MIXMASTER(1)

General Commands Manual

MIXMASTER(1)

NAME¶

mixmaster - anonymous remailer software

SYNOPSIS¶

mixmaster [ -hpmdSvT] [ -t user@host] [ -g newsgroup] [ -s subject] [ -a filename] [ -l mix1,mix2,mix3,...] [ -c num] [ user@host] [ filename]

mixmaster [ -f[rfg] filename]

mixmaster [-RGKSP]

DESCRIPTION¶

Mixmaster is an anonymous remailer. Remailers provide protection against traffic analysis and allow sending mail anonymously or pseudonymously.

In the non-interactive mode, Mixmaster reads a message from its standard input or from a file. Destination address and input file can be specified in the command line. If no address is given in the command line, the input file is expected to contain a message complete with mail headers.

OPTIONS¶

-h, --help: Print a summary of command line options.

-V, --version: Print version information.

--about: Print authorship and copyright information.

--config=filename: Read configuration from an alternate file.

-t, --to=user@host: Add the destination address(es) to the message header. The input file contains the message body without headers.

-g, --post-to=newsgroup: Add the newsgroup(s) to the message header. The input file contains the message body without headers.

-p, --post: Post the message to Usenet.

-m, --mail: Send the message as electronic mail. (This is the default.)

-s, --subject=subject: Add the subject to the message header.

--header='Header: text': Add the header line to the message header.

-a, --attachment=filename: Attach file to the message.

--encrypt: Encrypt the message using the OpenPGP format.

--sign: Sign the message using the OpenPGP format.

-l, --chain=mix1,mix2,mix3,...: Use this remailer chain to send the message. Alternatively, the input message may contain a pseudo-header Chain:. If no chain is specified, Mixmaster will use a chain of four random remailers.

-T, --type-list: Display the contents of the type2.list file.

-c, --copies=num: Send num copies of the message to increase reliability.

-d, --dummy: Generate a dummy message as protection against traffic analysis.

-S, --send: Send the message(s) from the pool.

-v, --verbose: Output informational messages.

-f [file]: Read a mail folder or news article. This function requires ncurses support.

-fr [file]: Reply to a message.

-ff [file]: Post a follow-up to a message.

-fg [file]: Send a group reply to a message.

--update-pinger-list: Download an updated all pingers list file.

--update-stats[=source]: Download updated stats.

Remailer options:¶

--config=filename: Read configuration from an alternate file.

-R, --read-mail: Read a remailer message from standard input and store it in the pool.

-I, --store-mail: Read a remailer message from standard input and store it in the pool without decrypting it immediately. It will be processed the next time Mixmaster processes the queue (called with -M or in daemon mode).

-P, --pop-mail: Read mail from the POP3 servers listed in pop3.cfg.

-M, --remailer: Check if it is time to perform the regular remailer actions: Send messages from the pool, get mail from POP3 servers and keep the internal files up-to-date.

-D, --daemon: Detach from the console and process the pool, get mail and update the internal files at regular intervals.

--no-detach: Run as daemon but do not detach from the terminal (This option is only useful together with --daemon).

-G, --generate-key: Generate a new remailer key.

-K, --update-keys: Generate remailer keys if necessary.

-S, --send: Force sending the message(s) from the pool.

--install-svc: Install the Mixmaster Service on Win32.

--remove-svc: Remove the Mixmaster Service on Win32.

--run-svc: Run the Mixmaster Service on Win32.

--redirect: Read a Mixmaster packet from stdin and route it through a chain given with --no-ask-passphrase Do not ask for the remailer passphrase even if we don't have it compiled in, don't have it in the config file, don't have it in the environment and we are on a tty. --chain. Note that this may corrupt the packet if there is not enough space in the headers (that is, if there are more than 20 hops total). This function is not normally needed but may come in handy in certain cases.

CONFIGURATION¶

Mixmaster reads its configuration from the file mix.cfg in its working directory. The configuration file consists of lines of the type

VARIABLE values

and of comments, which begin with a # character. The variables have reasonable default values, but it is useful to create a configuration file using the Install script when setting up a remailer.

All configuration variables can be overridden from the command line, e.g. mixmaster -S --POOLSIZE=0 --RATE=100 will send all messages currently in the message pool.

Client configuration:¶

ADDRESS: Your address for sending non-anonymous messages.

NAME: Your real name (used for sending non-anonymous messages).

MAILtoNEWS: Address of a mail-to-news gateway. Default: mail2news@nym.alias.net.

CHAIN: Default chain for anonymous messages to be sent. CHAIN is a comma-separated list of remailer names or addresses. A * represents a random reliable remailer. Default: *,*,*,*.

NUMCOPIES: Number of redundant copies of an anonymous message to be sent, unless specified otherwise on the command line. Default: 1.

DISTANCE: When selecting random remailers, the chain will contain DISTANCE other remailers between two occurrences of the same remailer in the chain. Default: 2.

MINREL: Only select remailers with a reliability of at least MINREL%. Default: 98.

RELFINAL: Only select a remailer with a reliability of at least RELFINAL% as the final remailer. Default: 99.

MAXLAT: Only select remailers with a latency of at most MAXLAT. Default: 36h.

MINLAT: Only select remailers with a latency of at least MINLAT. Default: 5m.

PGPPUBRING: Path to your public PGP key ring. Default: ~/.pgp/pubring.pkr. (Windows default: PGP registry value.)

PGPSECRING: Path to your secret PGP key ring. Default: ~/.pgp/secring.skr. (Windows default: PGP registry value.)

CLIENTAUTOFLUSH: If REMAIL is set to n automatically flush the pool every time Mixmaster is run. Default: n.

SENDMAIL: Path to the sendmail(1) program. If set to outfile, Mixmaster will create text files named out*.txt in the pool directory instead of sending mail. Default: /usr/lib/sendmail -t.

SMTPRELAY: Name of SMTP relay. If set, mail will be delivered to the relay rather than by sendmail(1).

HELONAME: Host name used in the SMTP dialogue. Default: The ENVFROM host name or the current network name associated with the socket.

SMTPUSERNAME: Some mail servers require authentication for sending mail. This is the authenticated SMTP user name. SMTPPASSWORD Password for authenticated SMTP.

ENVFROM: Envelope from address used in the SMTP dialogue. (When the client is used to send non-anonymous messages, ADDRESSS is used instead.) Default: ANONADDR.

ALLPINGERSURL: URL from which to download the ALLPINGERSFILE. Default: http://www.noreply.org/allpingers/allpingers.txt.

WGET: Define the http protocol download tool. Default: wget.

Remailer configuration:¶

NEWS: Path to the news posting program, or address of a mail-to-news gateway. Default: no news posting. (When using a news posting program, ORGANIZATION contains an Organization line for anonymous messages. Default: Anonymous Posting Service.)

SENDANONMAIL: Path to a program for sending anonymous mail. Default: SENDMAIL. SENDANONMAIL can be used to invoke an external mail filter for anonymized messages.

SHORTNAME: A short name for the remailer to be used in lists. Defaults to the host name.

REMAILERADDR: The remailer mail address.

ANONADDR: An address to be inserted in the From: line of anonymous messages. Default: REMAILERADDR.

REMAILERNAME: A name to be inserted in the From: line of remailer status messages. Default: Anonymous Remailer.

ANONNAME: A name to be inserted in the From: line of anonymous messages. Default: Anonymous.

COMPLAINTS: An address for complaints to be sent to. Default: REMAILERADDR.

ERRLOG: Name of a file to log error messages, or stdout or stderr. Default: stderr. (When run from a tty, Mixmaster will always print a copy of error messages to stderr.)

MAILBOX: A generic mail folder for non-remailer messages that are not stored in any of the following folders. If MAILBOX begins with a |, it specifies the path to a program. If it contains an @ sign, the message is forwarded to the given address (with an X-Loop: header to prevent mail loops). If it ends with a / it is treated as a Maildir, otherwise the message is appended to the given file name or written to standard output if MAILBOX is stdout. Default: mbox.

MAILABUSE: Mail folder for messages sent to the COMPLAINTS address. Default: MAILBOX.

MAILBLOCK: Mail folder for messages sent to the remailer address with a DESTINATION-BLOCK line. Default: MAILBOX.

MAILUSAGE: Mail folder for messages sent to the remailer address that do not contain any valid remailer commands. Default: /dev/null.

MAILANON: Mail folder for replies sent to the ANONADDR address. Default: /dev/null.

MAILERROR: Mail folder for messages that cannot be decrypted or contain other errors. Default: /dev/null.

MAILBOUNCE: Mail folder for bounce messages. Default: MAILBOX.

MAILIN: If defined an additional mail folder where Mixmaster should read messages from when processing its pool. If it ends with a / it is treated as a Maildir, otherwise a standard mbox format file is expected. All messages are removed from the folder after reading. MAILIN is not set by default. It is an incredibly bad idea to set this the same as MAILBOX.

VERBOSE: If VERBOSE is set to 0, Mixmaster will log error messages only. If it is set to 1, error messages and warnings are logged. If VERBOSE is set to 2, successful operation is logged as well. If set to 3, a log file entry is created whenever a message enters or leaves the pool. Default: 2.

PASSPHRASE: A passphrase used to protect the remailer secret keys from casual attackers. This setting overrides the compile-time defined COMPILEDPASS which is now deprecated. This should not be the same as the client passphrase.

EXTFLAGS: Additional flags you want to set in the remailer's capabilities string. Defaults to the empty string, which means none. Example: testing.

PRECEDENCE: Sets the header Precedence: to this value for all outgoing mail. Defaults to the empty string, which means no such header is added. Example: anon. If you use this you might want to block user supplied precedence headers in your header block file.

The following variables can be set to y or n:

REMAIL: Enable remailer functionality. Default: n.

MIDDLEMAN: Act as an intermediate hop only, forward anonymized messages to another remailer. This mode can be used where complaints about anonymous messages must be avoided. (The variable FORWARDTO specifies the remailer chain to be used; default: *.) Default: n.

AUTOREPLY: Send help files in response to non-remailer messages. Explicit remailer-help requests are always served. Default: n.

MIX: Accept Mixmaster messages. Default: y.

PGP: Accept OpenPGP-encrypted Cypherpunk remailer messages. Default: n.

UNENCRYPTED: Accept unencrypted Cypherpunk remailer messages. Default: n.

REMIX: Re-encrypt Type I messages to other remailers in the Mixmaster format (x = only when requested by user explicitly). Default: y.

BINFILTER: Filter out binary attachments. Default: n.

LISTSUPPORTED: List known remailers and their keys in remailer-conf reply. Default: y.

MID: Use a hash of the message body as Message-ID, to avoid Usenet spam. Default: y. If MID is set to a string beginning with @, that string is used as the domain part of the message ID.

AUTOBLOCK: Allow users to add their address to the dest.blk file by sending the remailer a message containing the line destination-block. Default: y.

STATSDETAILS: List statistics on intermediate vs. final delivery in remailer-stats. Default: y.

The following variables have numeric values:

POOLSIZE: The size of the Mixmaster reordering pool. Larger sizes imply higher security and longer delays. Remailer default: 45. Client default: 0.

RATE: Percentage of messages from the pool to be sent. Remailer default: 65. Client default: 100. Lower values cause the pool to increase in size when many messages are received at a time, reducing the effect of flooding attacks.

INDUMMYP: Probability that Mixmaster will generate dummy messages upon receipt of incoming mail. Larger numbers mean more dummy messages on average. For instance, 10 means that on average one in nine incoming messages will trigger a dummy generation, and 20 means that one in four will. 0 means no dummy messages. Remailer default: 10. Client default: 3.

OUTDUMMYP: Probability that Mixmaster will generate dummy messages at SENDPOOL time. If the pool is processed frequently, this should be a lower value than if there are long intervals between pool processing. Examples: 50 means on average, one dummy message will be generated per pool processing. 80 means four will be generated. 0 means no dummy messages. Remailer default: 90. Client default: 3.

SIZELIMIT: Maximum size for anonymous messages in kB. 0 means no limit. Default: 0.

POP3SIZELIMIT: Maximum size for incoming messages in kB when using POP3. 0 means no limit. Default: 0. Larger messages are deleted unread if POP3DEL is set to y, and left on the server otherwise.

INFLATEMAX: Maximum size for Inflate: padding in kB. 0 means padding is not allowed. Default: 50 kB.

MAXRANDHOPS: Maximum chain length for message forwarding requested by Rand-Hop directives. Default: 4.

MAXRECIPIENTS: limits the number of allowed recipients in outgoing mail. Anything that exceeds this number is dropped silently. Default: 5.

TEMP_FAIL: exit with this exit code when a timeskew problem is suspected. Also see TIMESKEW_BACK and TIMESKEW_FORWARD. The default of 75 should cause your MTA to requeue the message if you are running mixmaster from a .forward file.

STATSAUTOUPDATE: Set non-zero to enable Daemon stats download mode. Default: 0.

The following are time variables. They can be given as years ( y ), months ( b ), days ( d ), hours ( h ), minutes ( m ), or seconds ( s ).

SENDPOOLTIME: How often Mixmaster should check the pool for messages to be sent. Remailer default: 15m. Client default: 0h.

POP3TIME: How often Mixmaster should check the POP3 accounts listed in pop3.cfg for new mail. Default: 1h.

MAILINTIME: How often Mixmaster should read mail from MAILIN and process mails fetched via POP3. Processing here means to answer remailer-xxx requests and decrypt messages to the Mixmaster and place them in the pool. No other processing of the pool is done. This action is always performed sending out messages from the pool (at SENDPOOLTIME intervals) or receiving mail via POP3 (at POP3TIME intervals). Default: 5m.

PACKETEXP: How long to store parts of incomplete multipart messages and other temporary pool files. Default: 7d.

IDEXP: Mixmaster keeps a log of packet IDs to prevent replay attacks. IDEXP specifies after which period of time old IDs are expired. Default: 7d, minimum: 5d. If set to 0, no log is kept.

KEYLIFETIME: Mixmaster sets an expiration date on its remailer keys KEYLIFETIME after the key creation date. Default: 13b.

KEYGRACEPERIOD: Mixmaster will continue to decrypt messages encrypted to an expired key for KEYGRACEPERIOD period of time after the expiration. This is done to ensure that messages already injected into the network are allowed to exit. Do not change this value unless you know what you are doing, or you will risk partitioning attacks. Default: 7d.

KEYOVERLAPPERIOD: Mixmaster will generate and advertise a new key KEYOVERLAPPERIOD period of time before the expiration of the key. Clients should always use the most recently created valid key. Clients that deviate from this recommended behavior risk partitioning attacks. Default: 7d.

TIMESKEW_BACK: Allow going back up to TIMESKEW_BACK in time. If the time moved further back mixmaster will assume there is a problem with your clock and refuse to start as a remailer. This is done by comparing the latest timestamp in time.log with the current timestamp. If set to 0 then this test is skipped. If the system time is indeed correct, simply remove time.log. Default: 12h.

TIMESKEW_FORWARD: Similar to TIMESKEW_BACK but allow jumping this far into the future. Default: 2w.

STATSINTERVAL: Time interval between daemon downloads of stats files. Enabled by STATSAUTOUPDATE. Default: 2h.

The following strings must be specified at compile-time in config.h. It is not usually necessary to modify any of these:

DISCLAIMER: A default string to be inserted in the header of all anonymous messages if no disclaim.txt file is available. If DISCLAIMER contains the substring %s, it will be substituted with the COMPLAINTS address.

FROMDISCLAIMER: A default string to be inserted at the top of the message body if an anonymous message contains a user-supplied From: line and no fromdscl.txt file is available.

MSGFOOTER: A default string to be inserted at the bottom of the message body of all anonymous messages if no footer.txt file is available.

BINDISCLAIMER: A string to replace the body of a binary attachment when the remailer is configured to filter out binaries.

CHARSET: The character set used for MIME-encoded header lines.

DESTBLOCK: A quoted list of files that contain blocked addresses. Files must be separated by one space. Mixmaster will choose the first file for writing if AUTOBLOCK is enabled.

The following variables can be set in the Makefile or in config.h:

COMPILEDPASS: A passphrase used to protect the remailer secret keys from casual attackers. You can use `make PASS="your passphrase"' to set a passphrase. This should not be the same as the client passphrase. This option is now deprecated in favor of the configuration file option PASSPHRASE.

SPOOL: Set SPOOL if you want to use a default directory other than ~/Mix or if Mixmaster is run in an environment where $HOME is not set, e.g. when invoked via .forward. This value can be overridden by use of the environment variable $MIXPATH.

USE_SSLEAY: Use the SSLeay/OpenSSL cryptographic library. Currently this is the only cryptographic library supported by Mixmaster.

USE_IDEA: Use the IDEA encryption algorithm. A license is required to use IDEA for commercial purposes. See file idea.txt for details.

USE_PGP: Support the OpenPGP encryption format. Mixmaster does not call any external encryption program.

USE_PCRE: Use the regular expression library.

USE_ZLIB: Use the zlib compression library.

USE_NCURSES: Use the ncurses library.

USE_SOCK: Use sockets to transfer mail by POP3 and SMTP.

USE_WINGUI: Use the Win32 GUI.

HAVE_GETDOMAINNAME: The getdomainname(2) function is available.

FILES¶

These filenames can be overridden by setting the corresponding configuration option (given in parentheses).

mix.cfg: Mixmaster configuration file.

pubring.asc: Type 1 remailer keys (PGPREMPUBASC).

pubring.mix: Type 2 remailer keys (PUBRING).

rlist.txt: List of reliable type 1 remailers (TYPE1LIST).

mlist.txt: List of reliable type 2 remailers (TYPE2REL).

type2.list: List of known type 2 remailers (optional) (TYPE2LIST).

starex.txt: List of remailers which should not be used in randomly generated remailer chains ( STAREX).

Remailer files:¶

disclaim.txt: A string to be inserted in the header of all anonymous messages ( DISCLAIMFILE).

fromdscl.txt: A string to be inserted at the top of the message body if an anonymous message contains a user-supplied From: line ( FROMDSCLFILE).

footer.txt: A string to be inserted at the bottom of the message body of all anonymous messages ( MSGFOOTERFILE).

help.txt: Help file sent in response to remailer-help requests ( HELPFILE).

adminkey.txt: The PGP key of the remailer operator sent in response to remailer-adminkey requests ( ADMKEYFILE).

abuse.txt: File sent in response to mail to the COMPLAINTS address if AUTOREPLY is set ( ABUSEFILE).

reply.txt: Help file sent in response to replies to anonymous messages if AUTOREPLY is set ( REPLYFILE).

usage.txt: Help file sent in response to non-remailer message sent to REMAILERADDR if AUTOREPLY is set. If usage.log exists, recipients are logged and a reply is sent only once to avoid mail loops ( USAGEFILE).

blocked.txt: Information sent in response to automatically processed blocking requests if AUTOREPLY is set ( BLOCKFILE).

pop3.cfg: List of POP3 accounts with lines of the form account@host.domain password to get remailer messages from. The lines may optionally contain the keyword "apop" or "pass" to select an authentication method ( POP3CONF).

dest.alw: List of addresses to which Mixmaster will deliver, even in middleman mode ( DESTALLOW).

dest.alw.nonpublished: Similar to dest.alw, with the only difference that this list is not published in remailer-conf replies ( DESTALLOW2).

dest.blk: List of blocked destination addresses. Mixmaster does not send mail to the blocked addresses listed in this file ( DESTBLOCK).

rab.blk: Identical to dest.blk, except Mixmaster will not write to this file. For use with external remailer abuse blocklists.

source.blk: List of blocked source addresses. If an incoming message originates from an address or IP in this list, it will be ignored. This feature can be used to avoid spam and other abusive mail ( SOURCEBLOCK).

header.blk: List of unwanted header fields. The file is used to delete unwanted header lines (e.g. lines that indicate a false identity, or Usenet control messages), and do other header filtering ( HDRFILTER).

A destination address or header line is left out if it contains a search string or matches a regular expression specified in the block file. Lines in the block file that begin and end with a slash (/regexp/) are interpreted as regular expressions. Lines without slashes are used for case-independent substring search.

If a message contains a header line that matches a /regexp/q entry in header.blk, the entire message is deleted.

In addition, regular expressions can be substituted. Back-references are supported. For example

/^From: *([^@]*) <.*>/From: $1/
/^From:.* \(([^@]*))/From: $1/
/^From: *([^@]*).*$/From: $1 < nobody@remailer.domain>/

would allow user-defined names in the From: line, while replacing any given address with the remailer address.

allpingers.txt: Information on all known pingers (ALLPINGERSFILE).

Mixmaster uses the following files internally:¶

mixrand.bin: Random seed file (MIXRAND).

secring.pgp: Remailer type 1 secret keys (PGPREMSECRING).

secring.mix: Remailer type 2 secret keys (SECRING).

pgpkey.txt: The public type 1 remailer key (PGPKEY).

key.txt: The public type 2 remailer key (KEYFILE).

id.log: Log file of messages already processed (IDLOG).

stats.log: Log file for remailer statistics (STATS).

stats-src.txt: File for name of most recent statistics source (STATSSRC).

pgpmaxcount.log: Log file for PGP Max-Count statistics (PGPMAXCOUNT).

time.log: Time for periodic remailer actions (REGULAR).

dhparam.mix: Public Diffie-Hellman parameters used for El-Gamal key generation ( DHPARAMS).

dsaparam.mix: Public DSA parameters used for DSA key generation (DSAPARAMS).

mixmaster.pid: Pid file in daemon mode (PIDFILE).

pool/: Message pool directory (POOL).

pool/m*: Message pool files.

pool/p*: Partial messages.

pool/l*: Latent messages.

pool/s*: Messages to be sent.

pool/t*: Temporary files.

ENVIRONMENT¶

MIXPATH: The path to the Mixmaster directory. The default is ~/Mix.

MIXPASS: The passphrase used to protect your nyms and PGP keys. (The remailer uses a different passphrase.) If MIXPASS is not set, the client will ask for a passphrase.

HISTORY¶

Mixmaster is an implementation of a Chaumian mix-net system. Versions 1.0 through 2.0.3 of the mixmaster remailer were originally written by Lance Cottrell. Mixmaster was first released in 1995. Ulf Moeller collaborated on version 2.0.4, and began an entire rewrite of mixmaster in 1999. This rewrite was released in 2002 as version 2.9.0, with major contributions from Janis Jagars, Peter Palfrader, and Len Sassaman. Mixmaster 3.0 is based on the 2.9 codebase. Peter Palfrader and Len Sassaman were the principal maintainers until 2006. Since then, Steve Crook, Len Sassaman, and Colin Tuckley have filled the role of principal maintaners. For more information on contributing authors, please see the file THANKS for details.

COPYRIGHT¶

Mixmaster may be redistributed and modified under certain conditions. This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the file COPYRIGHT for details.

Mixmaster Version 3.0

Source file:	mixmaster.1.en.gz (from mixmaster 3.0.0-6)
Source last updated:	2013-02-08T14:30:15Z
Converted to HTML:	2017-06-07T17:02:41Z