Welcome, Guest. Please login or register.

Author Topic: Bitmessage with builtin SMTP/POP3 servers  (Read 26689 times)

sarchar

  • Newbie
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Bitmessage with builtin SMTP/POP3 servers
« on: July 04, 2013, 06:37:42 AM »
== I've updated this message to be more in line with the most recent code changes. ==

I'm happy to announce my first contribution to Bitmessage.  I've created a pull request on github, so let's see what the devs have to say on the idea...

Basically, I've written a barebones SMTP and POP3 server for use with your standard E-mail client. 

https://github.com/sarchar/PyBitmessage

To use: Clone my branch like usual.  In Bitmessage, go to Settings -> SMTP & POP3 tab.  Configure the ports and set a password for the identity you would like to use in your E-mail client.  Copy the provided E-mail address.  In your E-mail client, set the SMTP and POP3 servers to localhost. For both POP3 and SMTP, the Username is exactly the E-mail provided for the identity. Configure the authorization method to "normal"/"regular"/"plaintext".  The password is the one you set in the settings dialog.  Disable any "Leave messages on servers" settings.

You can send emails to other Bitmessage identities using their E-mail-formatted Bitmessage address. If you get set up, send me an E-mail: 6657247776@BM-2DC6hiJAzsDUjdVAhLLkuoGtDxnaDnakuy

There are already two projects that do essentially the same thing that I've done.  However, this one is important because it:

* does not rely on the Bitmessage API server.
* is in Python, and thus part of the Bitmessage client itself. 
* can run on all operating systems that Bitmesage runs on.
* supports SSL, and per-Identity access
* doesn't require a GUI (should work with Bitmessage daemon mode)
* uses an E-mail format that should be compatible with all E-mail clients, and preserves possible loss of address bits due to capitalization changes.

Not yet implemented:

* Handling Subscriptions and Broadcast messages.
* As it stands now, attachments work fine but the Bitmessage protocol requires harder POW for larger message. I'd like to integrate some transparent large file storage (Perhaps over the Mega API?).
* IMAP support?
* "Leave messages on server" POP3 support?
* Perhaps authorization methods other than plaintext.  Although, localhost connections should be secure enough, eventually I suspect this could be used as the backend to a webmail-over-Bitmessage server.
* Anything else???

I would very much appreciate feedback, testers and early adopters!

And since people love screenshots....!

http://imgur.com/4Rx1c3q
http://imgur.com/ZsKDDCk

Shout-outs to:

bmwrapper: https://bitmessage.org/forum/index.php/topic,1691.0.html
B2M: https://bitmessage.org/forum/index.php/topic,1587.0.html

I have a prebuilt binary up at http://dropcanvas.com/03tq1 for those of you brave enough to try (or those that have a secure VM environment they can test in).
« Last Edit: July 05, 2013, 02:11:41 AM by sarchar »
SMTP/POP3 integration with Bitmessage: https://bitmessage.org/forum/index.php/topic,2565.0.html

AyrA

  • BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1261
  • Karma: +75/-7
  • bitmessage.ch and timeservice operator
    • View Profile
    • AyrAs Homepage
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #1 on: July 04, 2013, 07:19:50 AM »
why do you do user@BM-ADDR? May confuse E-mail clients, because the domain name is not valid.
My Address: BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
Bitmessage Time Service (Subscribe): BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash
Support the Multipart Message Declaration Draft for Bitmessage: https://bitmessage.org/forum/index.php/topic,1553.0.html
Free Bitmessage to E-Mail Gateway: https://bitmessage.ch

sarchar

  • Newbie
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #2 on: July 04, 2013, 07:51:12 AM »
why do you do user@BM-ADDR? May confuse E-mail clients, because the domain name is not valid.

Good point.

1. The format isn't set in stone.  If the user@BM-ADDR isn't sufficient, we can change it.  I considered BM-ADDR@somedomain but the problem is that requires special casing 'somedomain', which may also be problematic for E-mail clients.

