On Tue, Oct 14, 2014 at 10:47:20AM +0200, Martin Lambers wrote: > > AFAIK, SOCKS4 is totally dead. Some older systems still do SOCKS4a, > > but it's not that common. It was already implemented so I kept it. > > Then let's start with SOCKS5 only, and add other variants only if > required. > > > > 2. Nobody protects the SOCKS5 protocol with TLS, right? > > > > I'm sure there exists *some* person who does this, but it's not common > > in the slightest. > > Good, then let's start with the simple solution here, too. > > > > 3. Is there a valid use case for SOCKS5 authentication? It only > > > supports unprotected user/password transmission (well, and GSSAPI, > > > but nobody uses that). This makes it pretty useless. > > > > It's really not any more work to do the basic user/password > > authentication than it is to do the normal protocol. It just adds one > > extra step. > > That's right. Still, msmtp currently refuses to send authentication > data in plaintext over the net unless you force it, and I hesitate to > add such functionality for proxies. In this day and age, if you add > network-based authentication methods, they absolutely have to be > secure. > > I propose the attached patch, which currently uses "localhost:1080" as > hardcoded proxy (this can be changed later). I tested it against 'ssh > -D 1080 -N mys-ssh-server'. > > It is similar in functionality to your patch, but > - only implements SOCKS5 without authentication > - improves error diagnostics for the proxy connection > > What do you think? > > Martin
Yeah, I'd much rather start out with something simple that works, and I'm not a huge fan of sending my info in the clear, even over my local network. Your feedback to the user is much more verbose. I would just break out the debugger if it didn't work right. :) I tested the patch as well; it works just fine. My only concern is that it doesn't give the AI_NUMERICHOST hint when resolving the proxy server's address. Without that hint a malconfigured client could possibly attempt to do a nameserver query. Yes, it's the person who set it up's fault if that happens, but everybody makes mistakes. CustaiCo ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ msmtp-users mailing list msmtp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/msmtp-users
