Official Mixmaster Remailer FAQ

Table of Contents

1. Introduction

1.1 Document Audience

1.2 What's an anonymous remailer?

"A remailer is a computer service which privatizes your e-mail. A remailer is in sharp contrast to the average Internet Service Providers [ISP] which is terribly anti-private. In fact, ISP could equally stand for "Internet Surveillance Point". [Click here to Learn About Email Privacy].

"Traditionally, a remailer allowed you to send electronic mail to a Usenet news group, or to a person, without revealing your true name or e-mail address to the recipient. Today, new web-based remailers permit you to send mail using your real name (if you wish), while protecting your email records from the snooping eyes of your Internet Service Provider.

"In the first version of this FAQ (published in 1995), all popular remailers were free-of-charge. Today, a number of services either charge user fees, or support themselves via advertisers.

1.3 Why should I run an anonymous remailer?

• Promote of free speech
• Work against oppresive governments
• Help whistleblowers escape retribution
• Promote cryptography and anonymity on the Internet
• Learn more about running a mail server

1.4 History of remailers/cryptography

1.5 Newsgroups/Mailing Lists

1.6 Important Reading

2. Planning

2.1 Requirements

2.1.1 Hardware

2.1.2 Internet Connectivity

2.1.3 Operating System

2.1.4 Software

• For Type I and Type II Mixmaster, if you've got a C/C++ compiler, simply grab the source code off of SourceForge and compile away. This will work on any platform.
• If you don't have a C/C++ compiler, you'll want to use Reliable. It has a handy online user manual.
• Nym remailers are available only in source code form.
• For those who really don't want to get their hands dirty, web frontends exist:
  • Freedom, a modified version of the original cypherpunk web frontend (used by the GMS/GILC remailer).
  • COTSE

• Multipost

• UNIX:
  • rlist
  • remlist
  • Piungstats: Requires the least of the three, including no database.
• Windows:
  • Reliable

2.1.5 Filesystem/Drive Space

• Type I
  • Program Software: 17 MB
  • Pool: 10-20 MB
  • Database Tables: 2-10 MB
  • Outgoing Mail Spool/Queue: 20-300 MB
  • Grand Total: 49-347 MB
  • Note that it's probably best to have flex room above the large end of the grand total, because you don't want to get caught with a full drive during a surge in message traffic.

    2.2 Decisions

    There are many decisions you will have to make about how to set up your remailer which will impact its ease of administration and performance. Note that you can successfully run a remailer no matter what you decide here; the only thing these considerations are relevant to are your level of involvement in administration.

    2.2.1 Uptime

    Contrary to what one might first think, it is not necessary to have a box up 24/7 to run a remailer. While an always-on setup is obviously preferable, it is possible to run a remailer on a box without guaranteed uptime, so long as mail is POP'd through at least four times per day. If you cannot send mail through at this minimum rate -- including times when you are away on holiday or otherwise out of your daily -- you should not run a remailer. Doing so would cause unnecessary bottlenecks in the network, causing problems for everyone.

    2.2.2 Middleman

    In order for the remailer network to function properly, there is a need for "middleman" remailers -- boxes that don't actually send e-mails to recipients or posts to Usenet, but instead simply function as additional hops along the chain (remember, the more hops a message traverses, the more secure it is). These systems are also useful in nym reply blocks.
    If you want to run a remailer, but are afraid of potential consequences from user complaints (i.e. your ISP cutting you off, your friendly neighborhood government getting upset with you), you should run a middleman remailer. Since you will never send messages to anyone but other remailers, you should never get any official complaints, and thus will avoid all of the unpleasantness of dealing with the general public.

    2.2.3 Nyms

    2.2.4 Name

    All remamilers must have a name to identify themselves within the network. This name must not exceed eight characters. Preferably, it should be something easily associated with the remailer, even something humorous, so that it can be easily remembered.

    2.2.5 Policy

    Before putting your remailer into action, you need to have a clearly articulated policy governing use and abuse of your system (even if you are a middleman, this is a good idea). It should be posted on your web site and be included in autoresponses to non-remailer generated messages (i.e. in abuse.txt). You should probably read an example before finalizing your own.
    Reasons for doing this include: keeping unhappy end-users from escalating complaints by giving them an easy way to resolve problems; being a good netizen; making sure you really know what you're doing and why you're doing it before you start.

    3. Software Configuration

    3.1 MTA (Mail Transport Agent)

    3.1.1 Sendmail

    3.1.2 Qmail

    3.1.3 Postfix

    3.1.4 MS Exchange

    3.1.5 Add-Ons

    3.1.5.1 TLS-SSL

    3.1.5.2 RBLs

    3.2 Downloading Software

    3.2.1 Mixmaster Remailer

    3.2.1.1 UNIX/Linux/BSD

    3.2.1.2 Windows

    3.2.1.3 Web Frontends

    3.2.2 mail2news Gateway

    3.2.2.1 UNIX/Linux/BSD

    3.2.3 Pingers

    3.2.3.1 UNIX/Linux/BSD

    3.2.3.1.1 Stable

    3.2.3.1.2 Experimental

    3.2.3.2 Windows

    3.2.3.2.1 Stable

    3.2.3.2.2 Experimental

    3.3 Installing Software

    3.3.1 Mixmaster Remailer

    3.3.2 mail2news Gateway

    3.3.3 Pinger

    3.4 Useful System Tools

    4. Security

    4.1 Host System Security

    4.1.1 Philosophy

    4.1.2 Firewalls

    4.1.3 Minimalism/Unnecessary Software

    4.1.4 Local Attacks

    4.1.5 Patches/Updates/Upgrades

    4.2 Key Security

    4.3 Logging

    4.4 Floods & Spam

    4.4.1 MTA

    4.4.2 Asian ISPs & Subnet Filtering

    4.4.3 Prevent Massive Crossposting

    4.4.3.1 Remailers

    4.4.3.2 mail2news

    4.4.4 Flood Detection

    4.4.5 Duplicate Detection

    4.4.6 Blocking Obnoxious Hosts

    5. Policy

    5.1 Always Have A Posted Policy!

    5.2 Responding to Abuse Complaints

    5.3 To Monitor Or Not To Monitor?

    5.4 Cryptographically Signing Posts & E-mail

    5.4.1 How To

    5.5 Changing Remailer Keys

    5.6 Legal Links

    6. Announcing Your Remailer

    7. I'm Being Blocked!

    7.1 Static IP

    7.2 Dynamic IP

    7.3 Dial-Up/POP

    
    

    Contributors and Contacts

    This document would not have been possible without all the information contributed by other people.
    
    Additional Authors:
    Michael T. Shinn (faq AT shinn DOT net)
    trek AT trek DOT eu DOT or
    cmeclax Admin (cmeclax AT ixazon DOT dynip DOT com)
    christian mock (cm AT tahina DOT priv DOT at)
    Editors:
    Comments and revisions provided by:
    cmeclax Admin (cmeclax AT ixazon DOT dynip DOT com)
    Peter Palfrader (peter AT palfrader DOT org)
    Others that I haven't had a chance to add to these credits (but I will!)
    

    Acknowledgments

    The authors of mixmaster, nymserv, multipost, reliable, rlist, PGP, premail, My Private Idaho, ghio, freedom and all other remailer, mail2news, crypto and pinger software.