OmniMix • Tutorial • Configuration • Client • Thunderbird

Before you start configuring Thunderbird make sure OmniMix works correctly!

You'll be shown how to transfer information about the targeted external POP3 server from the client software to the OmniMix proxy server during the login process. To accept these data, which are appended to the username, in OmniMix the Extended Username Syntax ('Server' > 'Mail Rcv (POP3)' > 'Ext.S.') has to be activated.

The Body Header capability, another method to configure OmniMix parameters remotely, is discussed at the end of this chapter. It may be useful, as Thunderbird still lacks appropriate support for custom headers.

Important note:

The Mozilla Thunderbird client shows a well-intentioned though very dangerous behaviour called 'DNS Prefetching'. If mail comes with an external link Thunderbird tries in advance of any user action to look up the given domain's IP address with the intention of reacting faster later on in case the link is followed. Now imagine an adversary creating a mail message that contains a link with a unique domain name she controls herself (like 'picture1@xa89dbsdb30rh5md.adversary.com' and sending it to a nym account that has to be compromised. When Thunderbird gets hold of this message it tries to translate the domain name into its IP address by contacting the adversary's DNS server and by doing so reveals the IP address of the nym holder.

Thus it's vital to deactivate DNS prefetching. Within Thunderbird open the 'about:config' window (menu 'Tools' > 'Options ...', tab 'Advanced' > 'General', button 'Config Editor ...'), search for the preference name 'network.dns.disablePrefetch', if not present select 'New' > 'Boolean' from the context menu and create it, then set its value to 'True'. Being there, for good measure also deactivate 'network.prefetch-next' by setting it to 'False', though, according to the documentation, it only applies to the webbrowser. Now close the Config Editor window.

Even better, consider to block Thunderbird completely from accessing the Internet and route all its traffic locally through the OmniMix proxy servers.

When you're out and about you may be interested in contacting your OmniMix proxy at home through one of its Hidden Services. To do so apart from Thunderbird you need Tor running on your device. To activate Tor routing open Thunderbird's 'Options' window, click 'Advanced', then select the 'Network & Disk Space' tab and click the button to open the 'Connection Settings' window. Being there select 'Manual Proxy Configuration', 'SOCKS v5', for 'SOCKS Host' enter 'localhost' or '127.0.0.1', and for 'Port' your Tor instance's SOCKS port number, usually '9050'. As Thunderbird isn't capable of switching DNS resolution accordingly you then have to enter the Configuration Editor and set the 'network.proxy.socks_remote_dns' parameter to 'True'. Otherwise, when you try to connect with a Hidden Service, Thunderbird sends its .onion address without any protection directly to a name server passing by Tor and thereby leaking that crucial information! Now Thunderbird accepts .onion addresses in mail and news account configurations. Unfortunately with Thunderbird's global SOCKS selection you can't use accounts differing in Tor routing simultaneously. Just another reason to put OmniMix between Thunderbird and your mail and Usenet server and configure connections individually with its Extended Username Syntax.

For varying message processing individually you can send configuration parameters along with your message. Do this either by adding control headers like 'O-Anon-Send: Yes' at their regular location, or, in case that's not supported by your client, go the 'Body Header' way by adding them on top of your message body, separating that block from your real message by a blank line:

####_Extended_Header_Section_####
O-Anon-Send: Yes
O-Anon-From: Ori
O-Remailer-Chain: 0 0 0 paranoia
O-Remailer-Copies: 6-8

Be aware, that this Body Header feature, which is only a poor substitute for true header switches, isn't activated by default. You find a checkbox for it at the 'Body Header' section of the 'Header' > 'Diverse' tab.

Make sure to select text-only mode for messages, which contain a Body Header section, as OmniMix fails to extract these additional data from multi-part messages including HTML mail or mail containing attachments.