Posted by JacobAppelbaum on Sat 30 Dec 2006 at 16:52
This is a document that explains how to install mixmaster and how to use it to send email, in an anonymous and secure fashion.
Mixmaster is described by the debian package system as:
Mixmaster is the reference implementation of the type II remailer protocol which is also called Mixmaster.
An anonymous remailer is a computer service that privatizes your email. A remailer allows you to send electronic mail to a Usenet news group or to a person without the recipient knowing your name or your email address. Anonymous remailers provide protection against traffic analysis.
This package provides both a client and an optional server installation.
First we'll install the mixmaster package:
root@nsa:~# apt-get install mixmaster Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libmailtools-perl Suggested packages: libmail-audit-perl libio-socket-ssl-perl mutt Recommended packages: libhtml-format-perl libcompress-zlib-perl postfix mail-transport-agent The following NEW packages will be installed: libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libmailtools-perl libtimedate-perl liburi-perl libwww-perl mixmaster 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. Need to get 1124kB of archives. After unpacking 3609kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://mirror.bytemark.co.uk sarge/main libhtml-tagset-perl 3.04-1 [13.1kB] Get:2 http://mirror.bytemark.co.uk sarge/main libhtml-parser-perl 3.45-2 [103kB] Get:3 http://mirror.bytemark.co.uk sarge/main liburi-perl 1.35-1 [87.8kB] Get:4 http://mirror.bytemark.co.uk sarge/main libwww-perl 5.803-4 [358kB] Get:5 http://mirror.bytemark.co.uk sarge/main libhtml-tree-perl 3.18-1 [208kB] Get:6 http://mirror.bytemark.co.uk sarge/main libtimedate-perl 1.1600-4 [32.8kB] Get:7 http://mirror.bytemark.co.uk sarge/main libmailtools-perl 1.62-1 [82.5kB] Get:8 http://mirror.bytemark.co.uk sarge/main mixmaster 3.0b2-1 [239kB] Fetched 1124kB in 0s (2607kB/s) Preconfiguring packages ...At this point you'll be prompted to configure mixmaster for updating remailer keyrings and reliability statistics. Unless you want to do this by hand, I suggest selecting the permenent option. Next you'll be prompted to select a pinger. A pinger is a program that collects the aformentioned keys and availability statistics. When prompted where to download statistics from I suggest using the noreply node. You will then be prompted to update the reliability statistics, select Yes. At this point the install will finish:
Selecting previously deselected package libhtml-tagset-perl. (Reading database ... 10885 files and directories currently installed.) Unpacking libhtml-tagset-perl (from .../libhtml-tagset-perl_3.04-1_all.deb) ... Selecting previously deselected package libhtml-parser-perl. Unpacking libhtml-parser-perl (from .../libhtml-parser-perl_3.45-2_i386.deb) ... Selecting previously deselected package liburi-perl. Unpacking liburi-perl (from .../liburi-perl_1.35-1_all.deb) ... Selecting previously deselected package libwww-perl. Unpacking libwww-perl (from .../libwww-perl_5.803-4_all.deb) ... Selecting previously deselected package libhtml-tree-perl. Unpacking libhtml-tree-perl (from .../libhtml-tree-perl_3.18-1_all.deb) ... Selecting previously deselected package libtimedate-perl. Unpacking libtimedate-perl (from .../libtimedate-perl_1.1600-4_all.deb) ... Selecting previously deselected package libmailtools-perl. Unpacking libmailtools-perl (from .../libmailtools-perl_1.62-1_all.deb) ... Selecting previously deselected package mixmaster. Unpacking mixmaster (from .../mixmaster_3.0b2-1_i386.deb) ... Setting up libhtml-tagset-perl (3.04-1) ... Setting up libhtml-parser-perl (3.45-2) ... Setting up liburi-perl (1.35-1) ... Setting up libtimedate-perl (1.1600-4) ... Setting up libmailtools-perl (1.62-1) ... Setting up libhtml-tree-perl (3.18-1) ... Setting up libwww-perl (5.803-4) ... Setting up mixmaster (3.0b2-1) ... Adding mixmaster user Adding system user `mixmaster'... Adding new group `mixmaster' (105). Adding new user `mixmaster' (105) with group `mixmaster'. Creating home directory `/var/lib/mixmaster'. Not starting Mixmaster Daemon: remailer mode not enabled in /etc/mixmaster/remailer.conf.You're now ready to use mixmaster as a client without further configuration. Intially I suggest using mixmaster one of two ways. First lets investigate sending a message with the ncurses gui. Execute mixmaster without any arguments:
ioerror@nsa:~$ mixmasterIt should look something like this:
Mixmaster 3.0b2 0 outgoing messages in the pool. m)ail p)ost to Usenet r)ead mail (or news article) d)ummy message s)end messages from pool e)dit configuration file q)uit Notice: Creating directory /home/ioerror/.Mix.The menus are simple. Merely press the first letter of whichever command you want to execute. Let's put a dummy message into the pool by pressing d. Dummy messages provide protection against traffic analysis. You should see something similar to the following but with a different chain:
Mixmaster 3.0b2 1 outgoing message in the pool. m)ail p)ost to Usenet r)ead mail (or news article) d)ummy message s)end messages from pool e)dit configuration file q)uit Chain: metacolo,borked,pboxmix,hastioSelect m to send email. You will be prompted to enter an email address and a subject:
Send message to: email@example.com Subject: Testing nsa mixAt this point you'll be brought to a screen that allows you to edit, encrypt, send, add a file and a myriad of other options. I suggest editing the message by pressing e. This will drop you into your default editor and you may now compose your message. When you're finished, you'll be returned to the main screen:
Mixmaster 3.0b2 - sending mail c)hain: *,*,*,* (reliability: n/a ) r)edundancy: 1 copies d)estination: firstname.lastname@example.org s)ubject: Testing nsa mix pgp encry)ption: no m)ail message e)dit message f)ile q)uit w/o sendingAt this point you can simply mail the message. It's also possible to select the chain of remailers or to increase redundancy by sending multiple copies. As an example, you can push c and you'll be given a list of nodes to route messages through:
Select remailer chain: a austria ************ 100.00% r 4096 **+********* 99.87% b banana *********+** 100.00% s cthulu ************ 99.57% c borked ************ 100.00% t dingo **+*****+*** 99.49% d cyberiad ************ 100.00% u daat ++++++++++ 99.46% e deuxpi **********+* 100.00% v kroken *+*****+*+++ 99.42% f dizum *+-********* 100.00% w bikikii +++-++++-+++ 99.35% g george ************ 100.00% x frell ----+----++- 99.37% h metacolo **#********* 100.00% y hastio -.-.-__...-- 99.24% i paranoia ************ 100.00% z antani ++++++++++++ 98.15% j pboxmix **********+* 100.00% A runaway *+**+***++*- 96.52% k randseed +********* 100.00% B citrus ---+++++++++ 92.51% l zerofree **#**####*** 100.00% C starwars -+++++++++++ 72.39% m anon ++++++++++++ 100.00% D vger *++**+****+* 60.42% n bird +*+*+**+++** 100.00% E bunker -+-++-++++-+ 37.79% o cside ++*++++++*++ 100.00% F tonga ---++_--+.-+ 37.07% p panta ++++++++++++ 100.00% q cripto *-**__.-**** 99.88% * select at random (reliability: n/a ) Chain:To select the chain, select the first letter preceeding the node you want to route through. With six nodes selected you should see something similar to:
* select at random (reliability: 100.00%) Chain: austria,anon,metacolo,bird,borked,randseedIf you were to select *, you'd notice the reliability change dramatically:
(reliability: n/a )At this point you can return to the previous screen, it should look something like this:
Mixmaster 3.0b2 - sending mail c)hain: austria,anon,metacolo,bird,borked,randseed (reliability: 100.00%) r)edundancy: 1 copies d)estination: email@example.com s)ubject: Testing nsa mix pgp encry)ption: no m)ail message e)dit message f)ile q)uit w/o sendingYou can mail the message, add a file, edit the messsage, send more copies, edit any of the other fields or quit to the main menu. I've decided to return to the main menu and fill the pool with dummy messages:
Mixmaster 3.0b2 3 outgoing messages in the pool. m)ail p)ost to Usenet r)ead mail (or news article) d)ummy message s)end messages from pool e)dit configuration file q)uit Chain: bikikii,dizum,kroken,paranoiaAnd finally I'll flush the pool and send them:
Mixmaster 3.0b2 0 outgoing messages in the pool. m)ail p)ost to Usenet r)ead mail (or news article) d)ummy message s)end messages from pool e)dit configuration file q)uit Done.Assuming that you'd like to send a message from your shell and not deal with ncurses you could also run the following commands:
cat << 'EOF' > /tmp/mixmaster Hi. This is the contents of my message. This has been a test of mixmaster on the commandline. EOFAnd then send that file twice with a dummy message:
ioerror@nsa:~$ mixmaster -v --firstname.lastname@example.org --subject="Using mixmaster from the commandline" \ --copies=2 -d /tmp/mixmaaster Mixmaster 3.0b2 Chain: bird,paranoia,cripto,cside borked,antani,metacolo,csideAfter a few days, I received one of my test messages. Here's the full message with headers included:
Return-Path: email@example.com Delivered-To: firstname.lastname@example.org Received: (qmail 18658 invoked by uid 89); 25 Dec 2006 17:07:12 -0000 Received: from unknown (HELO CuartoMenguante.hastio.org) (18.104.22.168) by 0 with SMTP; 25 Dec 2006 17:07:12 -0000 Received-SPF: neutral (0: 22.214.171.124 is neither permitted nor denied by SPF record at _spf.google.com) Received: from Spooler by CuartoMenguante.hastio.org (Mercury/32 v4.01b) ID MO00767E; 25 Dec 2006 18:06:36 +0100 Received: from spooler by hastio.org (Mercury/32 v4.01b); 24 Dec 2006 10:19:59 +0100 Received: from cuartomenguante (127.0.0.1) by hastio.org (Mercury/32 v4.01b) ID MG00762D; 24 Dec 2006 10:17:09 +0100 To: email@example.com From: firstname.lastname@example.org Date: 24 Dec 2006 09:17:09 -0000 Message-ID: email@example.com Subject: Testing mixer from gui Comments: This message did not originate from the above address. It was automatically remailed by one or more anonymous mail services. This service is free. Please report problems or inappropriate use to the address below. X-Remailer-Contact: http://remailer.hastio.org X-CC-Diagnostic: Test testAs you become more comfortable with using Mixmaster you may want to investigate it's integration with the popular mutt mail client. You might also be interested in running a Mixmaster server yourself. Visit the Mixmaster Source Forge page for more information on Mixmaster and on related anonymous remailer software.