2. I don't think it will confuse any RFC-compliant E-mail clients because "root@localhost" is a valid E-mail address.  One-word domains are perfectly legitimate, and since BM addresses don't use any non-alphanumeric characters (along with '-'), they should be OK.

Thanks for looking at this!
SMTP/POP3 integration with Bitmessage: https://bitmessage.org/forum/index.php/topic,2565.0.html

AyrA

  • BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1261
  • Karma: +75/-7
  • bitmessage.ch and timeservice operator
    • View Profile
    • AyrAs Homepage
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #3 on: July 04, 2013, 08:08:52 AM »
some E-mail clients tend to convert the address to lowercase, you should probably use an address format, that does not depend on the casing of the address. Also what is the reason for SSL, it will throw Certificate errors at the client and does not adds security. If somebody is able to sniff on the localhost interface he can also read memory from applications
My Address: BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
Bitmessage Time Service (Subscribe): BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash
Support the Multipart Message Declaration Draft for Bitmessage: https://bitmessage.org/forum/index.php/topic,1553.0.html
Free Bitmessage to E-Mail Gateway: https://bitmessage.ch

sarchar

  • Newbie
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #4 on: July 04, 2013, 01:21:29 PM »
some E-mail clients tend to convert the address to lowercase, you should probably use an address format, that does not depend on the casing of the address. Also what is the reason for SSL, it will throw Certificate errors at the client and does not adds security. If somebody is able to sniff on the localhost interface he can also read memory from applications

Lowercase - Damn. You're right.  I'll devise an addressing scheme that doesn't depend on the casing. The same thing is the case for usernames, as many clients will fully capitalize or lowercase the username.  I have one idea, but I don't know how readily people would accept it.

SSL - You're right, and it's probably a premature implementation; I suspect most people won't turn it on.  In the future, however, I imagine a usecase where binding to an address other than localhost could be useful for an sysadmin. Perhaps someone running a webmail-based Bitmessage E-mail system?  Etc., etc.  It doesn't take away from usefulness to have an opt-in feature, right?
SMTP/POP3 integration with Bitmessage: https://bitmessage.org/forum/index.php/topic,2565.0.html

AyrA

  • BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1261
  • Karma: +75/-7
  • bitmessage.ch and timeservice operator
    • View Profile
    • AyrAs Homepage
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #5 on: July 04, 2013, 02:37:04 PM »
Lowercase - Damn. You're right.  I'll devise an addressing scheme that doesn't depend on the casing.
If I remember correctly, tor uses lowercase only addresses.

The same thing is the case for usernames, as many clients will fully capitalize or lowercase the username.
You can internally convert everything to uppercase when comparing

SSL - You're right, and it's probably a premature implementation; I suspect most people won't turn it on.  In the future, however, I imagine a usecase where binding to an address other than localhost could be useful for an sysadmin. Perhaps someone running a webmail-based Bitmessage E-mail system?  Etc., etc.  It doesn't take away from usefulness to have an opt-in feature, right?
SSL may be a nice feature when using this thing as a public gateway but you should keep in mind, that most people do not want to buy a verified certificate. It may be interesting in a network, where you can deploy root certificates, for example via GPO on a MS server.
My Address: BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
Bitmessage Time Service (Subscribe): BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash
Support the Multipart Message Declaration Draft for Bitmessage: https://bitmessage.org/forum/index.php/topic,1553.0.html
Free Bitmessage to E-Mail Gateway: https://bitmessage.ch

sarchar

  • Newbie
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #6 on: July 04, 2013, 02:49:33 PM »
Lowercase - Damn. You're right.  I'll devise an addressing scheme that doesn't depend on the casing.
If I remember correctly, tor uses lowercase only addresses.
I've got a "scheme" that will work, but it requires a fixed username. I think this is workable, albeit probably not the final solution.  I'll describe it in detail once I've got a working implementation.

