# /etc/mixminiond.conf -- for use with mixminion 0.0.5 # $Id: mixminiond.conf,v 1.48 2004/04/19 03:47:16 nickm Exp $ # This is a configuration file for the mixminion anonymous remailer. Edit # this file, install it in /etc/ (or elsewhere, if you specify a # command-line argument for mixminion), and you're ready to go. # # This file format will probably change between now and version 1.0. Watch # out. [Host] # Uncomment this line to define a 'secure delete' command to overwrite # deleted files. (This isn't as secure as you think: see the comment in # Common.py). # # If you do not specify a value for this option, and we can't find # /usr/bin/shred, we fall back on an internal implementation. # # This is the default command: we just zero out files and unlink them. # This choice protects against root (on a non-journaling filesystem), but # not against an attacker with deep hardware wizardry and resources. # ShredCommand: /bin/rm -P # Uncomment this line if your system uses a different entropy generator. # This file must be a character device that produces a truly random # bytestream. # #EntropySource: /dev/urandom # Ordinarily, Mixminion tries very hard to make sure all your file # permissions are reasonable. Sometimes it is too paranoid for its # own good. When this happens, you can either mark certain users # ('system', 'dev', and so on) as trusted, or disable file paranoia entirely. # FileParanoia: yes TrustedUser: _mixminion [Server] # Location of all mixminion keys and file queues. You don't need to # create this directory; mixminion will do it for you. # # Note that mixminion is fairly strict about its directory permissions: # its BaseDir below must be mode 700 and owned by whatever uid mixminion # runs as, and all directories above the BaseDir must be writeable by # nobody except mixminion and root. # # Don't worry though: Mixminion should give you helpful error messages if # you get this wrong. # # (This option used to be called 'Homedir'; either spelling will work.) # BaseDir: /var/spool/mixminion # By default, all mixminion-related files are stored in subdirectories # of 'BaseDir'. You can override default placement with the options below. # All relative paths are resolved with respect to 'BaseDir'. # # Here are the defaults: # #KeyDir: ./keys #WorkDir ./work #QueueDir: ./work/queues #PidFile: ./pid #LogFile: ./log #StatsFile: ./stats # # Here is an alternative layout: # #BaseDir: /var/lib/mixminion #KeyDir: /var/lib/mixminion/keys #WorkDir: /var/lib/mixminion/work #QueueDir: /var/spool/mixminion PidFile: /var/run/mixminion/mixminion.pid LogFile: /var/log/mixminion #StatsFile: /var/log/mixminion/stats # Minimum severity of messages to include in log file. Allowable values # are: 'NEVER', 'FATAL', 'ERROR', 'WARN', 'INFO', 'DEBUG', and 'TRACE'. # If you don't define this, it will default to 'WARN'. # # Warning! If you use 'DEBUG' or 'TRACE', the log will contain messages # that could compromise anonymity. Because mixminion is in alpha stage # right now, however, you may well want to log at one of these levels. # #LogLevel: DEBUG # Change this to 'yes' to make the server echo log messages to stdout. # #EchoMessages: no # Do we keep track of numbers of packets received and so on? This is # on by default. # #LogStats: yes # Over how long a time period do we aggregate statistics? Every time this # interval elapses, all current statistics are flushed to a file. # #StatsInterval: 1 day # How many bits should the server use for its long-lived 'Identity' keys? # Must be between 2048 and 4096. # IdentityKeyBits: 4096 # How often should the server rotate its public keys? If you rotate often, # you need less storage space for message hash logs, and messages sent # using your old keys are less vulnerable to compromise... but if you rotate # too often, your server may drop messages that use out-of-date keys. # # You can't rotate keys more than once a day. # PublicKeyLifetime: 3 weeks # How long after a key rotation should the old key still work? # # (This should be fairly long, since messages can be delayed in the # network when servers go down. If it's *too* long, however, you # enable delaying attacks.) # PublicKeyOverlap: 