[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Announcement of premail v. 0.20



Hi all,

   I am releasing premail, a remailer chaining and PGP encrypting mail
client, to the Net. If you are interested in using the cypherpunks
remailers, but are intimidated by them or simply find them too hard to
use, then this software can help. Premail will also PGP-encrypt and
optionally sign outgoing mail.

   The README file is attached. Please check it out and let me know
how you like it.


Raph Levien

-----------------------------------------------------------------------
README file for premail v. 0.20
27 Aug 1994 -- Raph Levien <[email protected]>

   Premail is a mail client for Unix workstations, supporting PGP
encryption and anonymous remailers. It can be used either stand-alone
or as a layer under your favorite user mail client.

   Premail has been designed to be as simple and transparent as
possible. Features include:

* Chaining of messages for cypherpunk remailers.

* Automatic selection of reliable remailers.

* PGP encryption and signing.

* Online and offline operation.

   Premail is designed to masquerade as sendmail. It accepts mail in
the same way, and takes the the same options, and providing additional
header fields for its privacy features. Thus, if you can get your mail
client to pass the mail to premail rather than sendmail, then you gain
the use of the privacy features without changing the way you send
mail.

   In the interest of simplicity, premail only handles outgoing mail.
It does not handle incoming mail, or PGP decryption.


Installation
------------

   This section explains how to set up premail for basic operation,
without PGP encryption. Use of PGP encryption is highly encouraged,
and is covered in a later section, as are configuration and advanced
features. This section assumes that your machine is connected to the
net when you run premail. It is capable of offline operation as well,
as discussed in a later section.

1. Get the source. Given that you are reading this file, you may have
already done this; if so, go to step 3. The latest version of premail
is available at:

   ftp://kiwi.cs.berkeley.edu/pub/raph/premail-0.20.tar.gz

2. Unpack it. To do this, run:

   gzip -dc premail.tar.gz | tar xvf -

3. See if you can run it. First, do "cd premail", then "./premail"
(without the "" marks in both cases). If it prints a usage summary,
you are in luck. If you get "command not found," then the problem is
most likely that your system's copy of perl does not live in /usr/bin.
Type "which perl" to find out where it actually is, then edit the
first line of the file "premail" to match that, and try again.

4. Copy premail into a directory in your path (this step is optional).
For example, if ~/bin is in your path, then do:

   cp premail ~/bin

   After this step, you probably want to run "rehash" so your shell
knows were to find premail.

5. Set up the premail configuration file by typing:

   cp .premailrc ~

6. Test whether premail really works, by typing:

   premail [email protected]
   Path: 1
   Subject: Test

   Does this really work?
   .

   If everything goes well, you should get a response from an
anonymous remailer in a few minutes. Then, premail is set up and ready
to use. You probably want to set up PGP as well, but you don't have
to. This and other configuration options are covered below. The
configuration options are controlled by the ~/.premailrc file, so you
might want to browse through it and tweak things to your taste.


Setting up premail for PGP
--------------------------

   When properly set up, premail will automatically encrypt outgoing
mail using PGP. This applies both to traffic routed through the
remailers, and to email encrypted for the final recipient, who would
use PGP to decrypt it. On the other hand, you can skip this section if
you don't want that.

   First, you need to make sure that you have PGP set up on your
machine. When you do, just type:

   premail -getkeys

   This will finger Matt Ghio's remailer list at
[email protected] . If this site is down, or if you are not
connected to the net, you should get the list from somewhere else. You
can specify either an email address to finger or a file. For example,
if you save the keys into remailkeys.asc, then you can run:

   premail -getkeys remailerkeys

   The messages from PGP will tell you that it's adding about a dozen
new keys to the keyring.

   You also need to tell premail that you've got PGP running, and have
added the remailer keys to your keyring. To do so, add the following
line to the ~/.premailrc file:

   $config{"encrypt"} = "yes";

   Also, if you've got PGP in a non-standard place, so that typing
"pgp" will not call it up, then you need to add this line to the
~/.premailrc file:

   $config{"pgp"} = "/wherever/you/put/pgp";

   The vox remailer has a problem with MIT PGP 2.6. Thus, premail will
by default not encrypt mail going through vox. If your PGP version is
2.3a or 2.6ui, then it should work fine, so add this line:

   $config{"oldpgp"} = "pgp";

or, if PGP is in a nonstandard place,

   $config{"oldpgp"} = "/wherever/you/put/pgp";


Integration with user mail clients
----------------------------------

   Without premail, outgoing mail works as follows. After you compose
your mail, your mail client hands it off to a program called sendmail,
which forwards it to the Net. Sendmail (written by Eric Allman at UC
Berkeley) knows a lot about email addresses, networking, and so on,
but very little about privacy and security. That's the job of premail.