The same thing is the case for usernames, as many clients will fully capitalize or lowercase the username.
You can internally convert everything to uppercase when comparing
However, using a BM- address as the username in the BM-ADDR@specifiedhost.com format could still cause a loss of address information, depending on email client.

SSL - You're right, and it's probably a premature implementation; I suspect most people won't turn it on.  In the future, however, I imagine a usecase where binding to an address other than localhost could be useful for an sysadmin. Perhaps someone running a webmail-based Bitmessage E-mail system?  Etc., etc.  It doesn't take away from usefulness to have an opt-in feature, right?
SSL may be a nice feature when using this thing as a public gateway but you should keep in mind, that most people do not want to buy a verified certificate. It may be interesting in a network, where you can deploy root certificates, for example via GPO on a MS server.
Sure.  It's an opt-in feature, most people won't turn it on.  However, SSL certs are certainly cheap.  You can buy a domain on namecheap using Bitcoin and get a cheap SSL certificate with it.  Admins can afford an SSL cert; I don't think this is a major concern.  It is off by default and doesn't get in the way.

Despite these concerns, have you given it a test run?
SMTP/POP3 integration with Bitmessage: https://bitmessage.org/forum/index.php/topic,2565.0.html

AyrA

  • BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1261
  • Karma: +75/-7
  • bitmessage.ch and timeservice operator
    • View Profile
    • AyrAs Homepage
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #7 on: July 04, 2013, 03:32:15 PM »
Despite these concerns, have you given it a test run?
Well there is no compiled exe available and i will not install all this python crap.
My Address: BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
Bitmessage Time Service (Subscribe): BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash
Support the Multipart Message Declaration Draft for Bitmessage: https://bitmessage.org/forum/index.php/topic,1553.0.html
Free Bitmessage to E-Mail Gateway: https://bitmessage.ch

sarchar

  • Newbie
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #8 on: July 04, 2013, 03:49:56 PM »
Despite these concerns, have you given it a test run?
Well there is no compiled exe available and i will not install all this python crap.

I could build an exe for you, but it's probably wise not to run executes from brand new people:)
SMTP/POP3 integration with Bitmessage: https://bitmessage.org/forum/index.php/topic,2565.0.html

AyrA

  • BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1261
  • Karma: +75/-7
  • bitmessage.ch and timeservice operator
    • View Profile
    • AyrAs Homepage
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #9 on: July 04, 2013, 04:37:21 PM »
I could build an exe for you, but it's probably wise not to run executes from brand new people:)
I have DeepFreeze installed, so in case fo trouble, I just unplug the computer and turn it back on.
My Address: BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
Bitmessage Time Service (Subscribe): BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash
Support the Multipart Message Declaration Draft for Bitmessage: https://bitmessage.org/forum/index.php/topic,1553.0.html
Free Bitmessage to E-Mail Gateway: https://bitmessage.ch

sarchar

  • Newbie
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #10 on: July 05, 2013, 01:35:39 AM »
I could build an exe for you, but it's probably wise not to run executes from brand new people:)
I have DeepFreeze installed, so in case fo trouble, I just unplug the computer and turn it back on.

I've uploaded a binary to http://dropcanvas.com/03tq1

This one implements a new message format.  It encodes the Base58 capitalization in the username of the E-mail. I believe this makes the address used RFC compliant without any possible loss of BM address bits.

To configure, open up Settings -> SMTP & POP3 settings.  Enable the server, select ports for the SMTP & POP3 servers. Pick an identity you would like to enable and set the password.  Copy the E-mail address provided and configure your E-mail client.