24 hours # Use this option to define a 'nickname' for this server that users will # use as a 'friendlier' version of your identity key. # Nickname: nINj4 # Use this option to define an administrative contact for the remailer. # # This email address should probably be handled by a _different_ # computer from the Mixminion server, so that you can get email when # the server is down. # Contact-Email: nINj4@2.1337.2.rE6.7h3.In57411.60k5 # Use this field for information that users of your remailer may want to # have. Must be no longer than 1024 characters. # # NOTE: Users will not necessarily see this field before they use your # remailer. # Comments: This server has been running Mixminion since version 0.0.8alpha2 Of course, since Mixminion is still in alpha (or since we haven't edited our configuration file since Mixminion came out of alpha), you shouldn't trust us with your anonymity yet. The user who installed this node also never edited his default conf as suggested by the docs. He must be one 1337 h4x0r, I would trust him. ############ # Use ONE of these sets of options to configure the pooling algorithm. # # For now, I recommend option one below, even though it's the least secure. # It will help us test the system, and distinguish node failure from # low volume. By version 1.0, we'll change the default. # # (1. A Timed mix sends out all messages in the pool every interval. # RECOMMENDED FOR TESTING.) # MixAlgorithm: Timed MixInterval: 10 minutes # # (2. A DynamicPool mix always keeps at least 'MixPoolSize' messages in the # pool, and never sends out more than 'MixPoolRate' of the messages.) # #MixAlgorithm: DynamicPool #MixInterval: 30 minutes #MixPoolRate: 50% #MixPoolMinSize: 5 # # (3. A BinomialDynamicPool mix is a randomized version of DynamicPool. # When a DynamicPool mix would send P of N messages, a # BinomalDynamicPool mix sends each message with probability P/N.) # #MixAlgorithm: BinomialDynamicPool #MixInterval: 30 minutes #MixPoolRate: 50% #MixPoolMinSize: 5 ############ # Longest period of inactivity to wait before shutting down a connection. # #Timeout: 5 minutes # Should we start the server in the background? (Not supported on Win32.) # Daemon: yes # How much data are we willing to upload or download in a single second? # (If you don't set this, the bandwidth is limited only by your network # connection.) # #MaxBandwidth: 32K # OTHER VALUES FOR THESE OPTIONS ARE NOT YET SUPPORTED; don't edit this # line. Mode: relay [DirectoryServers] # When you are ready for other people to start using your server, # uncomment this line to publish your keys to the world. # # After you uncomment this line, __do not__ delete your server's # keys, or else your new keys will not be recognized by the directory! # #Publish: yes [Incoming/MMTP] # Use this option to set your IP address. We'll try to guess, but we might # guess wrong, especially if you have multiple network interfaces. # # NOTE: Older (pre-0.0.6) clients will use this value instead of the # hostname below, so please be sure it is correct. It will go away in # 0.0.8. # #IP: 0.0.0.0 # Use this option to set the DNS name that clients will use to look up your # IP address. We'll try to guess, but we might guess wrong. Newer clients # and servers will send you messages based on your hostname, but older ones # will still use your IP, so make sure that both fields are correct. # # You can use an IP address here instead, if you are _completely certain_ # that your server's IP address will never change. # # NOTE: If you can, you should probably make this name point to a separate # DNS entry for your mixminion service. That way, you can move your # remailer to a different server in the future without changing this entry # and disrupting traffic. # #Hostname: mixminion.your.network.here ######################### ######## NOTE: If you're running a middleman server, and you don't have an ######## unusual configuration, you probably don't need to edit anything ######## below this line. ######################### # Port that clients should connect to. # #Port: 48099 # Use these options if the address above that you tell clients about is not # actually the address you want to