I was rooting around soda for some other reason and stumbled upon the mail logs (!) for soda. I just sent myself some mail to generate a sample entry. It's got complete traffic analysis data, complete with to/from pairs, time of day, and message size. Jun 11 08:13:35 soda sendmail[11298]: AA11298: message-id=<9306111513.AA11298@soda.berkeley.edu> Jun 11 08:13:35 soda sendmail[11298]: AA11298: from=hughes, size=66, class=0, received from local Jun 11 08:13:36 soda sendmail[11300]: AA11298: to=hughes, delay=00:00:01, stat=Sent I would recommend that all remailer operators find out what kind of mail logging, if any, takes place on their machines. If you need a place to start looking, the mail log on soda was in the same directory as the syslog messages. I would also recommend that this information on mail logging by the system be put in Karl's remailer list. Eric
I was rooting around soda for some other reason and stumbled upon the mail logs (!) for soda. I just sent myself some mail to generate a sample entry. It's got complete traffic analysis data, complete with to/from pairs, time of day, and message size.
Eric, most of us know this stuff you are making yourself look very unix illiterate. I know one person at berkeley who wrote a sh script 5 years ago that would track remote mail aliases by analising who (on campus) who recived with close time stamps. with this info he was able to reverse engineer the containce of a lesbian emailing list. I have a scipt I use the just reads the syslog file and prints out a list of who is emailing who and what their total volume of mail is.
If you need a place to start looking, the mail log on soda was in the same directory as the syslog messages.
or of you look at the file /etc/syslog.conf is tell you where log the data.
Re: sendmail logs
Eric, most of us know this stuff you are making yourself look very unix illiterate.
I have opened my mouth and removed all doubt. I _am_ mostly illiterate in the details of Unix; this is one system administration detail I did not know. I have known for a long time that these logs were in principle easy for administration to keep, but I did not know that they were an entirely standard feature. I raise this because it affects perceived remailer security and I have not once heard these specific logs brought up, on the list or in person. Eric
-----BEGIN PGP SIGNED MESSAGE-----
I raise this because it affects perceived remailer security and I have not once heard these specific logs brought up, on the list or in person.
it is also common practice for have the logs not readable for pople not in the wheel or staff group. As for this remailer security if you use multiple remailers with random delays the ability to correlate the the sendmail & uucp logs should be sufficient retarded. (this is assuming that you were able to get copies of all the logs from sites the sendmail message passed through -Pete -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBFAgUBLBj1HMhmn7GUWLLFAQFxQQF9ESltl2TTn1j8A9CNDsct+Mz7SzZqwsQe w8H7ILI3mbCF8FVqmkuWNjPeHDe5C3xj =h1r8 -----END PGP SIGNATURE-----
participants (3)
-
Eric Hughes -
Peter shipley -
Peter Shipley