From: eric@remailer.net (Eric Hughes)
Date: Mon, 23 Jan 95 06:58:51 PST
To: remailer-operators@c2.org
Subject: Re: jpunix.com and MX'ing
In-Reply-To: <199501211728.LAA04757@jpunix.com>
Message-ID: <199501231457.GAA16462@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


   From: "John A. Perry" <perry@jpunix.com>

   > A question, from an internet mail novice:  How does the 'invisible'
   > remailer advertise itself as its 'visible' name in it's outgoing
   > mail?  

Perhaps the easiest thing to do is to add a Received: field to all
outgoing remailed mail so that it appears that the visible site is
handling the invisible site as if it were UUCP or a firewall or
mailhub or something.  Since anybody who really wants find out who
actually owns the machine is going to, you might as well indicate the
real relation up front, namely, that the owner of the visible machine
routs mail for the invisible one.  In other words, there would be two
Received: fields in outgoing remailed mail.  The first (lower, later
in the stream) Received: field would be generated by the remailer
software.  The second would be added by the system sendmail.
It will be tricky to make this look just right.

Another way to mask this is to give the remailer its own IP address.
It's easy to recompile extra slip interfaces into a kernel; each gets
its own IP address.  Routing the output of the remailer through these
extra interfaces can require some hackery, though.  I only know about
this second hand, but evidently the BSDI 1.1 release added some BSD
4.4 feature that makes this kind of IP hack much easier.  

With an extra IP address, you then register a full suite of domain
names just like normal.  This could be a new second-level domain or a
subdomain of, say, techwood.org.  You'll want SOA, A, MX, and PTR
records.  The NS entry for the relevant domains (esp. PTR records)
will generally reveal the computer/network operator, but again, this
is a technical relationship only.  What you have done is pretty
completely separated the technical infrastructure from the remailer
operation.

What we're creating here, of course, is virtual machines.  Unix
kernels have supported multiple processes and multiple users for a
long time.  I expect multiple virtual machines this decade.

   The MX record idea was not 
   meant to totally hide a remailer. It was meant to act as a "casual" 
   mask for the remailer.

And I think this mask is quite good.  It's generally a good idea to
try the easier-to-deploy solutions first and see if they work.  All
the IP spoofing above takes a bit of work to do.  Just using an MX
record and getting a second postmaster address is clearly the first
thing to do.

Eric