All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

SMTP Tunnel Proxy: Covert Networking Tool That Disguises TCP Traffic as Email to Bypass DPI Firewalls

By

lobito25

4mo ago· 6 min readenCode
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Front-window bakery material. Catches the eye, delivers the goods.

Score100Typehow-toSentimentneutral

Summary

SMTP Tunnel Proxy is a covert networking tool that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls. It features TLS encryption, DPI evasion by mimicking real SMTP servers like Postfix, high-speed binary streaming with minimal overhead, multi-user support with per-user secrets and IP whitelists, authentication via pre-shared keys with HMAC-SHA256, and a standard SOCKS5 proxy interface.

Key quotes

· 5 pulled
A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls.
All traffic encrypted with TLS 1.2+ after STARTTLS
Initial handshake mimics real SMTP servers (Postfix)
Binary streaming protocol after handshake - minimal overhead
Per-user pre-shared keys with HMAC-SHA256
Snippet from the RSS feed
A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls. - x011/smtp-tunnel-proxy

You might also wanna read

North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package

A malicious obfuscated JavaScript payload was discovered appended to tailwind.js in the Packagist development version dev-drewroberts/featur

socket.dev·10h ago

Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware

Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta

microsoft.com·23h ago

npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads

An npm package called "mouse5212-super-formatter" targeting Claude users acted as information-stealing malware, reaching 676 downloads befor

theregister.com·2d ago

Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

A single npm user published 14 malicious packages over four hours, impersonating popular OpenSearch, Elasticsearch, DevOps, and environment-

briefly.co·2d ago

BGP Lab Project Expanded to Include Full IPv6 Feed

The author extends their BGP lab project to support full IPv6 feeds, following requests from readers who previously received IPv4 BGP feeds.

lukasz.bromirski.net·2d ago

Extending Wazuh Detection with Clickdetect, OpenSearch PPL, and Sigma Rules

This blog post by "souzo" introduces clickdetect, a repository/tool designed to extend Wazuh's detection capabilities by integrating with Op

infosecwriteups.com·3d ago