My address: 6657247776@BM-2DC6hiJAzsDUjdVAhLLkuoGtDxnaDnakuy

The full address will also be the username to the SMTP and POP3 servers. Passwords are the ones you set.  Send me a message?
SMTP/POP3 integration with Bitmessage: https://bitmessage.org/forum/index.php/topic,2565.0.html

AyrA

  • BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1261
  • Karma: +75/-7
  • bitmessage.ch and timeservice operator
    • View Profile
    • AyrAs Homepage
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #11 on: July 05, 2013, 02:37:08 AM »
The settings window does not opens, when I click on the settings Item if I use my existing keys.dat file
My Address: BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
Bitmessage Time Service (Subscribe): BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash
Support the Multipart Message Declaration Draft for Bitmessage: https://bitmessage.org/forum/index.php/topic,1553.0.html
Free Bitmessage to E-Mail Gateway: https://bitmessage.ch

AyrA

  • BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1261
  • Karma: +75/-7
  • bitmessage.ch and timeservice operator
    • View Profile
    • AyrAs Homepage
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #12 on: July 05, 2013, 02:55:57 AM »
Some things I noticed
  • SMTP Server does not has the "HELP" command available. Some E-mail applications and users who are debugging use this to determine the commands available.
  • You should kick users after too many invalid commands.
  • You must not close the connection if users try to send an E-mail if not authenticated. Use "relaying denied" on RCPT TO command instead. Possible Errors on MAIL FROM command can be found in the ESMTP rfc: http://tools.ietf.org/html/rfc1869 section 6.1
  • If you close the connection on MAIL FROM field, E-Mail clients cannot exactly determine the reason. Returning 5XX on RCPT TO tells the client, that the from address basically is valid and the server can relay but do not want to.
  • Using "AUTH PLAIN" kills the connection and the listening thread so I can't test it.
  • Also generally do not close the connection if errors appear and you are technically able to continue.
  • RSET does not works when unauthenticated.
« Last Edit: July 05, 2013, 02:59:32 AM by AyrA »
My Address: BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
Bitmessage Time Service (Subscribe): BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash
Support the Multipart Message Declaration Draft for Bitmessage: https://bitmessage.org/forum/index.php/topic,1553.0.html
Free Bitmessage to E-Mail Gateway: https://bitmessage.ch

sarchar

  • Newbie
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #13 on: July 05, 2013, 03:02:05 AM »
The settings window does not opens, when I click on the settings Item if I use my existing keys.dat file

Oops. You're right - it was because I wasn't accounting for the old keys.dat config without smtp keys.  I rebuilt the exe and uploaded it to the same dropcanvas link.  Redownload and try again?
SMTP/POP3 integration with Bitmessage: https://bitmessage.org/forum/index.php/topic,2565.0.html

AyrA

  • BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1261
  • Karma: +75/-7
  • bitmessage.ch and timeservice operator
    • View Profile
    • AyrAs Homepage
Re: Bitmessage with builtin SMTP/POP3 servers
« Reply #14 on: July 05, 2013, 03:07:27 AM »
Some things I noticed
  • SMTP Server does not has the "HELP" command available. Some E-mail applications and users who are debugging use this to determine the commands available.
  • You should kick users after too many invalid commands.
  • You must not close the connection if users try to send an E-mail if not authenticated. Use "relaying denied" on RCPT TO command instead. Possible Errors on MAIL FROM command can be found in the ESMTP rfc: http://tools.ietf.org/html/rfc1869 section 6.1
  • If you close the connection on MAIL FROM field, E-Mail clients cannot exactly determine the reason. Returning 5XX on RCPT TO tells the client, that the from address basically is valid and the server can relay but do not want to.
  • Using "AUTH PLAIN" kills the connection and the listening thread so I can't test it.
  • Also generally do not close the connection if errors appear and you are technically able to continue.
  • RSET does not works when unauthenticated.
I also just noticed, that you store the password unencrypted in keys.dat. You might want to use a hash instead.
My Address: BM-Bc7Rspa4zxAPy9PK26vmcyoovftipStp
Bitmessage Time Service (Subscribe): BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash
Support the Multipart Message Declaration Draft for Bitmessage: https://bitmessage.org/forum/index.php/topic,1553.0.html
Free Bitmessage to E-Mail Gateway: https://bitmessage.ch