Ok, I'm planning on putting up a remailer on my Linux box. One of the things I'd really like to know is, how much in the way of attempts to break into your machines are remailer ops seeing? How much in the way of other attacks? I'd also like to get some idea of the amt of resources consumed by a relatively popular remailer -- amt of system loading, disk space devoted to remailing activites, and anything else. I know loading will be hard to quantify in a meaningful way, but for reference my machine is a 486/66 w/32 megs RAM and pretty fast SCSI disks. Just a general idea of how significant the load on such a machine will be would be nice. My SCSI and Ethernet are both fast, and on a PCI bus. My site is at the moment, I think, relatively secure. I have few users and am sure at the moment nobody has an easily crackable password. I plant to install a fascist password checker soon. I currently have ftpd and fingerd commented out of my inetd.conf. (I plan to put ftpd back, at some point, but really don't like outsiders being able do a finger @site and find out who is on, how long, how long idle, find out when users last logged on or read their mail, etc. I will probably want to add it back after modifying it or finding a stock one that does what I want.) I have tcp wrappers installed, and have checked on a number of blatant security holes that I know of. I am worried that once I begin running a remailer, the number of attacks on my machine will increase dramatically. I'd of course like for my data and my users' data to remain private, and believe that a compromised remailer is (obviously) worse than no remailer at all. What would be nice, before I put up a remailer, would be to have any willing, security-knowledgeable cypherpunk subscribers out there to probe my machine for any really obvious chinks, for security-aware Linux users to point out any Linux or Slackware-specific security holes, etc. Of course I'd want to have a word with anyone willing to probe me before they just went at it... ;) Linux kernel is currently 1.1.81, which is quite stable for me, and the Slackware distribution is 1.2.0. I'm running sendmail 8.6.9, are there any really terrible vulnerabilities in it any longer from outside the machine? From inside? Of course, I'm on an Ethernet with others, and have users logging in from other Ethernets, so am vulnerable to sniffers. I don't think it's going to be feasible to install skey here, as a number of my users are extremely non-technical. I'm also still looking around for what I'm going to run. I'd like for it to be easy to reply to users, but absolutely impossible for me to 'out' anyone under any circumstances. The encrypted-sender stuff some remailers currently use is probably too ugly for most average joes to want to use, and not as secure as I'd like. It's probably the best available at the moment. This should definitely change. What I'd *really* like to do would be to write a client and server to make an anonymous pool act like normal email ... this is really the only way I can think of to make replying easy but also to have good security. I'm sort of surprised someone has not done this yet. It'd be pseudonymous, your client would only look at messages for you or for everyone (for your convenience -- of course anyone could look at anything, but it'll all be PGP'ed, so...) Some really neat things that could be done w/this... for folks willing to trust the sever to some degree, cross-referencing of pseudonyms and public keys could be done, allowing joe user to just mail to a pseudonym -- this would be good in cases where one party wishes to hide, while the other has nothing to hide and is possibly very non-technical. He'd have no guarantee that someone wasn't reading his mail to the pseudonymous party, on the way in, but the p.n. party would not have to worry about having his real address cross-referenced, or about the server having the key to decrypt his real (included) address in memory or on disk. Anon pools are obviously doable right now, with a mailing list, but the inconvenience of using one like this is a real barrier. An anonymous pool; Usenet-like -- distributed over many machines in many countries, but with pseudonyms instead of "real names" and public keys as addresses. This is definitely doable, right now. NNTP-type servers doing news and mail service. As the scale got larger, we'd of course not want to send everyone's mail to all the servers, but tying a user down only as far as to a given server would probably not be a problem -- look at all the different folks that may use one NNTP server. Perhaps mail for a given user could be sent to several different servers to keep things muddy. Mixmaster does not currently run on Linux, is that correct? Anyone know what the problem is, or have an idea what amt of work would be involved in porting it? I'd like to look at this. Really, though, everything out there is pretty unsatisfactory -- only anonymous pools and DC-nets have the characteristics I'm interested in. Anyone on the list doing any serious work on DC-nets? I find these extremely exciting, and don't see much brainstoming on implementation going on. regards, Craig.