Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protonmail-bridge is unusable from the public internet #66

Closed
moozhub opened this issue Aug 10, 2020 · 4 comments
Closed

Protonmail-bridge is unusable from the public internet #66

moozhub opened this issue Aug 10, 2020 · 4 comments
Labels
wontfix This will not be worked on

Comments

@moozhub
Copy link

moozhub commented Aug 10, 2020

Protonmail-bridge will only bind to 127.0.0.1, which will only accept connections from localhost and not ideal for setting up accounts on other clients either on your local network or from the public internet. I've successfully connected from the public internet using a TCP binding tool like socat which will forward connections from a bound internal IP to 127.0.0.1 and was able to browse my email without issues, but this isn't exactly a practical setup. Are there any plans to allow the bridge to be configured to listen on specific internal IP addresses or interfaces?
@horejsek
Copy link
Member

Hi. Binding on localhost only is actually intended behaviour. Allowing bridge to listen to any interface is dangerous as if your bridge password would be leaked, anyone would be able to read your messages. We don't want to ship Bridge with listening to any interface nor we want to provide option to change it. Savvy users can use socat like you did to make it work and such user would also know what they are doing and can know what else to setup to make the connection to the Bridge secure enough.

@horejsek horejsek added the wontfix This will not be worked on label Aug 11, 2020
@bartbutler
Copy link

That said, we do want to make a headless bridge at some point to be able to act as an SMTP/IMAP gateway for integrations. It will not be a consumer GUI app though and there is no timeline.

@deslee
Copy link

deslee commented Nov 28, 2021

My use case is to run proton-bridge on my internal private network which is inaccessible from the internet. I acknowledge that it's not as secure. That said, it's pretty easy to change the bind address and rebuild for those who are interested: https://github.com/deslee/proton-bridge/commit/1eb07d21aff97e8f88bca821108f53c35a49c9c8

@DiarmuidKelly DiarmuidKelly mentioned this issue May 5, 2022
Closed
@Noah-Huppert
Copy link

For anyone else who arrived here from the PR:

I was trying to migrate off ProtonMail and found the lack of an externally accessible IMAP server to be a source of lock in¹. Preventing me from using the readily available migration service that Google Workspace provides for pulling emails from your old provider into your new accounts.

I followed the theme of the PR and produced the following resources and instruction to temporarily run ProtonMail Bridge in a publically accessible manner so Google Workspaces data migration tool can be used: https://github.com/Noah-Huppert/funkyboy.zone/tree/40d392b56ed9b7160dd44563a18ce71eb6f7c9cc/kubernetes/base/protonmail-bridge

¹Although ProtonMail provides your emails as .eml files Google Workspaces doesn't natively support importing these files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@horejsek @Noah-Huppert @deslee @bartbutler @moozhub