I recently signed up for a PIA VPN – which is great – I added a second router to my network and end created a subnet, and configured the router to connect solely to PIA VPN.
It means that any PC/Laptop/Device attached to that router – by wire or via wireless has a degree of anonymity on the net, this is great for surfing, but for an email less so, why ? you ask.
As soon as I fired up Thunderbird it started to connect to my email providers (gmail) and was blocked, at the same time , I received emails to my other devices advising that my email may be compromised as someone had attempted to sign on in a different location to my other signons.. it was a PITA to sort as you have to confirm via multi-factor that it was indeed a legitimate logon.
So as I have a small network , I looked for various solutions to allow me to continue using Thunderbird while not causing teh alerts from gmail.
At first I spent a day setting up a nginx webserver to run roundcube on a remote machine on my network, this proved to not be suitable as I have more than one imap based email provider and more that 1 account with each of them .
So I started to look at proxy’s , long story short I selected TinyProxy which in Archlinux is started via systemd and has a simple-ish configuration file , located at /etc/tinyproxy.
my final configuration file looks like this
changes from defaults are commented User tinyproxy Group tinyproxy Port 8080 # <em><< the port that tinyproxy listens on</em> Listen 192.168.1.101 <em>#<< the address that is assigned to tinyproxy' physical interface</em> Timeout 600 DefaultErrorFile "/usr/share/tinyproxy/default.html" StatFile "/usr/share/tinyproxy/stats.html" Syslog On LogLevel Info PidFile "/var/run/tinyproxy/tinyproxy.pid" MaxClients 100 MinSpareServers 5 MaxSpareServers 20 StartServers 10 MaxRequestsPerChild 0 Allow 127.0.0.1 # client's network/subnet address Allow 192.168.1.201/24 Allow 192.168.1.0/24 Allow 192.168.2.0/24 Allow 192.168.2.100/24 ViaProxyName "tinyproxy" ConnectPort 443 # the port of SSL connections that are allowed ConnectPort 563 ConnectPort 587 ConnectPort 993 ConnectPort 465
You also need to add rules to your firewall to allow both tcp and upd traffic on port 8080, I use shorewall so added the following to /etc/shorewall/rules
ACCEPT net fw tcp 8080 - ACCEPT net fw udp 8080 -
and then restarted shorewall
now that the proxy is ready to be used , we can tell Thunderbird about it, to do this open up Preferences> Advanced >network & disk-space > connect. and configure a manual proxy for both HTTP ans SSL , leave SOCKS blank.
as the proxy on my network is on 192.168.1.101 and port 8080 , I just entered in that detail to the spaces as required.
so now I have a VPN’d machine , where the email client connects in the same locality as the rest of my devices
so far its working ok, I have had no warnings/alerts from gmail
Hope this helps someone somewhere