Using the Tor exit node from mailbox
Use of Tor for Anonymous and Secure Access to mailbox
To support anonymous Internet usage and to protect our customers against data retention, we operate our own Tor exit node in our data center. This Tor node is intended to provide the highest possible level of security for users of the Tor anonymization service (“The Onion Routing”) among our customers.
In recent years, there have been repeated reports about compromised Tor exit nodes that attempted Man-in-the-Middle attacks on HTTPS connections using forged SSL certificates (e.g., 2013: Attack when accessing Wikipedia, Attack on IMAPS connections, ...).
To ensure that such attacks cannot be carried out against users of our services, we enable Tor users to either:
- configure our Tor node as the exit node for accessing mailbox (via a “MapAddress” entry in the Tor configuration) or
- use our Tor hidden service (xy5d2mmnh6zjnroce4yk7njlkyafi7tkrameybxu43rgsg5ywhnelmad.onion, v3) for accessing SMTP, POP3, IMAP, or XMPP servers.
1. Adjusting the Tor daemon configuration (MapAddress)
Advantages
You can instruct the Tor daemon to always use our Tor exit node (located in our data center) when accessing our services. This method of combining mailbox and Tor is the best and most secure option. With this solution, you can use mailbox without an Onion hostname; SSL validation issues do not occur, and you can also use mailbox Office in the web client as usual.
Implementation
Open the configuration file torrc with an editor of your choice (see also: Tor FAQ). If you are using the Tor Browser Bundle, make sure you have started the Tor Browser at least once before. Then open the file Browser/TorBrowser/Data/Tor/torrc in the Tor installation directory with a text editor and add the following entries (for mailbox and all subdomains) at the end of the file:
