[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74225":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":15,"stars7d":15,"stars30d":17,"stars90d":16,"forks30d":16,"starsTrendScore":18,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":40,"readmeContent":41,"aiSummary":42,"trendingCount":16,"starSnapshotCount":16,"syncStatus":15,"lastSyncTime":43,"discoverSource":44},74225,"smtp-tunnel-proxy","x011\u002Fsmtp-tunnel-proxy","x011","A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls.","",null,"Python",1587,141,9,2,0,8,6,19.46,"GNU General Public License v3.0",false,"main",true,[25,26,27,28,29,30,31,32,33,34,35,36,37,38,39],"censorship-circumvention","censorship-resistance","covert-tunnel","deep-packet-inspection","encryption","evasion","network-security","proxy","python","smtp","socks5","socks5-proxy","socks5-server","tls","tunnel","2026-06-12 02:03:24","# 📧 SMTP Tunnel Proxy\n\n> **A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls.**\n\n```\n┌─────────────┐      ┌─────────────┐      ┌─────────────┐      ┌──────────────┐\n│ Application │─────▶│   Client    │─────▶│   Server    │─────▶│  Internet    │\n│  (Browser)  │ TCP  │ SOCKS5:1080 │ SMTP │  Port 587   │ TCP  │              │\n│             │◀─────│             │◀─────│             │◀─────│              │\n└─────────────┘      └─────────────┘      └─────────────┘      └──────────────┘\n                            │                    │\n                            │   Looks like       │\n                            │   Email Traffic    │\n                            ▼                    ▼\n                     ┌────────────────────────────────┐\n                     │     DPI Firewall               │\n                     │  ✅ Sees: Normal SMTP Session  │\n                     │  ❌ Cannot see: Tunnel Data    │\n                     └────────────────────────────────┘\n```\n\n---\n\n## 🎯 Features\n\n| Feature | Description |\n|---------|-------------|\n| 🔒 **TLS Encryption** | All traffic encrypted with TLS 1.2+ after STARTTLS |\n| 🎭 **DPI Evasion** | Initial handshake mimics real SMTP servers (Postfix) |\n| ⚡ **High Speed** | Binary streaming protocol after handshake - minimal overhead |\n| 👥 **Multi-User** | Per-user secrets, IP whitelists, and logging settings |\n| 🔑 **Authentication** | Per-user pre-shared keys with HMAC-SHA256 |\n| 🌐 **SOCKS5 Proxy** | Standard proxy interface - works with any application |\n| 📡 **Multiplexing** | Multiple connections over single tunnel |\n| 🛡️ **IP Whitelist** | Per-user access control by IP address\u002FCIDR |\n| 📦 **Easy Install** | One-liner server installation with systemd service |\n| 🎁 **Client Packages** | Auto-generated ZIP files for each user |\n| 🔄 **Auto-Reconnect** | Client automatically reconnects on connection loss |\n\n> 📚 For in-depth technical details, protocol specifications, and security analysis, see [TECHNICAL.md](TECHNICAL.md).\n\n---\n\n## ⚡ Quick Start\n\n### 📋 Prerequisites\n\n- **Server**: Linux VPS with Python 3.8+, port 587 open\n- **Client**: Windows\u002FmacOS\u002FLinux with Python 3.8+\n- **Domain name**: Required for TLS certificate verification (free options: [DuckDNS](https:\u002F\u002Fwww.duckdns.org), [No-IP](https:\u002F\u002Fwww.noip.com), [FreeDNS](https:\u002F\u002Ffreedns.afraid.org))\n\n---\n\n## 🚀 Server Setup (VPS)\n\n### Step 1️⃣: Get a Domain Name\n\nGet a free domain pointing to your VPS:\n- 🦆 **[DuckDNS](https:\u002F\u002Fwww.duckdns.org)** - Recommended, simple and free\n- 🌐 **[No-IP](https:\u002F\u002Fwww.noip.com)** - Free tier available\n- 🆓 **[FreeDNS](https:\u002F\u002Ffreedns.afraid.org)** - Many domain options\n\nExample: `myserver.duckdns.org` → `203.0.113.50` (your VPS IP)\n\n### Step 2️⃣: Run the Installer\n\n```bash\ncurl -sSL https:\u002F\u002Fraw.githubusercontent.com\u002Fx011\u002Fsmtp-tunnel-proxy\u002Fmain\u002Finstall.sh | sudo bash\n```\n\nThe installer will:\n1. 📥 Download and install everything\n2. ❓ Ask for your domain name\n3. 🔐 Generate TLS certificates automatically\n4. 👤 Offer to create your first user\n5. 🔥 Configure firewall\n6. 🚀 Start the service\n\n**That's it!** Your server is ready.\n\n### ➕ Add More Users Later\n\n```bash\nsmtp-tunnel-adduser bob      # Add user + generate client ZIP\nsmtp-tunnel-listusers        # List all users\nsmtp-tunnel-deluser bob      # Remove a user\n```\n\n### 🔄 Update Server\n\n```bash\nsmtp-tunnel-update           # Updates code, preserves config\u002Fcerts\u002Fusers\n```\n\n---\n\n## 💻 Client Setup\n\n### Option A: Easy Way (Recommended)\n\n1. Get your `username.zip` file from the server admin\n2. Extract the ZIP file\n3. Run the launcher:\n\n| Platform | How to Run |\n|----------|------------|\n| 🪟 **Windows** | Double-click `start.bat` |\n| 🐧 **Linux** | Run `.\u002Fstart.sh` |\n| 🍎 **macOS** | Run `.\u002Fstart.sh` |\n\nThe launcher will automatically install dependencies and start the client.\n\n✅ You should see:\n```\nSMTP Tunnel Proxy Client\nUser: alice\n\n[INFO] Starting SMTP Tunnel...\n[INFO] SOCKS5 proxy will be available at 127.0.0.1:1080\n\nConnecting to myserver.duckdns.org:587\nConnected - binary mode active\nSOCKS5 proxy on 127.0.0.1:1080\n```\n\n### Option B: Manual Way\n\n```bash\ncd alice\npip install -r requirements.txt\npython client.py\n```\n\n### Option C: Custom Configuration\n\n```bash\n# Download files\nscp root@myserver.duckdns.org:\u002Fetc\u002Fsmtp-tunnel\u002Fca.crt .\n\n# Create config.yaml:\ncat > config.yaml \u003C\u003C EOF\nclient:\n  server_host: \"myserver.duckdns.org\"\n  server_port: 587\n  socks_port: 1080\n  username: \"alice\"\n  secret: \"your-secret-from-admin\"\n  ca_cert: \"ca.crt\"\nEOF\n\n# Run client\npython client.py -c config.yaml\n```\n\n---\n\n## 📖 Usage\n\n### 🌐 Configure Your Applications\n\nSet SOCKS5 proxy to: `127.0.0.1:1080`\n\n#### 🦊 Firefox\n1. Settings → Network Settings → Settings\n2. Manual proxy configuration\n3. SOCKS Host: `127.0.0.1`, Port: `1080`\n4. Select SOCKS v5\n5. ✅ Check \"Proxy DNS when using SOCKS v5\"\n\n#### 🌐 Chrome\n1. Install \"Proxy SwitchyOmega\" extension\n2. Create profile with SOCKS5: `127.0.0.1:1080`\n\n#### 🪟 Windows (System-wide)\nSettings → Network & Internet → Proxy → Manual setup → `socks=127.0.0.1:1080`\n\n#### 🍎 macOS (System-wide)\nSystem Preferences → Network → Advanced → Proxies → SOCKS Proxy → `127.0.0.1:1080`\n\n#### 🐧 Linux (System-wide)\n```bash\nexport ALL_PROXY=socks5:\u002F\u002F127.0.0.1:1080\n```\n\n#### 💻 Command Line\n\n```bash\n# curl\ncurl -x socks5h:\u002F\u002F127.0.0.1:1080 https:\u002F\u002Fifconfig.me\n\n# git\ngit config --global http.proxy socks5:\u002F\u002F127.0.0.1:1080\n\n# Environment variable\nexport ALL_PROXY=socks5:\u002F\u002F127.0.0.1:1080\n```\n\n### ✅ Test Connection\n\n```bash\n# Should show your VPS IP\ncurl -x socks5:\u002F\u002F127.0.0.1:1080 https:\u002F\u002Fifconfig.me\n```\n\n---\n\n## ⚙️ Configuration Reference\n\n### 🖥️ Server Options (`config.yaml`)\n\n| Option | Description | Default |\n|--------|-------------|---------|\n| `host` | Listen interface | `0.0.0.0` |\n| `port` | Listen port | `587` |\n| `hostname` | SMTP hostname (must match certificate) | `mail.example.com` |\n| `cert_file` | TLS certificate path | `server.crt` |\n| `key_file` | TLS private key path | `server.key` |\n| `users_file` | Path to users configuration | `users.yaml` |\n| `log_users` | Global logging setting | `true` |\n\n### 👥 User Options (`users.yaml`)\n\nEach user can have individual settings:\n\n```yaml\nusers:\n  alice:\n    secret: \"auto-generated-secret\"\n    # whitelist:              # Optional: restrict to specific IPs\n    #   - \"192.168.1.100\"\n    #   - \"10.0.0.0\u002F8\"        # CIDR notation supported\n    # logging: true           # Optional: disable to stop logging this user\n\n  bob:\n    secret: \"another-secret\"\n    whitelist:\n      - \"203.0.113.50\"        # Bob can only connect from this IP\n    logging: false            # Don't log Bob's activity\n```\n\n| Option | Description | Default |\n|--------|-------------|---------|\n| `secret` | User's authentication secret | Required |\n| `whitelist` | Allowed IPs for this user (CIDR supported) | All IPs |\n| `logging` | Enable activity logging for this user | `true` |\n\n### 💻 Client Options\n\n| Option | Description | Default |\n|--------|-------------|---------|\n| `server_host` | Server domain name | Required |\n| `server_port` | Server port | `587` |\n| `socks_port` | Local SOCKS5 port | `1080` |\n| `socks_host` | Local SOCKS5 interface | `127.0.0.1` |\n| `username` | Your username | Required |\n| `secret` | Your authentication secret | Required |\n| `ca_cert` | CA certificate for verification | Recommended |\n\n---\n\n## 📋 Service Management\n\n```bash\n# Check status\nsudo systemctl status smtp-tunnel\n\n# Restart after config changes\nsudo systemctl restart smtp-tunnel\n\n# View logs\nsudo journalctl -u smtp-tunnel -n 100\n\n# Uninstall\nsudo \u002Fopt\u002Fsmtp-tunnel\u002Funinstall.sh\n```\n\n---\n\n## 🔧 Command Line Options\n\n### 🖥️ Server\n```bash\npython server.py [-c CONFIG] [-d]\n\n  -c, --config    Config file (default: config.yaml)\n  -d, --debug     Enable debug logging\n```\n\n### 💻 Client\n```bash\npython client.py [-c CONFIG] [--server HOST] [--server-port PORT]\n                 [-p SOCKS_PORT] [-u USERNAME] [-s SECRET] [--ca-cert FILE] [-d]\n\n  -c, --config      Config file (default: config.yaml)\n  --server          Override server domain\n  --server-port     Override server port\n  -p, --socks-port  Override local SOCKS port\n  -u, --username    Your username\n  -s, --secret      Override secret\n  --ca-cert         CA certificate path\n  -d, --debug       Enable debug logging\n```\n\n### 👥 User Management\n```bash\nsmtp-tunnel-adduser \u003Cusername> [-u USERS_FILE] [-c CONFIG] [--no-zip]\n    Add a new user and generate client package\n\nsmtp-tunnel-deluser \u003Cusername> [-u USERS_FILE] [-f]\n    Remove a user (use -f to skip confirmation)\n\nsmtp-tunnel-listusers [-u USERS_FILE] [-v]\n    List all users (use -v for detailed info)\n\nsmtp-tunnel-update\n    Update server to latest version (preserves config\u002Fcerts\u002Fusers)\n```\n\n---\n\n## 📁 File Structure\n\n```\nsmtp_proxy\u002F\n├── 