachable_via_web == False enables $TOR_SANDBOXING and disables outgoing traffic.anonymize_outgoing_connections == False will not use TOR for mail sending.The iptables should take both reachable_via_web and anonymize_outgoing_connections into account: when both are False port 80/443 should be disabled, but outgoing SMTP should be allowed.
evilaliv3
commented
2 years ago @mordoviu: Actually your is an edge case.
Thank you for your feedback. I make sense. would you like to propose a patch?
Current implementation have always considered to enable NETWORK_SANDBOXING considering only the variable reachable_via_web and using this to evaluate if the platform should be anonymized.
We can instead consider also the variable anonymize_outgoing_connections and if set to false, make a direct connection. Please consider that in this case the IP of your server wont be protected anymore so that your system wont operate anonymosly.
mordoviu
commented
2 years ago Hi @evilaliv3 , I think in your previous comment you meant @stefanw ? In my case an upgrade solved the problem even with "Anonymize ongoing connections" enabled. Thank you!
evilaliv3
commented
2 years ago Ah yes!
thank you @mordoviu for confirming that this issue is resolved for you.
I will talk this ticket for now.
@stefanw: please feel free to open a dedicated ticket or pull request for your suggestion. thank you
Hi, I have a running GlobaLeaks instance in the version 4.7.14 and it stopped sending e-mails a while ago. Sending a test e-mail works, but activation links for new accounts and similar notifications won't. There are no errors in the log, it looks like it supposed to: .. 2022-11-08 14:54:15+0000 [-] Starting factory <twisted.mail.smtp.ESMTPSenderFactory object at 0x7fa5ad0bec40> 2022-11-08 14:54:15+0000 [-] Starting factory <globaleaks.utils.socks.SOCKS5ClientFactory object at 0x7fa5adb727f0> 2022-11-08 14:54:21+0000 [-] Stopping factory <twisted.mail.smtp.ESMTPSenderFactory object at 0x7fa5ad0bec40> 2022-11-08 14:54:21+0000 [-] Stopping factory <globaleaks.utils.socks.SOCKS5ClientFactory object at 0x7fa5adb727f0>
Also my browser shows, that GlobaLeaks sends a PUT request and gets a 202-response when clicking on the "send activation link"-button.
Thanks in advance for your help!
Best, Uliana