Hi all, I am releasing premail, a remailer chaining and PGP encrypting mail client, to the Net. If you are interested in using the cypherpunks remailers, but are intimidated by them or simply find them too hard to use, then this software can help. Premail will also PGP-encrypt and optionally sign outgoing mail. The README file is attached. Please check it out and let me know how you like it. Raph Levien ----------------------------------------------------------------------- README file for premail v. 0.20 27 Aug 1994 -- Raph Levien <raph@cs.berkeley.edu> Premail is a mail client for Unix workstations, supporting PGP encryption and anonymous remailers. It can be used either stand-alone or as a layer under your favorite user mail client. Premail has been designed to be as simple and transparent as possible. Features include: * Chaining of messages for cypherpunk remailers. * Automatic selection of reliable remailers. * PGP encryption and signing. * Online and offline operation. Premail is designed to masquerade as sendmail. It accepts mail in the same way, and takes the the same options, and providing additional header fields for its privacy features. Thus, if you can get your mail client to pass the mail to premail rather than sendmail, then you gain the use of the privacy features without changing the way you send mail. In the interest of simplicity, premail only handles outgoing mail. It does not handle incoming mail, or PGP decryption. Installation ------------ This section explains how to set up premail for basic operation, without PGP encryption. Use of PGP encryption is highly encouraged, and is covered in a later section, as are configuration and advanced features. This section assumes that your machine is connected to the net when you run premail. It is capable of offline operation as well, as discussed in a later section. 1. Get the source. Given that you are reading this file, you may have already done this; if so, go to step 3. The latest version of premail is available at: ftp://kiwi.cs.berkeley.edu/pub/raph/premail-0.20.tar.gz 2. Unpack it. To do this, run: gzip -dc premail.tar.gz | tar xvf - 3. See if you can run it. First, do "cd premail", then "./premail" (without the "" marks in both cases). If it prints a usage summary, you are in luck. If you get "command not found," then the problem is most likely that your system's copy of perl does not live in /usr/bin. Type "which perl" to find out where it actually is, then edit the first line of the file "premail" to match that, and try again. 4. Copy premail into a directory in your path (this step is optional). For example, if ~/bin is in your path, then do: cp premail ~/bin After this step, you probably want to run "rehash" so your shell knows were to find premail. 5. Set up the premail configuration file by typing: cp .premailrc ~ 6. Test whether premail really works, by typing: premail your@own.email.addr Path: 1 Subject: Test Does this really work? . If everything goes well, you should get a response from an anonymous remailer in a few minutes. Then, premail is set up and ready to use. You probably want to set up PGP as well, but you don't have to. This and other configuration options are covered below. The configuration options are controlled by the ~/.premailrc file, so you might want to browse through it and tweak things to your taste. Setting up premail for PGP -------------------------- When properly set up, premail will automatically encrypt outgoing mail using PGP. This applies both to traffic routed through the remailers, and to email encrypted for the final recipient, who would use PGP to decrypt it. On the other hand, you can skip this section if you don't want that. First, you need to make sure that you have PGP set up on your machine. When you do, just type: premail -getkeys This will finger Matt Ghio's remailer list at remailer-list@chaos.bsu.edu . If this site is down, or if you are not connected to the net, you should get the list from somewhere else. You can specify either an email address to finger or a file. For example, if you save the keys into remailkeys.asc, then you can run: premail -getkeys remailerkeys The messages from PGP will tell you that it's adding about a dozen new keys to the keyring. You also need to tell premail that you've got PGP running, and have added the remailer keys to your keyring. To do so, add the following line to the ~/.premailrc file: $config{"encrypt"} = "yes"; Also, if you've got PGP in a non-standard place, so that typing "pgp" will not call it up, then you need to add this line to the ~/.premailrc file: $config{"pgp"} = "/wherever/you/put/pgp"; The vox remailer has a problem with MIT PGP 2.6. Thus, premail will by default not encrypt mail going through vox. If your PGP version is 2.3a or 2.6ui, then it should work fine, so add this line: $config{"oldpgp"} = "pgp"; or, if PGP is in a nonstandard place, $config{"oldpgp"} = "/wherever/you/put/pgp"; Integration with user mail clients ---------------------------------- Without premail, outgoing mail works as follows. After you compose your mail, your mail client hands it off to a program called sendmail, which forwards it to the Net. Sendmail (written by Eric Allman at UC Berkeley) knows a lot about email addresses, networking, and so on, but very little about privacy and security. That's the job of premail. It is possible to use premail in either mode: under your client, or by itself. Either way will give the same features, it's just that integrating it with your client will be more convenient to use (if a bit harder to set up). To use premail, type: premail recipient@email.addr and enter