Starting a remailer
I need info on what's needed to operate a secure remailer out of an edu address. I'd appreciate anything about software, installation, maintenance, problems, etc... Thanks, Mo "We're all in it together." --Harry Tuttle
Mo Baxter wrote:
I need info on what's needed to operate a secure remailer out of an edu address. I'd appreciate anything about software, installation, maintenance, problems, etc...
If you are thinking of setting up a remailer on a general usage type unix shell account, then first find out if the usage policy allows you to run one (for example, remailer are forbidden here at Rice). Actually, I would recommend asking first, to head off future headaches, as I can think at least two other (former) remailers run at .edu sites that were forced to close. Other than that, try to find out if sendmail logs are kept, especially if they are world readable (this will reduce the security of the remailer, but you won't be able to anything about it anyway). The software is easily available, installation isn't hard (you have to install PGP as well). Maintenance isn't much unless you expirement around. I would recommend blocking anonymous mail to whitehouse.gov and other similar addresses. I don't know about problems; I never had any, but these days it seems more and more people are finding out about remailer, and with that comes abusers. John Perry had to shut down because of abuse, after withstanding the RC4 posting crisis. Be prepared for some hassles. Actually, I would recommend finding a remailer-friendly site like c2.org and setting up there. -- Karl L. Barrus: klbarrus@owlnet.rice.edu 2.3: 5AD633; D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5 E8 97 64 7E 20 95 60 D9 "One man's mnemonic is another man's cryptography" - K. Cooper
Ah but if you *really* want to run out of an .edu address, contact me about getting an alias in leri.edu.
Mo Baxter wrote:
I need info on what's needed to operate a secure remailer out of an edu address. I'd appreciate anything about software, installation, maintenance, problems, etc...
If you are thinking of setting up a remailer on a general usage type unix shell account, then first find out if the usage policy allows you to run one (for example, remailer are forbidden here at Rice). Actually, I would recommend asking first, to head off future headaches, as I can think at least two other (former) remailers run at .edu sites that were forced to close.
Other than that, try to find out if sendmail logs are kept, especially if they are world readable (this will reduce the security of the remailer, but you won't be able to anything about it anyway).
The software is easily available, installation isn't hard (you have to install PGP as well). Maintenance isn't much unless you expirement around. I would recommend blocking anonymous mail to whitehouse.gov and other similar addresses.
I don't know about problems; I never had any, but these days it seems more and more people are finding out about remailer, and with that comes abusers. John Perry had to shut down because of abuse, after withstanding the RC4 posting crisis. Be prepared for some hassles.
Actually, I would recommend finding a remailer-friendly site like c2.org and setting up there.
-- Karl L. Barrus: klbarrus@owlnet.rice.edu 2.3: 5AD633; D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5 E8 97 64 7E 20 95 60 D9 "One man's mnemonic is another man's cryptography" - K. Cooper
-- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer@c2.org
Hi! I'm going to be along to set up a remailer shortly. Two questions: Since I've only limited bucks but have certain needs, can I get a package deal on a remailer shell account and the MX service? What I'd like is to have all mail to xxxx@myname.com to be forwarded to my shell account no matter what xxxx is. Preserving the xxxx, though. Given the goal of limiting remailer liability, what about having them be anonymous? Instead of send you a check, send an unidentified money order. This would even allow ownership to change on a frequent basis without the system owner knowing who the current operator is. Thoughts? Comments? Offers to send cute girls? -- America - a country so rich and so strong we can reward the lazy and punish the productive and still survive (so far) Don Melvin storm@ssnet.com finger for PGP key.
Don Melvin writes:
Given the goal of limiting remailer liability, what about having them be anonymous? Instead of send you a check, send an unidentified money order. This would even allow ownership to change on a frequent basis without the system owner knowing who the current operator is.
Absolutely -- anonymity of the remailer _account holder_ is a central part of the "guerrilla remailer" concept AFA I'm concerned. Tim keeps reminding us that the distinction between the machine owner/ISP admin and the remailer operator can be crucial, for legal reasons (i.e. the ECPA). I think it may also be useful to push this distinction down a level, separating the _account owner_ from the _remailer operator_. I get the feeling that in many cases the folks willing/able to fund remailers aren't the same folks who are willing/ able to operate remailers. Hence it seems natural to have a collaboration between a remailer sponsor (person or group providing money to pay for an account or dedicated hardware) and a remailer operator (person or group providing time & technical skill to install, maintain, and upgrade the remailer). Of course the sponsor and operator could be anonymous from each other, and I suppose even the members of each group need not know each others' identities. c2.org allows anonymous account creation over the net, which is handy. If you're feeling lucky, you could send cash in the mail instead of a money order.... IMHO the tricky part is maintaining anonymity of the _operator_ over time. In a reasonably general model, an operator will need to access a remailer account across the net repeatedly, to recover from system crashes, install new versions of remailer software, etc. The nature of a telnet session doesn't lend itself to reordering, latency, or cover traffic AFAI can see. Perhaps the technique of sending encrypted shell scripts to an account for execution (inquired about here recently) could do the work. Anon-HTTP combined with WWW forms and some not-so-safe-TCL might offer more palatable real-time responsiveness. I've experimented a little with a protocol for handling complaint mail, in which a cron job (or equivalent) running on the remailer account greps the received non-remailing mail for complaint keywords, then encrypts the result and chain-remails it to the operator (or posts it to some well-propagated newsgroup).
Thoughts? Comments? Offers to send cute girls?
Please cc: me on the latter. Thanks. ;} -L. Futplex McCarthy, seeking a summer job/internship -- private mail for info
Two questions:
Since I've only limited bucks but have certain needs, can I get a package deal on a remailer shell account and the MX service? What I'd like is to have all mail to xxxx@myname.com to be forwarded to my shell account no matter what xxxx is. Preserving the xxxx, though.
If you are getting MX service forwarded to a local account that will cost you only $5/month. So everything you want would cost $15/month plus $40 startup for the domain.
Given the goal of limiting remailer liability, what about having them be anonymous? Instead of send you a check, send an unidentified money order. This would even allow ownership to change on a frequent basis without the system owner knowing who the current operator is.
Yes, Community ConneXion accepts unidentified payment for accounts. -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer@c2.org
participants (5)
-
Karl Lui Barrus -
L. McCarthy -
Mo Baxter -
sameer -
storm@marlin.ssnet.com