Asendmail For Mix [Testers Needed]
For the past several days i've been working on a method of concealing the identity of Remailers.. I've put together a program that acts as a replacement for sendmail with mixmaster, along with a list of 135 sites on the internet that either do not add received headers at all, or add headers that don't indicate who the originator was. The program is called asendmail and what it does is pick 2 servers from its list of proxy's (using a modified version of the rnd generator from Lance Cottrell's reorder package). It then opens an smtp socket with the first server, sends the second servers name in its introduction, and procedes to send its mail that way. I'm not an expert on such things, but a careful look at the resulting mail has revealed no sign of the originating remailers address. As far as I can tell the only way to identify the remailer would be by obtaining logs from the proxy host, if they exist. Asendmail is being used for all mixmaster mail sent through ncognito@cyberpass.net currently. It would be helpful in debugging if some people could route a few test messages through the mailer, examine the headers, verify that mail has arrived, etc. Any and all feedback will be greatly appreciated. Assuming that the results of this testing are acceptable, i will make a beta version of asendmail, and my (ever expanding) proxy list available. Thanks,
-----BEGIN PGP SIGNED MESSAGE----- On Mon, 27 May 1996, Ben Holiday wrote:
For the past several days i've been working on a method of concealing the identity of Remailers..
I've put together a program that acts as a replacement for sendmail with mixmaster, along with a list of 135 sites on the internet that either do not add received headers at all, or add headers that don't indicate who the originator was.
Do these sites know that you are using them to mask a remailer? I would think it would be very bad netiquette to cause a system to be investigated by some official authority because your remailer was using them as a front without their express knowledge and permission. I would think that obtaining permission would be the least you could do, but that would also defeat the anomitity by the nature of notifying the site that you wish to use them. This does not apply to chaining remailers as by running a remailer, the operator of the remailer is tacitly giving permission to be used in the chain in most cases. John Perry - KG5RG - perry@alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry@jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMapW01OTpEThrthvAQENiwP+LIrhnIK02gV28W/0GhBr1QvYjSvL6N8V XE9s85AkQEtfjYMI78PkGAEH0Wj8ZcOGsdz0ZySGD/BxGXHjvOCbW3ObUoytASx6 phllJ+cb1e4bGZu0WOcpnRUjz9M/yVB9uO/6K4zYqipVv18Cdt33yOb0joBimVMa XUAFfwJtpGM= =m9Ar -----END PGP SIGNATURE-----
On Mon, 27 May 1996, John A. Perry wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 27 May 1996, Ben Holiday wrote:
I've put together a program that acts as a replacement for sendmail with mixmaster, along with a list of 135 sites on the internet that either do not add received headers at all, or add headers that don't indicate who the originator was.
Do these sites know that you are using them to mask a remailer? I would think it would be very bad netiquette to cause a system to be investigated by some official authority because your remailer was using them as a front without their express knowledge and permission.
No, they dont. And yes, it probably is bad netiquette. Unfortunately, the idea of your friendly neighborhood remailer is dying very quickly. Using other remailers as out-points is fine in so far as it goes, but someone eventually must eventually send mail to someone who isnt a remailer. If we define a remailer as a site that strips identifying headers from mail and passes it to its destination, then these sites are in fact remailers. They simply dont advertise themselves as such. Why is it that hundreds of government and university machines can operate what amount to anonymous remailers, and no one pays any attention, and yet cypherpunks are threatened with jail time for what is essentially the same thing?
participants (2)
-
Ben Holiday -
John A. Perry