[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MAIL: Using "nobody"
Karl Lui Barrus:
>Using "nobody" as a remailer is pretty interesting ;) the only problem
>being you have to be root or be allowed to choose your own username.
Yes, you need to be root.
>I don't understand: why can't the somebody do a telnet to port 25 and
>"vrfy nobody" to see if it points to /dev/null? Or find out if mail
>is piped to a script?
When I do this to different machines where "nobody" is aliased to
different things, I always get "Nice address".
But even if there was some way to tell by accessing something on my
machine, I can make my machine lie. Really. Do I need to get my
machine to lie for me? Can anyone detect any difference between the
"nobody"s on cs.cmu.edu, furmint.nectar.cs.cmu.edu, and
alex.sp.cs.cmu.edu?
>> So it would be nice if sites with remailers would set the "nobody"
>> alias to point to their remailer to start this convention. Assuming
>
>Again, a pretty good suggestion, but I don't think most remailer
>operators can do this even if they wanted to. I know I couldn't have
>with remailers I've run in the past.
It does not need to be all of them to work. Even if only a few places
do this, it is still good cover.
If there is some mail going to "nobody" on my machine, maybe I have
some "black-net" operation running off of my machine, or maybe mail is
all getting dropped in the bit bucket like "nobody" on standard
machines. From outside you can not be sure. It could just be L. D.
trying to make it look like I am up to something.
If there was a witch hunt for encryption use, someone might send lots
of encrypted mail to someplace like [email protected], and the fierce
witch hunters might try to burn someone who was not a true witch.
-- Vince