   It is possible to use premail in either mode: under your client, or
by itself. Either way will give the same features, it's just that
integrating it with your client will be more convenient to use (if a
bit harder to set up). To use premail, type:

   premail [email protected]

and enter your mail as you normally would, ending with either
Control-D or a line with just a . on it. Or, you can prepare an email
message with your favorite editor, and send it with

   premail -t < your.file


   To add premail support to emacs, just add this line to your .emacs
file:

(setq sendmail-program "/your/premail/pathname/here")

   With other mail clients, you should be able to use a similar
technique. Contact me if you need help with a particular client.

   If you are root on your machine, you can install premail in
/usr/lib/sendmail, so that it will work for _all_ mail clients. This
is a fairly bold move, so it would be wise to test this carefully
before doing so. To do so, move the existing sendmail into, say,
/usr/lib/real_sendmail . Then, add the line

   $config{"sendmail"} = "/usr/lib/real_sendmail";

to premail. Finally, copy premail to /usr/lib/sendmail. If you choose
to do this, let me know how well it works out.


Using the privacy features
--------------------------

   Premail has two important privacy features: chaining through
remailers, and PGP encrypting the messages.

   To chain through the remailers, simply add a header line such as

   Path: 3

to your mail. The number 3 says how many remailers you want it to
chain through. Three is a good compromise between privacy on the one
hand and speed and reliablilty on the other. The remailers will
automatically be selected for their reliablity and speed, using the
remailer list I maintain (finger [email protected] to
see it).

   If you want to specify a particular sequence of remailers, you can
do that. For example, if you are very fond of the idea of your mail
crossing national boundaries, you might want to send it through
Canada, Austria, and Holland, in that order:

   Path: extropia;wien;usura

   When using the Path field, your identity will be completely
obscured. If the recipient tries to reply to your mail, it will get
nowhere. You can specify a reply address using the Anon-From field:

   Anon-From: [email protected]

   The Anon-From field only shows up in mail which goes through the
remailers. In ordinary mail, it will be ignored. So, you can put it in
all of your mail without worrying about compromising your identity. In
fact, you can make premail automatically use it in all anonymous mail
by adding this line to your ~/.premailrc file:

   $config{"anon-from"} = "[email protected]";

   Similarly, if most of the mail you send will be through the
remailers, then you can set premail to do that as the default. Add
this line (or whatever path you want, if not 3) to ~/.premailrc:

   $config{"defaultpath"} = "3";

   Then, whenever you want to send non-anonymous mail, add this header
field:

   Path: ;


   The other important privacy feature is the ability to PGP encrypt
outgoing mail. This works whether or not you use the remailers. The
recipient's key must be in your public key ring before you can encrypt
mail to them. Then, all you have to do is add this mail header field:

   Key: user_id

   The mail will be encrypted with this user_id. It will be formatted
using the MIME content type of application/x-pgp. If the recipient has
a MIME-capable mail reader, they can set it up to automatically call
PGP when receiving encrypted mail. Otherwise, you don't need to worry
about it.

   You can also have premail automatically sign your mail, as well.
This feature is a potential security problem, so use it with caution.
Add these lines to your ~/.premailrc:

   $config{"signuser"} = "your_user_id";
   $config{"signpass"} = "your pass phrase";

   Again, a warning: in doing so, you have just stored your pass
phrase in a disk file, which is considered a security no-no. On the
other hand, if you are using this for medium-security applications, or
if you have good control over access to your machine, then it should
be OK; certainly a _lot_ better than not using PGP at all. The
~/.premailrc file should always have -rw------- (600) permissions. Use
with caution.


How to use the cypherpunks remailers like anon.penet.fi
-------------------------------------------------------

   Even though the cypherpunks remailers do essentially the same
things as anon.penet.fi (though faster and with better privacy), they
work quite a bit differently, and can be somewhat intimidating.
Premail can help.

   First, you will need to get an anonymous alias. At this time, the
only cypherpunk remailer which will do this for you is "avox", or
[email protected]. To get the alias, do:

   premail [email protected]
   Subject: alias
   Path: avox

   Hopefully, this will assign me an alias.
   .

   In a few hours, you will get email back with an alias of the form
[email protected] .

   Then, when you send anonymous email, give your alias as the reply
address. Here is an example:

   premail [email protected]
   Anon-From: [email protected]
   Path: 3

   Hello, if you reply to this, mail will get to me.
   .

   Unfortunately, unlike penet, avox does _not_ make the person
replying anonymous. The best way for them to be anonymous is to use
the cypherpunks mailers as well (hopefully by using premail!).


How to post to Usenet
---------------------

   The easiest way is to use a mail-to-Usenet gateway. For example, to
post to alt.skydiving, just send mail to [email protected] . A
full list is available by fingering [email protected], or
from http://www.cs.berkeley.edu/~raph/ghio-remailer-list.html .


Extra goodies
-------------

   Premail supports a few more features, for advanced users. These
include: offline mail preparation, logging, a password for penet, and
a debugging mode. The configuration options specifying these are
described in the ~/.premailrc file, which is what you would need to
edit. Have fun!