[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (fwd) "Will You Be a Terrorist?"
[email protected] wrote:
> In any case, perhaps a way around this can be found: what we may
> need is "stealth remailers," software that will behave as a remailer
> through non-obvious "security holes" with correct cooperation from
> software the original user runs.
> For example, hack sendmail so that it never wants to reverse-lookup DNS
> and given a particular set of commands (saying "EHDR" for 'enhanced
> headers') will operate as an anonymous remailer. Such sendmail-hackage
> could be distributed with other changes that give enhanced security
> (for example, that turn off EXPN and VRFY) so that people could claim
> that they had no idea that they were operating an anonymous remailer.
When Sendmail gets a mail to an unknown user (e.g. [email protected]),
it will reject the mail. The relaying mailer is then supposed to bounce the
mail back to the author.
So if we forge the From: line, the mail should bounce back to the bogus
target. If I forge a mail as follows:
From: [email protected]
To: [email protected]
------blah blah blah-----
It should bounce and thus appear on the cypherpunks list, without a sender.
Of course, it will have paths, etc, which give the game away. What is
needed to give 'Stealth' remailing is a mailer that when seeing a header
such as 'X-Bounce-Strip: 1' removes headers and sends body text only back.
This is a useful feature to reduce network bandwidth when bouncing mail,
and should be included in all sendmails (grin).