1993-08-09 - ANON: Re: how does it work

Header Data

From: Karl Barrus <elee9sf@Menudo.UH.EDU>
To: cypherpunks@toad.com
Message Hash: 005b08d871e3d96bdaa850cffc58f971fe78a3b03b6769edfeeb55ea5d869c8f
Message ID: <199308091614.AA19550@Menudo.UH.EDU>
Reply To: N/A
UTC Datetime: 1993-08-09 16:16:38 UTC
Raw Date: Mon, 9 Aug 93 09:16:38 PDT

Raw message

From: Karl Barrus <elee9sf@Menudo.UH.EDU>
Date: Mon, 9 Aug 93 09:16:38 PDT
To: cypherpunks@toad.com
Subject: ANON: Re: how does it work
Message-ID: <199308091614.AA19550@Menudo.UH.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


> As an aside, all this talk about anonymous remailers is intriguing.
> Does anyone know with certainty what happens at the remailer site,
> within the software process of stripping headers and the likes, where
> the original sender of the message could be tracked? SENDMAIL logs,
> etc.?

Well, I recently checked the syslog file (found in /usr/spool/mqueue)
on rosebud, and it contains entries like this:

Aug  7 17:40:17 rosebud sendmail[24780]: AA24780: from=elee7h5,
size=6544, class=0
Aug  7 17:40:19 rosebud sendmail[24781]: AA24780: to=[deleted]
delay=00 :00:02, stat=Sent, mailer=tcp, host=[deleted]
Aug  8 10:19:41 rosebud sendmail[24816]: AA24816: message-id=<[deleted]>
Aug  8 10:19:41 rosebud sendmail[24816]: AA24816: from=<[deleted]>, 
size=618, class=0
Aug  8 10:19:41 rosebud sendmail[24817]: AA24816: 
to="|/users/emlab/elee7h5/remail/slocal.pl", delay=00:00:01, 
stat=Sent, mailer=prog, host= 

(I deleted out the addresses that were actually there.)
Unfortunately, I can't erase the syslog file or turn sendmail logging
off.

Some things that would help foil traffic analysis would be to file all
incoming mail in a directory, and then mail it out randomly in the
early hours of the morning.  Or, hop your mail around a bit more.

> What would be preferrable, in ideal scenario, would be that all traces
> of the incoming message was discarded altogether. In this fashion, the
> operator of the remailer would be less likely to be "persuaded" to
> divulge the originator(s) of messages, if found in such a precarious
> position.

Ah, I have some bad and good news about my remailer
elee7h5@rosebud.ee.uh.edu.  A friend has loaned me his account, and in
the course of setting up a remailer which uses RIPEM instead of PGP
(some folks have requested this - and it should be up RSN :-), I tried
to log into my account to fix the sendmail invocation option to -oi
and recompile perl to include flock() support.  I found my password
had been locked!

Actually, I've been expecting this to happen - you see, I'm through
with UH and am going to Rice from now on.  Rosebud is a workstation in
the grad group I used to be in, and since I'm no longer a student, I
figured this would happen sooner or later.  BUT, it is a precedent
that old student's directories are kept around, with logins disabled.
I've tested the remailer, and it still responds, so hopefully it will
run quietly for many more months/years :-)

That was the bad news: I can't log into it to fix things, or check
bounced mail, etc.  But this is good news as well: bounces and errors
are dropped, the remailer works automatically and I can't disable it
:-) In fact, I have a pretty good excuse if ever somebody "abuses" the
remailer... I can't do anything about it, heh :-)



-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLGZ3o4OA7OpLWtYzAQFd1AQAmOhpr0bkdEKptxmqRsCJ+5KfRacL8JFF
Xq1ehVSa7Q7UPeqfoNRVpDpWljyajKiJ5DZElhUPHiDJbTD9GZzoP0w9+SPQqB6D
Ar6nS1kt0BptEUoNC5aLDsFyOBx3f7pZg+7YfcBHs10hVybQUNIzGs+g9YWt+CtB
GXZV17GOzlY=
=BV0/
-----END PGP SIGNATURE-----





Thread