📄 server.py               # Server (runs on VPS)\n├── 📄 client.py               # Client (runs locally)\n├── 📄 common.py               # Shared utilities\n├── 📄 generate_certs.py       # Certificate generator\n├── 📄 config.yaml             # Server\u002Fclient configuration\n├── 📄 users.yaml              # User database\n├── 📄 requirements.txt        # Python dependencies\n├── 📄 install.sh              # One-liner server installer\n├── 📄 smtp-tunnel.service     # Systemd unit file\n├── 🔧 smtp-tunnel-adduser     # Add user script\n├── 🔧 smtp-tunnel-deluser     # Remove user script\n├── 🔧 smtp-tunnel-listusers   # List users script\n├── 🔧 smtp-tunnel-update      # Update server script\n├── 📄 README.md               # This file\n└── 📄 TECHNICAL.md            # Technical documentation\n```\n\n### 📦 Installation Paths (after install.sh)\n\n```\n\u002Fopt\u002Fsmtp-tunnel\u002F              # Application files\n\u002Fetc\u002Fsmtp-tunnel\u002F              # Configuration files\n  ├── config.yaml\n  ├── users.yaml\n  ├── server.crt\n  ├── server.key\n  └── ca.crt\n\u002Fusr\u002Flocal\u002Fbin\u002F                # Management commands\n  ├── smtp-tunnel-adduser\n  ├── smtp-tunnel-deluser\n  ├── smtp-tunnel-listusers\n  └── smtp-tunnel-update\n```\n\n---\n\n## 🔧 Troubleshooting\n\n### ❌ \"Connection refused\"\n- Check server is running: `systemctl status smtp-tunnel` or `ps aux | grep server.py`\n- Check port is open: `netstat -tlnp | grep 587`\n- Check firewall: `ufw status`\n\n### ❌ \"Auth failed\"\n- Verify `username` and `secret` match in users.yaml\n- Check server time is accurate (within 5 minutes)\n- Run `smtp-tunnel-listusers -v` to verify user exists\n\n### ❌ \"IP not whitelisted\"\n- Check user's whitelist in users.yaml\n- Your current IP must match a whitelist entry\n- CIDR notation is supported (e.g., `10.0.0.0\u002F8`)\n\n### ❌ \"Certificate verify failed\"\n- Ensure you're using a domain name, not IP address\n- Verify `server_host` matches the certificate hostname\n- Ensure you have the correct `ca.crt` from the server\n\n### 🐛 Debug Mode\n\n```bash\n# Enable detailed logging\npython server.py -d\npython client.py -d\n\n# View systemd logs\njournalctl -u smtp-tunnel -f\n```\n\n---\n\n## 🔐 Security Notes\n\n- ✅ **Always use a domain name** for proper TLS verification\n- ✅ **Always use `ca_cert`** to prevent man-in-the-middle attacks\n- ✅ **Use `smtp-tunnel-adduser`** to generate strong secrets automatically\n- ✅ **Use per-user IP whitelists** if you know client IPs\n- ✅ **Protect `users.yaml`** - contains all user secrets (chmod 600)\n- ✅ **Disable logging** for sensitive users with `logging: false`\n\n> 📚 For detailed security analysis and threat model, see [TECHNICAL.md](TECHNICAL.md).\n\n---\n\n## 📄 License\n\nThis project is provided for educational and authorized use only. Use responsibly and in accordance with applicable laws.\n\n---\n\n## ⚠️ Disclaimer\n\nThis tool is designed for legitimate privacy and censorship circumvention purposes. Users are responsible for ensuring their use complies with applicable laws and regulations.\n\n---\n\n*Made with ❤️ for internet freedom*\n","该项目是一个高速隐蔽隧道，通过将TCP流量伪装成SMTP电子邮件通信来绕过深度包检测（DPI）防火墙。它使用TLS 1.2+加密所有数据，并在初始握手时模仿真实的SMTP服务器行为以逃避DPI检查。此外，支持多用户访问控制、基于HMAC-SHA256的认证机制以及SOCKS5代理接口，允许任何应用程序轻松接入。该工具还具备自动重连功能和简单的安装过程。适用于需要绕过网络审查或在受限制环境中保持通信安全的场景。","2026-06-11 03:49:34","high_star"]