1. Forum
  2. USENET
  3. alt.privacy

  • [Linux - oniux and netcat] anon email without headers

    From Mini Mailer@bounce.me@mini.mailer.msg to alt.privacy.anon-server,alt.privacy on Wed Jul 30 10:08:10 2025
    From Newsgroup: alt.privacy

    Hi all,

    I have uploaded the latest oniux binary v0.6.0 at:

    https://github.com/Ch1ffr3punk/oniux

    with that and netcat, it is very easy to send anonymous emails
    to onion email addresses, which are histed with an smtpdump(+)
    server.

    Example message with netcat usage:

    $ oniux nc yeffqiea4xtcu6woyab6z6bz4oehisfuzgtmk4e277bydq25p7nha7ad.onion 2525 < m sg.txt
    220 bob SMTPDump ESMTP Service ready
    250-bob greets x
    250-SIZE 1048576
    250-STARTTLS
    250-AUTH CRAM-MD5
    250 ENHANCEDSTATUSCODES
    250 2.1.0 Ok
    250 2.1.5 Ok
    354 Start mail input; end with <CR><LF>.<CR><LF>
    250 2.0.0 Ok: queued
    221 2.0.0 bob SMTPDump ESMTP Service closing transmission channel

    The encrypted message, without any headers:

    EHLO x
    MAIL FROM: <x@x.org>
    RCPT TO: <pollux@yeffqiea4xtcu6woyab6z6bz4oehisfuzgtmk4e277bydq25p7nha7ad.onion>
    DATA

    2SzjXMFo4L+jEOfCoIkdPiGMUZnHvHZ8wbq43HLLqjAwor4bVDyFkIP9Bf7Fwfjq lXC2HwD0eTiYLFHlt5D71+NTb+X9/NLPAoXD90kQyHGX97SPK5QE116qtmqRiItw
    [...]
    RYKbf08KSLDU5OLAPFfn91Y+htzSz1iMRPPYCvy6tHZq2rtyh/q8vCbih0lb7XIi g32NVRiJMzjmlVrWPAXnPfOpOXiV3/J+6XtV1VHlZFmjNOn9pV4vMr6G1kxHIPBd ZLrhRjq0AQxsYErTxc3SC5WbypaFH6WwAV/uY/UwVxWydThogdldBA==

    .
    QUIT

    Please note, the email must use CRLF to be RFC compliant and to
    be accepted by smtpdump(+)

    The received message under Windows looks like this:

    C:\Users\xxxxxxxxxxxxxx\Desktop>oget
    Successfully processed: kvnye1dc.eml

    Received: from x (localhost [127.0.0.1])
    by bob (SMTPDump) with SMTP
    for <pollux@yeffqiea4xtcu6woyab6z6bz4oehisfuzgtmk4e277bydq25p7nha7ad.onion>; Wed, 30 Jul 2025 09:48:50 +0000 (UTC)

    2SzjXMFo4L+jEOfCoIkdPiGMUZnHvHZ8wbq43HLLqjAwor4bVDyFkIP9Bf7Fwfjq lXC2HwD0eTiYLFHlt5D71+NTb+X9/NLPAoXD90kQyHGX97SPK5QE116qtmqRiItw
    [...]
    RYKbf08KSLDU5OLAPFfn91Y+htzSz1iMRPPYCvy6tHZq2rtyh/q8vCbih0lb7XIi g32NVRiJMzjmlVrWPAXnPfOpOXiV3/J+6XtV1VHlZFmjNOn9pV4vMr6G1kxHIPBd ZLrhRjq0AQxsYErTxc3SC5WbypaFH6WwAV/uY/UwVxWydThogdldBA==

    That way, should the receiving parties computer been compromised,
    while decrypting offline, the attacker only sees this format and
    not from where it originated. The sending party could also use a
    pluto smtp relay, so in case the PC is compromised as well, the
    attacker would only see the encrypted ORB and encrypted message.

    Regards
    Stefan
    --
    ----Ed25519 Signature---- 43dcc9f31f42d474a8b9cd05b91f68f7e0ec9965ad717ec6a63aa3720e6793c8 a29ce47a4a4b32d3eda5ebaaa8b25126a412891f390c8e68a90b479ffaddf607 c0ffee5a36e581eb10f60b2831b3cdb955d2e7ef680dd282a8d43ad8b84b357a

    --- Synchronet 3.21a-Linux NewsLink 1.2