


MIXMASTER(1)                                         MIXMASTER(1)


NAME
       mixmaster - anonymizing remailer

SYNOPSIS
       mixmaster  [  -c  ] [ filename ] [ -f ] [ -m ] [ -d ] [ -s
       subject ] [ -v 'Header: text' [ -v  ... ] ] [ -n numcopies
       ] [ -o outfile | -O outfile ] [ -to who@where ] [ -l 1 2 3
        ... ]

       mixmaster [ -P ] [ -T ]

       mixmaster [ -G ] [ -K ] [ -R ] [ -S ] [ -L ] [ -Q ] [ -D ]
       [ -X ]

DESCRIPTION
       The  purpose  of  anonymous  remailers  (hereafter  simply
       remailers) is to provide protection against traffic analy-
       sis. Traffic analysis is the study of who you are communi-
       cating with, when, and how often. This reveals  more  than
       you  might  expect about your activities. It will indicate
       who your friends and colleagues are (and they can be  told
       apart by looking at the times you contact them). What your
       interests are, from which catalog companies  you  contact,
       and  which  ftp  and WWW sites you visit. Traffic analysis
       can even reveal business secrets, e.g. your frequent  con-
       tact with a rival could give hints of an impending merger.

       Remailers protect your e-mail from traffic  analysis.  The
       original  remailers  did  this  by  removing  all headers,
       except the subject line, from any message you sent to them
       and then forwarding them a destination of your choice. The
       recipient of such a message would not know  who  had  sent
       it.

       The addition of encryption to this scheme gave significant
       protection from attackers who simply look at passing  mes-
       sages  for  to and from fields.  Passing a message through
       several remailers in a row is much better, but still  vul-
       nerable  to an attacker who can watch messages go into and
       out of each remailer.

       Two more elements are required: messages must be reordered
       within  the remailer before being forwarded (this is being
       done by a few of the old style remailers),  and  all  mes-
       sages  must be indistinguishable. This last is the primary
       improvement with the type 2 remailer, Mixmaster.

   Remailer RSA keys with Mixmaster:
       Mixmaster has its  own  rudimentary  key  management,  and
       unique  key  file  format.   To  get the latest key from a
       remailer, send mail  to  the  remailer  with  the  subject
       remailer-key.   It will send you a file containing the key
       and a line for your type2.list file. The  line  after  the
       =-=-=-=-=   line  is  the  one  you  should  put  in  your



                     Mixmaster Version 2.0.4                    1





MIXMASTER(1)                                         MIXMASTER(1)


       type2.list file. If there is already a line with the  same
       remailer name, the new line should replace it.

       The  remailer key is every thing between the Begin Mix Key
       and End Mix Key, including those  lines.  You  should  add
       that  text  to your pubring.mix file. You may also include
       any text outside of the begin and end  lines  to  identify
       the key.

       When  you  chain through a remailer, Mixmaster finds which
       key to use by looking at type2.list, and  then  finds  the
       corresponding key in pubring.mix.

   Using type 2 remailers:
       The  trend  towards ever more complicated remailer message
       formats has been clear for  some  time.  Several  programs
       have  been  written  to automatically build messages which
       will be remailed by several  remailers.  This  process  is
       called chaining.

       With  type  2 remailers it is no longer possible to create
       these messages by hand.  Mixmaster  takes  a  message  you
       wish to send, a list of remailers to chain it through, and
       a final destination,  and  builds  the  packet  which  the
       remailers will use.

   Interactive use of Mixmaster:
       If  you  run  Mixmaster  with  no  arguments,  you will be
       prompted for all the required information.

       First you will be asked to specify the  final  destination
       of the message.  This is the full e-mail address where you
       want your message delivered.  Remember that the message is
       being  sent by the last remailer in the chain, so you must
       specify    the     full     internet     address     (e.g.
       name@machine.place.com),   you  may  not  use  local  mail
       aliases. You may enter  multiple  recipients  on  separate
       lines.  Hit return on a blank line to stop entering desti-
       nations.  You must have at least one.

       Mixmaster recognizes these special keywords ending with  a
       colon:
       null: for cover traffic.
       post: posts to the following newsgroup.

       Next  you  will  be asked to enter any headers you want to
       have inserted before the message. These are those lines at
       the    beginning    of   e-mail   messages,   like   From:
       fred@bedrock.univ.edu, or Subject: Party  invitation.   If
       you  want your message to have a subject when it is deliv-
       ered, you must enter a line like this:

       Subject: your subject here.




                     Mixmaster Version 2.0.4                    2





MIXMASTER(1)                                         MIXMASTER(1)


       Note that Subject must be  capitalized,  with  the  :  and
       space  as  shown.  (A  subject header can also be added by
       using the -s command line argument.)  When  you  are  done
       entering  headers, hit return. It is OK to have zero head-
       ers.

       You will now be presented with a list of remailers through
       which  you can chain your messages. The order in which you
       choose them is the order in which they will  be  traversed
       by your message. The remailers that can be used at the end
       of a chain are marked with an asterisk;  a  U  means  that
       according  to the list of reliable remailers, the remailer
       is unreliable at the moment. See  the  file  mix.list  for
       information  about  the  reliability  history  printed  in
       square brackets.

       You may choose up to 20 remailers, but remember  that  the
       reliability  and speed of the chain diminish as the number
       of remailers in the chain increases. Four is a  reasonable
       number  of  remailers  to  use.  It is fine to use a given
       remailer more than once in your chain. Press return  on  a
       blank line to stop entering remailers.

       You may enter 0 for the remailer and Mixmaster will choose
       a random remailer for you. This is particularly useful for
       routing   multipacket  messages  over  different  remailer
       chains. If specified in the configuration file,  Mixmaster
       can automatically select a remailer chain.

       Finally you will be asked what file you want to send. This
       must be an ASCII file. You may either enter the name of an
       existing  file,  or  you  may  choose to enter the message
       directly by typing - or stdin as the file  name.  This  is
       intended for use by scripts. There are no editing capabil-
       ities when using stdin. Enter the end  of  file  character
       (EOF is ^D) when you are done entering the file.

       Mixmaster  will  now build the type 2 remailer packet, and
       send it to the first remailer in the chain.

       List of statistics on remailer usage can be  requested  by
       sending the remailers mail with subject remailer-stats.

       -X     Seed  the  random number generator.  This should be
              done once, before  sending  messages  and  creating
              remailer keys.

MIXMASTER AS A REMAILER
       The  Mixmaster  remailer  accepts packets in the Mixmaster
       message format,  and  re-sends  them  to  other  Mixmaster
       remailers and - unless it is configured as a "middle only"
       remailer - to users.

       The same source  and  binary  is  used  for  the  remailer



                     Mixmaster Version 2.0.4                    3





MIXMASTER(1)                                         MIXMASTER(1)


       program  and  the  client  program.  The  remailer  can be
       installed on any Unix mail account.

       To install Mixmaster, run ./Install.  The  Install  script
       will ask a few questions and set up the remailer.

       All  remailer functions (as opposed to chaining functions)
       are invoked with capital letters on the command line.

   Support for cypherpunk remailer (type 1) messages:
       If you want to be able to handle type 1 messages  as  well
       as type 2, you can do so using the Mixmaster mail address.

       Set up the type 1 remailer just as though it were going to
       be  used  on its own, but do not set up mail forwarding to
       the remailer. That should go to Mixmaster.

       Edit mix.help to include the help  file  that  comes  with
       your  type 1 remailer. Add your type 1 key to keyinfo.txt.
       Edit mixmaster.conf, and define TYPE1 to  be  the  command
       line needed to run the type 1 remailer.

       Mixmaster  will  recognize  incoming  type 1 messages, and
       open a pipe to the program you specified. It will send the
       message to stdin of that process.

       You can set the type 1 remailer's sendmail to be mixmaster
       -Q, so the messages will be added to the reordering  pool.
       Mixmaster will add its disclaimer to all messages sent. If
       your type 1 remailer has its own disclaimer, add that line
       to  headers.del,  so  Mixmaster will filter it out, making
       type 1 and type 2 messages indiscernible.  -Q may  option-
       ally be followed by a Mixmaster destination.

OPTIONS
   Client mode options:
       -c     Indicates  that chaining rather than remailer func-
              tions are desired.  It is a NOP since  chaining  is
              the default operation.

       input.file
              If  a  filename is given, then this will be used as
              the input file. As in the interactive mode, you may
              choose  -  or  stdin.  No filename will be prompted
              for.

       -f     Filter mode.  All  prompts  suppressed,  but  input
              still accepted as described in the interactive sec-
              tion. The remailer list must be  specified  on  the
              command line.

       -m     Like  -f,  but  the  input is a message in Internet
              mail format. Be careful not to send any mail  head-
              ers that leak information about your identity.



                     Mixmaster Version 2.0.4                    4





MIXMASTER(1)                                         MIXMASTER(1)


       -d     Generate  a  dummy  message,  which  will  be  sent
              through 5..15  random  remailers  unless  specified
              otherwise  in CHAIN or using -l.  You should gener-
              ate cover messages to foil traffic analysis.

       -s subject
              Add a subject line to the message. The user  should
              not  include  Subject:  in  this string.  Mixmaster
              will not prompt for other headers if -s is used.

       -v 'Header: text'
              Add an arbitrary header line to  the  message.   -v
              can be used repeatedly.

       -n numcopies
              Create  multiple  copies  of  the  same message, to
              increase reliability of randomly  selected  chains.
              Only one copy will be delivered to the recipient.

       -o output.file
              Specifies  an  output  file rather than sending the
              message to the  first  remailer  automatically.  If
              output.file  is  -  or  stdout,  then  the remailer
              packet will be written to standard output.

       -O output.file
              As -o above, but it includes a "To: " line  so  the
              output file can be sent directly to sendmail.

       -to foo@bar.org
              Specifies  the  final  destination  of the message.
              Mixmaster will not prompt for other destinations if
              -to is used.

       -l 4 3 12 5 ...
              Specifies  the  list of remailers to chain through.
              This must be the last argument on the command line.
              A  maximum  of 20 remailers may be specified.  Mix-
              master will not prompt for other remailers if -l is
              used.  As  in the interactive mode, you may enter 0
              for a random remailer. Remailers may also be speci-
              fied by their name or address.

   Special command line arguments for scripts:
       Many scripts and other programs which will drive Mixmaster
       may need to know where Mixmaster keeps its files, and what
       remailers  it knows about.  There are two special commands
       to help with this. Both are executed before any other com-
       mand line options (-P then -T).

       -P     Write  the  Mixmaster  directory,  the  name of the
              remailer list and the mixmaster version to  stdout,
              each  followed  by  a newline.  The result is some-
              thing like:



                     Mixmaster Version 2.0.4                    5





MIXMASTER(1)                                         MIXMASTER(1)


                       /home/joe/Mix
                       type2.list
                       2.0.5

       -T     Write the list of remailers (usually type2.list) to
              stdout.

   Remailer functions:
       -G     Generate  a  new  key  pair.  The  private  key  is
              prepended  to  secring.mix,  the  public   key   is
              prepended to pubring.mix, and a new mix.key is cre-
              ated. The mix.key file  has  one  line  (after  the
              =-=-=-=-=)  which  goes in type2.list.  The rest is
              the new public key, which can be  appended  to  the
              public key file by a user who requests the key.

              The  mix.key file is mailed to anyone who send mail
              to the remailer with the subject remailer-key.

              When you generate a new key (if you keep  the  same
              passphrase),  the old key will still work. You must
              remove the key from  the  ring  when  you  want  to
              retire it permanently. This allows you to keep sup-
              porting the old key while the  new  key  is  propa-
              gated.

       -K     Update mix.key.

       -R     Process incoming mail, reading from stdin.  Mixmas-
              ter -R should be invoked from /etc/aliases  or  the
              .forward  mechanism.  A safer way to invoke Mixmas-
              ter is with the reorder package.

              Output can be redirected to a log file, but this is
              not required.  If you do, make sure that it is suf-
              ficiently writeable. The only  things  that  go  in
              this  log  file are failed messages, and error mes-
              sages.  If Mixmaster is  installed  on  a  personal
              account,  the output should be appended to the mail
              folder, to ensure that regular e-mail is delivered.
              All non-remailer messages will be sent to stdout.

       -S     Randomly select and send all but POOLSIZE messages.

       -L     Check all latent messages and converts them to reg-
              ular  messages  if  their  time  has passed.  Since
              there is no type 2 latent, -L has no effect.

       The functions -L and -S are typically  performed  periodi-
       cally using crond(8).

       If you are unable to run crontab(1) or at(1), you can pro-
       cess the pooled and latent messages each time a  new  mes-
       sage  arrives, using mixmaster -R -S -L in the .forward or



                     Mixmaster Version 2.0.4                    6





MIXMASTER(1)                                         MIXMASTER(1)


       /etc/aliases files.

       -Q     Read a  message  from  stdin  and  add  it  to  the
              reordering pool.

       -D     Will  be  used  to run Mixmaster as a demon waiting
              for socket connections in a future version.

CONFIGURATION
       The configuration both for the client and the remailer  is
       set   in  mixmaster.conf.   Unless  otherwise  noted,  the
       entries cannot contain whitespace.

       SENDMAIL
              Name and path of the sendmail(8)  program.  The  -t
              flag  is  required  (the  destination is in the To:
              header). Can contain whitespace.

              If SENDMAIL is set to outfile (this is the  default
              under  MSDOS),  Mixmaster  will write its output to
              files named outfile.nnn instead of mailing it.

   Client configuration:
       CHAIN  A chain for remailer messages, if you don't want to
              chose  them  manually.   0 means a random remailer.
              This chain can be overridden by  the  command  line
              option -l.  Can contain whitespace.

       NUMCOPIES
              Number  of  copies (see option -n).  This entry can
              be useful if you use a long CHAIN of random remail-
              ers. Default: 1.

       MINREL The minimum reliablity Mixmaster will require for a
              remailer to be  chosen  randomly,  in  %  (will  be
              ignored  if  no  reliability  information is avail-
              able). Default: 98.

       RELFINAL
              The minimum reliability for a remailer to  be  ran-
              domly  chosen  as  the  final hop, in %.  Mixmaster
              will  chose  the  most  reliable  remailer  if   no
              remailer reaches the minimum. Default: 99.

       MAXLAT The  maximum  latency  Mixmaster  will accept for a
              remailer to be chosen randomly, in hours.  Default:
              24.

       DISTANCE
              The distance after which a remailer can be selected
              again in a chain.  0 is a purely random  selection,
              20  means  previously-used  remailers  will  not be
              selected again. Default: 2.




                     Mixmaster Version 2.0.4                    7





MIXMASTER(1)                                         MIXMASTER(1)


       REQUIRE
              A list of ability flags  the  final  remailer  must
              have.  For example, set this entry to C if you want
              to send all messages  compressed.  Other  remailers
              will not be selected randomly. If they are selected
              by the user, Mixmaster will print a warning.

       REJECT A list of ability flags the final remailer  in  the
              chain  must not have.  Default: M (do not use "mid-
              dle only" remailers as the last hop).

       VERBOSE
              Mixmaster prints  information  about  the  selected
              chain if VERBOSE is set to 1.

   Remailer configuration:
       REMAILERADDR
              The  remailer's  e-mail  address. This entry has no
              default value.

       ANONADDR
              An e-mail address to appear in the From: header  of
              remailed messages. Defaults to the value of REMAIL-
              ERADDR.

       COMPLAINTS
              The address to which you want complaints about  the
              remailer sent (this is put in the comments block in
              the outgoing message header). Defaults to the value
              of REMAILERADDR.

       REMAILERNAME
              The  name of your remailer to be put in the message
              header on remailer responses. Can  contain  whites-
              pace.

       ANONNAME
              A  name to appear in remailed messages. Defaults to
              the value of REMAILERNAME.  Can contain whitespace.

       SHORTNAME
              A short name to identify the remailer.

       POOLSIZE
              The number of messages to be kept in the reordering
              pool at all times. Zero  means  to  remail  immedi-
              ately.  Five  means  there  will always be at least
              five messages in the pool at any time. If you  sup-
              port  a  type1  remailer  with reordering, its pool
              size should be  the  same  as  Mixmaster's  or  the
              remailer-stats report will be misleading.

       RATE   The fraction of messages to send each time the pool
              is processed, in %. A reduced rate can be useful to



                     Mixmaster Version 2.0.4                    8





MIXMASTER(1)                                         MIXMASTER(1)


              reduce  system load when lots of messages arrive at
              the same time  and  to  avoid  `flooding  attacks'.
              Default: 100.

       NEWS   News  posting  software. Set to mail-to-news if you
              want to use a gateway, or leave empty if you do not
              want  to  allow  posting.  Can  contain whitespace.
              Default: No posting.

       ORGANIZATION
              A string to be used in the  Organization:  line  of
              locally posted articles.

       MAILtoNEWS
              Address of a mail to news gateway to use to deliver
              news messages.

       TYPE1  Command line to execute for old style type  1  mes-
              sages.   Define this only if you wish to run a type
              1 remailer under the Mixmaster remailer.  Can  con-
              tain whitespace.

       FORWARDTO
              Where  to forward messages that do not match desti-
              nation.allow.  0 means random remailer. Can contain
              whitespace. Default: one random remailer.

       The following definitions can be set in mix.h:

       DISCLAIMER
              A  comment  to be inserted into the anonymized mes-
              sages.

       SPOOL  The default directory where Mixmaster will look for
              its files if MIXPATH is not set.

       PASSPHRASE
              If no passphrase is given at compile time, this one
              is used. If you are compiling a remailer, you  must
              do  this  at compile time by calling make with make
              system PASS='your pass phrase'.

       IDEXP  Time (in seconds) that packet ID  numbers  will  be
              kept.

       PACKETEXP
              Time  (in  seconds)  that  partially  reconstructed
              multi-part messages will be kept.

FILES
       mixmaster.conf
              Configuration file for Mixmaster.

       README Instructions.



                     Mixmaster Version 2.0.4                    9





MIXMASTER(1)                                         MIXMASTER(1)


       type2.list
              List of known type 2 remailers and their abilities.
              The first column is the nickname, the second is the
              address of your remailer, the  third  is  a  unique
              string  from  the remailer's key, the fourth column
              is the version string, and the  fifth  column  con-
              tains  information  about  the  capabilities of the
              remailer (C = compression, N = posting to news, M =
              middle only remailer).

       pubring.mix
              The remailers' public keys.

       mix.list
              List of reliable Mixmaster remailers.

   Remailer files:
       id.log List  of  used  packet ID numbers. They are used to
              prevent messages  from  being  sent  twice  (replay
              attacks).  If  this  file does not exist, Mixmaster
              will assume that you do not want packet ID logging.

       destination.block
              A  list  of blocked destination addresses. The mes-
              sage is dropped if the address  matches  a  regular
              expression  in  a line of this file (or a substring
              of the address is equal to a line  of  this  file).
              The search is case independent.

              In  a  regular  expression, a .  represents any one
              character; .*  stands for any sequence  of  charac-
              ters.  The dot itself is represented by \.  ^ means
              to start the comparison at the  leftmost  character
              of  the address; $ means to end it at the rightmost
              character.   For  example  whitehouse  matches  any
              address containing the string "whitehouse".  ^pres-
              ident@.*whitehouse\.gov matches the addresses pres-
              ident  may  have  at  any  computer  in  the white-
              house.gov      domain,      but      not      vice-
              president@whitehouse.gov.    \.gov$   matches   all
              addresses in the .gov toplevel domain, but  not  in
              .gov.au.

       source.block
              A  list of blocked source addresses. The message is
              dropped if the address matches a regular expression
              in a line of this file.

       destination.allow
              If this file exists, messages are delivered only if
              the address matches a regular expression in a  line
              of  this  file. All other messages are forwarded to
              another remailer.




                     Mixmaster Version 2.0.4                   10





MIXMASTER(1)                                         MIXMASTER(1)


       headers.del
              A list of unwanted message header fields. A message
              header  is  filtered  out  if  it matches a regular
              expression in a line of this file.

       mix.help
              Help file sent in response to remailer-help.

       mix.key
              File with the key and a line for  type2.list,  sent
              in  response to remailer-key.  To change this file,
              modify keyinfo.txt or mixmaster.conf, then run mix-
              master -K.

       keyinfo.txt
              Information  about  the  remailer key.  May contain
              type 1 PGP remailer keys.  keyinfo.txt is prepended
              to mix.key.

       coerce sendmail  replacement, to prevent abuse and traffic
              analysis of type-I messages.

       Makefile
              Edit CFLAGS if you want  debugging  information  in
              the  object  code.   Remove  USE_RX  if you want to
              block  addresses  by   case-independant   substring
              search   instead  of  regular  expressions.  Remove
              USE_ZLIB if you don't want to support  compression.

       mailXXXXXX
              Pool of processed remailer messages.

       latXXXXXX
              Latent messages.

       pacXXXXXX
              Packets of partially processed multi-part messages.

ENVIRONMENT
       MIXPATH
              Full path to the directory with Mixmaster's  files.

SEE ALSO
       premail(1),  pgp(1), sendmail(8), procmail(1), crontab(1).

AUTHOR
       Lance Cottrell <loki@obscura.com>










                     Mixmaster Version 2.0.4                   11


