The major advantage of remailer networks is unpredictable latency at each server of the delivery chain, which renders
correlation attacks useless, an important contribution to its extremely reliable resistance against all kinds of attacks.
But that latency may be intolerable with time-critical missions, where also the feedback of a successful transaction is
mandatory, which remailers can't provide as well.
That's where direct e-mail communication between sender and recipient through the Tor network may be a viable solution.
It gives you hidden end-to-end encrypted data transfers in realtime e.g. between OmniMix installations, which are connected
by a circuit of up to 9 anonymizing Tor nodes, without the need of an additional external mail server.
Like anonymous remailing through the Mixmaster and Yamn network OrMail integrates seamlessly into your mail management
infrastructure. Use your standard mail client, which may already be configured to route all traffic through OmniMix, and,
based on an OrMail recipients list within OmniMix, matching mail is delivered directly through the Tor network and the
destination's Tor Hidden Service to its SMTP server. You only have to know the recipient's .onion address and the port
number that service uses. From there the recipient's mail client downloads stored messages with a POP3 command. Similar
to its nym account management OmniMix supports multiuser environments with OrMail as well, as for each user multiple
mail recipient ('To: header') patterns can be defined. Furthermore you're not restricted in the number of separate Tor
Hidden Services and thereby identities usable for different tasks.
At first make sure that at the TorPlus > Server tab the OrMail SMTP server is activated and running, indicated by a white
background of the 'Port' field. If it remains grey even after a restart of the OmniMix servers there may be a port
conflict with that number already being occupied by another server, so try a different one.
Then go to the TorPlus > HSvcs tab to set up such a Hidden Service for incoming OrMail by clicking the '+' button to add a
new item.
Create a new folder, where Tor deploys Hidden Service data like the .onion address it computes at a later restart. Then
enter a random external port number at 'Port Ext'. Better don't use a standard port, which is easier to detect by an
adversary. Set 'Int Address' to '127.0.0' for the local computer as the device where the OrMail SMTP server resides, and
enter its port number into the 'Port Int' field.
With a restart of the OmniMix servers and Tor the system is ready to receive OrMail messages. That's when the Hidden
Service's .onion address is created and gets visible at the AddrExt column of the Hidden Service table. A click on the
'*' button of the Hidden Services list now copies the complete OrMail address looking like
'ormail2q4v4tsqtqludlts4cbmk5y5u2d74x6aus7tol642uxi2qh3yd.onion:54321' into the clipboard ready to be sent to your
communication partner(s).
Now go to the 'User' Accounts tab, select your own user item (e.g. the 'OmniMix'/'omnimix' entry) and, for testing purposes,
add a '^.*$' item, a
regular expression
term for all possible addresses, to the 'OrMail Addresses' list. Don't forget to set a check mark to activate that entry.
At the 'MailP' POP3 client tab you finally have to activate OrMail polling ('optional' or 'mandatory') with POP3 downloads
by mail clients.
That's it at the receiving end. Now to the easier task at the sender.
Presuming that Tor is already running you first have to go to the Services > OrMail tab, click the '+' button to add an item
and define the OrMail recipient who gave you his Hidden Service .onion address with the associated port number by entering
them at 'HS Address' and 'Port'. Select SSL/TLS 'enabled', as you can expect the OmniMix SMTP server at the destination to
support that data encryption method.
Then at 'Local Address' enter a (short) unique describing term that you use as the recipient's address in your mail client,
and at 'External Address' the true address, by which your local term is overwritten before OmniMix forwards your message.
The name part outside the angle brackets isn't altered by OmniMix.
Caution: Never use potential real world mail addresses as local OrMail alias addresses, as for security reasons even mail
messages that match a deactivated list entry are blocked.
After closing that window check the activation box above the OrMail Recipients list.
Finally, back at the 'User' tab, activate that OrMail address at the 'OrMail Recipients' list for your account as shown in
the picture above to make it available. Keep in mind that if OmniMix recognizes an OrMail recipient term, which isn't
unlocked for the respective user, the transmission of that message is aborted to avoid the leakage of information.
