TL;DR
SMTP Tunnel is an open-source proxy that hides SOCKS5 traffic inside what looks like SMTP email sessions to evade deep packet inspection. It runs a Python server on a VPS (port 587) and provides client packages that expose a local SOCKS5 endpoint for applications.
What happened
A project named SMTP Tunnel provides a covert tunneling tool that presents SOCKS5 proxy traffic as SMTP sessions to avoid detection by DPI appliances. The system performs an initial SMTP-like handshake that mimics common mail servers (Postfix), upgrades to TLS via STARTTLS, then switches to a compact binary streaming protocol to carry SOCKS5 connections with minimal overhead. The server is designed to run on a Linux VPS with Python 3.8+ and listens on port 587; clients are available for Windows, macOS and Linux and are distributed as auto-generated ZIP packages per user. Administrators can add users, issue per-user secrets, enforce IP whitelists, enable logging options, and update the server with a provided updater that preserves configuration and certificates. The project includes an installer script, configuration references, troubleshooting tips and a TECHNICAL.md for protocol details.
Why it matters
- Conceals proxy traffic as ordinary SMTP sessions to complicate DPI-based blocking or filtering.
- Provides a standard SOCKS5 interface so existing applications can route traffic without protocol changes.
- Uses TLS (STARTTLS then TLS 1.2+) to encrypt traffic, reducing visibility into payload contents.
- Per-user secrets and IP whitelists let administrators apply access controls and auditing.
Key facts
- Server is Python-based and intended to run on a Linux VPS with Python 3.8+.
- Default listening port is 587 and the client expects a domain name for TLS certificate verification.
- Initial handshake imitates real SMTP servers (Postfix) and then negotiates STARTTLS; after TLS the tunnel switches to a binary streaming protocol.
- Authentication uses per-user pre-shared keys with HMAC-SHA256.
- Exposes a local SOCKS5 proxy (default 127.0.0.1:1080) so any application that supports SOCKS5 can use the tunnel.
- Supports multiplexing multiple connections over a single tunnel and automatic client reconnection on loss.
- Admins can generate client ZIP packages per user, and manage users with supplied command-line utilities (add/del/list).
- Installer is provided as a one-liner script that generates TLS certificates, configures the service and starts a systemd unit.
- Configuration and user data are stored under /etc/smtp-tunnel/ and application files under /opt/smtp-tunnel/ after installation.
What to watch next
- Review the repository TECHNICAL.md for protocol and security analysis (available in the project).
- Monitor the project's update mechanism (smtp-tunnel-update) which preserves config, certificates and users during upgrades.
- Potential detection or blocking by network operators is not confirmed in the source
Quick glossary
- SMTP: Simple Mail Transfer Protocol, the standard protocol for sending email between servers.
- DPI: Deep Packet Inspection, a network analysis technique that examines packet payloads to classify or block traffic.
- SOCKS5: A proxy protocol that relays TCP connections and can handle authentication and DNS through the proxy.
- STARTTLS: A command used to upgrade an existing plaintext connection to a secure TLS-encrypted channel.
- TLS: Transport Layer Security, a cryptographic protocol designed to provide communication privacy and integrity.
Reader FAQ
Which port does the server use by default?
The default server port is 587.
Is traffic encrypted?
Yes. The project upgrades to TLS via STARTTLS and uses TLS 1.2+ for encryption.
Can multiple users share the server?
Yes. The server supports multiple users with per-user secrets, optional IP whitelists and logging settings.
How do I install the server?
The repository provides a one-liner installer script (curl | bash) that downloads components, generates certificates, configures the service and starts it.
Is the legal or operational impact of deploying this tool discussed?
not confirmed in the source
π§ SMTP Tunnel Proxy A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls. βββββββββββββββ βββββββββββββββ βββββββββββββββ ββββββββββββββββ β Application βββββββΆβ…
Sources
Related posts
- Vietnam moves to ban unskippable ads with 5-second skip rule in decree
- JS Analyzer β Burp Suite extension for static JavaScript security analysis
- Windows Update Failure Likely Bricked Snapdragon Dev Kit, Owner Says