New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for SOCKS proxy #980

Open
cketti opened this Issue Dec 28, 2015 · 15 comments

Comments

Projects
None yet
9 participants
@cketti
Copy link
Member

cketti commented Dec 28, 2015

  • Use proxy for IMAP connections
  • Use proxy for POP3 connections
  • Use proxy for WebDAV connections
  • Use proxy for SMTP connections
  • Use proxy when downloading remote content displayed in WebView
  • Use proxy when downloading remote images (long-press in WebView)
  • Add option to configure SOCKS proxy before setting up the first account

See also https://code.google.com/p/k9mail/issues/detail?id=2834

@0xPoly

This comment has been minimized.

Copy link

0xPoly commented Jan 2, 2016

Add option to configure SOCKS proxy before setting up the first account

One approach to this would be similar to the twitter app, which has an overflow menu on the account creation screen to that links to proxy settings.

@ghost

This comment has been minimized.

Copy link

ghost commented Jan 9, 2016

In proxy settings it'd be nice to have 2 sliders: Enable Tor and Enable proxy like OpenKeychain has. Orbots library allows other apps to start orbot aswell.

@ghost

This comment has been minimized.

Copy link

ghost commented Jan 9, 2016

(It's also probably a better Idea to route all traffic through the proxy/tor, This way you can deny internet access to k9mail in your firewall app which prevents exploits from leaking your real ip)

cketti added a commit that referenced this issue Mar 15, 2016

Disable SOCKS proxy support per feature flag
We don't want people to use this incomplete implementation believing the proxy
will be used for all their connections. This could have serious privacy
implications, e.g. when using Tor via SOCKS proxy.

See also #980

cketti added a commit that referenced this issue Mar 15, 2016

Disable SOCKS proxy support per feature flag
We don't want people to use this incomplete implementation believing the proxy
will be used for all their connections. This could have serious privacy
implications, e.g. when using Tor via SOCKS proxy.

See also #980
@philipwhiuk

This comment has been minimized.

Copy link
Member

philipwhiuk commented Mar 20, 2016

When #1181 and #1182 get merged it will mean that WebDAV should support using a proxy for a secure connection.

@philipwhiuk philipwhiuk referenced this issue Mar 20, 2016

Open

Add proxy support #704

0 of 4 tasks complete
@jonas-lundqvist

This comment has been minimized.

Copy link
Contributor

jonas-lundqvist commented Mar 21, 2016

I would like to propose that the proxy can be set on a per server basis.
Let's say we keep the global preference as it is and in each "Incoming server" and "Outgoing server" preferences we add a checkbox: "Use global proxy settings" that is checked by default. If the checkbox is unchecked a user can enter the hostname and port for that specific incoming or outgoing server.

@NHellFire

This comment has been minimized.

Copy link

NHellFire commented Apr 17, 2017

Use proxy when downloading remote content displayed in WebView
Use proxy when downloading remote images (long-press in WebView)

According to various questions on Stack Overflow (such as this), WebView does not support setting a proxy.
Maybe it'd be better to switch to GeckoView which does?
It may say not suitable for production use, but it should be fine for email content.

@philipwhiuk

This comment has been minimized.

Copy link
Member

philipwhiuk commented Apr 17, 2017

I think we'd be better off using https://guardianproject.info/code/netcipher/ with the added bonus that the library will play well with Orbot. It includes a WebViewProxy, OrbotHelper etc.

@NHellFire

This comment has been minimized.

Copy link

NHellFire commented May 7, 2017

That'd definitely be a much better choice since most would probably be using it with Orbot rather than another proxy.

@BoBeR182

This comment has been minimized.

Copy link

BoBeR182 commented Oct 12, 2017

What are the current roadblocks stopping adoption/development?

@philipwhiuk

This comment has been minimized.

Copy link
Member

philipwhiuk commented Oct 12, 2017

There's been multiple implementation of this - the latest being #2571

It needs rebasing, again ( :/ ) and then merging.

@cketti

This comment has been minimized.

Copy link
Member Author

cketti commented Oct 14, 2017

There's no roadblock. It mainly needs someone to implement the functionality mentioned in the first post. But it's a lot of work and needs to be done carefully because of the privacy implications when people start using the feature with Orbot.

But it's not a very important feature to many people and hence not a priority.

If someone wants to work on this feature please make sure to read this comment first: #2571 (comment)

@simplebit3

This comment has been minimized.

Copy link

simplebit3 commented Nov 18, 2018

On the contrary @cketti , this is a VERY important privacy feature. But there is another easier way that this could work, without implementing network proxies inside k9mail.

Firstly, to use k9-mail through orbot you need to use AFwall. Its a must. why? because you can force all connections to go through VPN tap adaptor in AFWall settings.

Then you have to configure orbot to be used as a VPN -> switch to VPN-Mode. Then you need to allow the apps you want to pass through orbot, in this case k9-mail.
Once you connect orbot to the network, AFwall forces all connections through to orbot VPN.

Now the only thing that SHOULD be implemented in k9-mail, is account-related VPN toggle switches.
Which means that, say for example you have set up an email account. You want to long press the account and see a setting called Switch VPN adapter. Choose from which VPN this account will pass through permanently so that there are never any leaks (even though AFWall protects against leaks anyway).
This switch would have 3 options. Choose Orbot VPN, Choose OpenVPN Connect and OFF(to use normal traffic)

Basically this switch would read from the same options thats inside the android settings > VPN (under lineageOS atleast) thats where it shows Orbot VPN & OpenVPN Connect(if you have it).

I think account-separated VPN toggle switch would insure that your email account passes through the correct tap adapter.

Can anyone concur?

@ygrek

This comment has been minimized.

Copy link

ygrek commented Nov 19, 2018

One more usecase : gmail usually blocks access for me when retrieving mail from new country - this is quite annoying when travelling. I solve this on desktop by proxying through my server and it would be awesome to have same soluiton on android. So for this usecase only support for POP/IMAP/SMTP connections is required. Maybe this is easier milestone to reach.

This was referenced Jan 17, 2019

@mirsamantajbakhsh

This comment has been minimized.

Copy link

mirsamantajbakhsh commented Jan 31, 2019

Check my commit.

SOCKS proxy support added
#3889

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment