[Remops] bomb threats

remop at hermetix.org remop at hermetix.org
Fri Aug 31 22:47:36 BST 2007


On Fri, Aug 31, 2007 at 12:13:23PM +0100, Bananasplit Admin wrote:
> On Thu, Aug 30, 2007 at 07:36:26PM -0400, remop at hermetix.org wrote:
> 
> > I think it made all remailers participating in it share a central dest.blk.
> 
> In effect, yes.  The Remailer operator just periodically downloads the
> rab.blk file from a central resource and mixmaster automatically reads
> it, the same as it would dest.blk.

I'm not sure how this should work. Seems like there is two level built
into mixmaster, dest.blk and rab.blk so I guess it means that there
still should be a possibility of adding an address to the individual
block list of a remailer participating in the RAB thus blocking your
address only from this particular remailer.

The other option (not having two levels) would amount to sharing a
common dest.blk so there would be no need anymore for a separate rab.blk.

I like the first way, but mixmaster doesn't seem to have a command for
adding an email to the rab.blk so users can't add themself through a
remailer to the global list as they can to the local one on that
remailer.

So should I upload every new blocked address I get in my dest.blk to
your rab.blk? Then, what is the logic, why would there be two levels
in mixmaster?

I'd rather just have a destination-block command and a rab-destination-block
command to allow more flexibility, anyway.

> There's no point having a RAB that only one remailer
> honours.

I agree, but your already not the only one anymore ;)
I'll send you my updates regularly. More if you make it simple to automate.

> > There could be website where users could get a list of participating
> > remailers and enter their address(es) to be blocked. There has to be
> > some address ownership verification scheme involved, of course.
> 
> I'm considering doing this using a Challenge Response system but I don't
> want to spend a lot of time setting it up unless remops think it's a
> good system.

I have implemented a little hack around mixmaster that does just that
while also validating the blocking requests by email confirmation.

By default, mixmaster does not send confirmation emails when accepting
a block request. It must do some internal validation (at least known
remailers!) but I didn't check.
 
For the validation itself I use ASK (http://a-s-k.sourceforge.net/)
wight slight modifications. I use it through procmail, but it can also
be used directly at the MTA level.

I have setup an example form on a web page so users can add their addresses
to the local OR global list.

http://www.hermetix.org/?q=node/31
(This should be used for testing purposes only, right now.)

The icon is from the original RAB project. I think it's free for use.
I would like to point it to your service, but I'm not sure what
url I should use. I also need to update my abuse.txt and abuse section
of the site,

mixmaster doesn't support removing your address from the list either.
I think I could do it with commands like "rab-destination-allow" and
"destination-allow". The only problem is I'm not sure how mix does the
locking of dest.blk. I would have to verify that first and then use
a compatible locking mechanism.

It's a fairly simple hack and it probably need to be secured better (it
does accept arbitrary user input...) and using procmail has its processing
cost but the procmailrc, html, php and patches to ASK are available on demand
to those who would like to set it up. I think this should be coded directly in
mix not worked around it, but It seems like it didn't implement rab support
to its full extent, following its own logic.

About rab.blk, I didn't check how and if that file was used by mixmaster,
so sorry if I'm mistaken about aspect of this feature.

As usual, any comments are welcome.

Cheers!
--
Hermetix Admin

P.S:

The web site (www.hermetix.org) is pretty new (as is everything with
hermetix), it's still pretty much an empty shell with stuff I picked up
here and there and news from other sites.  I hope its lack of original
content and poor design doesn't offend anyone ;)

It serves mostly as a firewall for complaints to my provider and as
a link to the different statistics and status reports. Eventually I'd
like it to become more as a gateway to anonymity and privacy ressources
On the web. In time it could even grow into some kind of privacy portal.
I'm not sure yet.

BTW I used Drupal for the CMS: http://drupal.org so I have all the support
for community stuff buil-in. If anyone's interested, I'll take suggestions.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mixmin.net/pipermail/remops/attachments/20070831/e20565d2/attachment.pgp 


More information about the Remops mailing list