Use the mailbox gateway exit node
Supporting anonymous internet usage
To support the anonymous use of the internet and, in particular, to protect our customers against data retention, we operate our own Tor exit node in our data center.
This Tor node is designed to provide the highest possible security for users of the Tor anonymization service (“The Onion Routing”) among our customers.
Figure 1: Relay Search mailbox.
In recent years, there have been repeated reports of compromised Tor exit nodes attempting man-in-the-middle attacks on HTTPS connections using fake SSL certificates (e.g. 2013: attack when accessing Wikipedia, attack on IMAPS connections, etc.).
To ensure that such attacks cannot be carried out against users of our services, we enable Tor users to:
- configure our Tor node as an exit node for accessing mailbox (by adding a “MapAddress” entry in the Tor configuration), or
- use our Tor hidden service xy5d2mmnh6zjnroce4yk7njlkyafi7tkrameybxu43rgsg5ywhnelmad.onion (v3) to access SMTP, POP3, IMAP, or XMPP servers.
1. Adjusting the Tor daemon configuration (MapAddress)
Advantages
You can instruct the Tor daemon to always use the Tor exit node provided by us (in our data center) to access our services.
This combination of mailbox and Tor is the best (and safest) way to use our services.
With this solution, you can use mailbox without the onion hostname; you will not encounter SSL validation issues and can also use mailbox Office in the web client as usual.
Implementation
Open the configuration file torrc with an editor of your choice (see also: Tor FAQ).
If you are using the Tor Browser Bundle, you must have started the Tor Browser at least once beforehand.
Then, in your Tor installation directory, open the file Browser/TorBrowser/Data/Tor/torrc with a text editor and add the following entries (for mailbox and all subdomains) at the end of the file:
MapAddress mailbox.org mailbox.org.85D4088148B1A6954C9BFFFCA010E85E0AA88FF0.exit
MapAddress *.mailbox.org *.mailbox.org.85D4088148B1A6954C9BFFFCA010E85E0AA88FF0.exit
These entries ensure that your data traffic is routed through the Tor network to our data center and directly reaches our servers there.
In a broad sense, this can be compared to a kind of VPN connection directly to the mailbox server.
If everything is configured correctly, you should see the IP address 80.241.60.207 as the final hop when you click the information icon next to the address bar after visiting mailbox in the Tor Browser.
Figure 2: When you click the information icon next to the address bar in the Tor Browser after opening mailbox, you will see detailed connection information.
2. Using the Tor hidden service
We offer a Tor hidden service for both our mail service and for accessing our Jabber/XMPP server at the address xy5d2mmnh6zjnroce4yk7njlkyafi7tkrameybxu43rgsg5ywhnelmad.onion (v3).
Access to the web client via this address is NOT possible.
To use this hidden service for SMTP or IMAP/POP3 connections in Thunderbird, you do not need to make any changes to the Tor daemon configuration.
In your Jabber/XMPP client, you can configure our Tor hidden service as the connection server.
You will usually find this option in the advanced settings of your configured account.
Example: Using the Gajim Messenger with a Tor v3 address
Note: When using this hidden service for the first time, you will receive an SSL error during the connection process because the certificate for transport encryption is issued for the domain mailbox (and not kqiafglit242fygz.onion). In this case, you must verify the validity of the SSL certificate yourself.
For more information on configuring the Tor Browser with mailbox, please refer to this article:
https://kb.mailbox.org/en/private/security-privacy/configure-the-tor-browser