your mail as you normally would, ending with either Control-D or a line with just a . on it. Or, you can prepare an email message with your favorite editor, and send it with premail -t < your.file To add premail support to emacs, just add this line to your .emacs file: (setq sendmail-program "/your/premail/pathname/here") With other mail clients, you should be able to use a similar technique. Contact me if you need help with a particular client. If you are root on your machine, you can install premail in /usr/lib/sendmail, so that it will work for _all_ mail clients. This is a fairly bold move, so it would be wise to test this carefully before doing so. To do so, move the existing sendmail into, say, /usr/lib/real_sendmail . Then, add the line $config{"sendmail"} = "/usr/lib/real_sendmail"; to premail. Finally, copy premail to /usr/lib/sendmail. If you choose to do this, let me know how well it works out. Using the privacy features -------------------------- Premail has two important privacy features: chaining through remailers, and PGP encrypting the messages. To chain through the remailers, simply add a header line such as Path: 3 to your mail. The number 3 says how many remailers you want it to chain through. Three is a good compromise between privacy on the one hand and speed and reliablilty on the other. The remailers will automatically be selected for their reliablity and speed, using the remailer list I maintain (finger remailer-list@kiwi.cs.berkeley.edu to see it). If you want to specify a particular sequence of remailers, you can do that. For example, if you are very fond of the idea of your mail crossing national boundaries, you might want to send it through Canada, Austria, and Holland, in that order: Path: extropia;wien;usura When using the Path field, your identity will be completely obscured. If the recipient tries to reply to your mail, it will get nowhere. You can specify a reply address using the Anon-From field: Anon-From: an123456@vox.hacktic.nl The Anon-From field only shows up in mail which goes through the remailers. In ordinary mail, it will be ignored. So, you can put it in all of your mail without worrying about compromising your identity. In fact, you can make premail automatically use it in all anonymous mail by adding this line to your ~/.premailrc file: $config{"anon-from"} = "an123456@vox.hacktic.nl"; Similarly, if most of the mail you send will be through the remailers, then you can set premail to do that as the default. Add this line (or whatever path you want, if not 3) to ~/.premailrc: $config{"defaultpath"} = "3"; Then, whenever you want to send non-anonymous mail, add this header field: Path: ; The other important privacy feature is the ability to PGP encrypt outgoing mail. This works whether or not you use the remailers. The recipient's key must be in your public key ring before you can encrypt mail to them. Then, all you have to do is add this mail header field: Key: user_id The mail will be encrypted with this user_id. It will be formatted using the MIME content type of application/x-pgp. If the recipient has a MIME-capable mail reader, they can set it up to automatically call PGP when receiving encrypted mail. Otherwise, you don't need to worry about it. You can also have premail automatically sign your mail, as well. This feature is a potential security problem, so use it with caution. Add these lines to your ~/.premailrc: $config{"signuser"} = "your_user_id"; $config{"signpass"} = "your pass phrase"; Again, a warning: in doing so, you have just stored your pass phrase in a disk file, which is considered a security no-no. On the other hand, if you are using this for medium-security applications, or if you have good control over access to your machine, then it should be OK; certainly a _lot_ better than not using PGP at all. The ~/.premailrc file should always have -rw------- (600) permissions. Use with caution. How to use the cypherpunks remailers like anon.penet.fi ------------------------------------------------------- Even though the cypherpunks remailers do essentially the same things as anon.penet.fi (though faster and with better privacy), they work quite a bit differently, and can be somewhat intimidating. Premail can help. First, you will need to get an anonymous alias. At this time, the only cypherpunk remailer which will do this for you is "avox", or anon@vox.hacktic.nl. To get the alias, do: premail your@own.email.addr Subject: alias Path: avox Hopefully, this will assign me an alias. . In a few hours, you will get email back with an alias of the form an123456@vox.hacktic.nl . Then, when you send anonymous email, give your alias as the reply address. Here is an example: premail recipient@email.addr Anon-From: an123456@vox.hacktic.nl Path: 3 Hello, if you reply to this, mail will get to me. . Unfortunately, unlike penet, avox does _not_ make the person replying anonymous. The best way for them to be anonymous is to use the cypherpunks mailers as well (hopefully by using premail!). How to post to Usenet --------------------- The easiest way is to use a mail-to-Usenet gateway. For example, to post to alt.skydiving, just send mail to alt.skydiving@demon.co.uk . A full list is available by fingering remailer-list@chaos.bsu.edu, or from http://www.cs.berkeley.edu/~raph/ghio-remailer-list.html . Extra goodies ------------- Premail supports a few more features, for advanced users. These include: offline mail preparation, logging, a password for penet, and a debugging mode. The configuration options specifying these are described in the ~/.premailrc file, which is what you would need to edit. Have fun!