listen on. You only want to do this if # you're using some kind of port forwarding scheme. Otherwise, ignore # these options. # #ListenIP: 0.0.0.0 #ListenPort: 48099 # OTHER VALUES FOR THESE OPTIONS ARE NOT YET SUPPORTED Enabled: yes #Allow: * [Outgoing/MMTP] # How often should we try to deliver packets if the recipient can't be found # or delivery fails for some other transient reason? # # Note: No matter how frequent a retry interval you specify, we only retry # messages every time a MixInterval has elapsed. Thus, if you say "every 5 # minutes for 1 day", but MixInterval is 30 minutes, we only retry every # half hour. # # By default, we retry every 60 minutes the first day, and every 7 hours # for the next 5 days thereafter. #Retry: every 1 hour for 1 day, every 7 hours for 5 days # # You can specify more complex retry intervals. Uncomment this line to # retry after 1 hour, then after 2 hours, then every 4 hours for a # week, then every day for half a month. #Retry: 1 hour, 2 hours, every 4 hours for 1 week, every 1 day for .5 months # How many outgoing connections will we open at a time? If no value is # given, we might potentially have an open connection to every other # Mixminion server. # #MaxConnections: 16 # OTHER VALUES FOR THESE OPTIONS ARE NOT YET SUPPORTED Enabled: yes #Allow: * ############### # Uncomment this section to enable 'MBOX' delivery, using a local SMTP # server to deliver messages to a set of preconfigured addresses. Put # the addresses in some address file, in the format: # mysteryfred: fred@fred.com # Then, users can send messages to these users as # "mbox:mysteryfred@yourserver's-nickname". # #[Delivery/MBOX] #Enabled: yes #AddressFile: #ReturnAddress: <"From:" address to use> #RemoveContact:
#SendmailCommand: sendmail -i -t #SMTPServer: localhost #Retry: every 7 hours for 6 days # Note that 'MaximumSize' is calculated for uncompressed messages, before # base-64 encoding. #MaximumSize: 100K # Should we allow clients to set the username portion of the 'From' address # at all? (Note that this only allows them to set the 'USER' part of the # address "[Anon] USER" .) #AllowFromAddress: yes ############### # Uncomment this section to enable delivery of SMTP messages via a local # SMTP server. Watch out! This may violate your ISP's terms of service. # # If you want to block outgoing mail to certain addresses, you will need # to install a blacklist file. There's a template in etc/blacklist.conf # to get you started. # #[Delivery/SMTP] #Enabled: yes # # You must specify _one_ of these next two options. SendmailCommand _must_ # read an RFC822 message and take its To: and From: lines from the message # headers. It must interpret EOF as message end, not '.'. SMTPServer can # be the hostname of any SMTP server. # #SendmailCommand: sendmail -i -t #SMTPServer: localhost # # Default subject line to use when the user doesn't supply one. #SubjectLine: Type III Anonymous Message # # String to prepend to any user-supplied From address. #FromTag: [Anon] # # Replace these next two entries with reasonable defaults. #BlacklistFile: . #ReturnAddress: <"From:" address to use> # # (Note: all lines but the first must be indented to get a multi-line message) # #Message: This is a Type III anonymous message, sent to you by the Mixminion # server at SERVER. If you do not want to receive anonymous # messages, please contact ADMIN. For more information about # anonymity, see URL. # #Retry: every 7 hours for 6 days # # Largest allowable message size. Calculated for uncompressed messages, before # base-64 encoding. # #MaximumSize: 100K # # Should we allow clients to set the username portion of the 'From' address # at all? (Note that this only allows them to set the 'USER' part of the # address "[Anon] USER" .) # #AllowFromAddress: yes ################# # Uncomment this section to enable delivery of SMTP messages via the Type II # ("Mixmaster") network. This when only be useful while we're bootstrapping # the Type III network, and don't have a lot of people who can run long-lived # SMTP exit nodes. # # You must install the Mixmaster client locally to use this module. # #[Delivery/SMTP-Via-Mixmaster] #Enabled: yes # Path to the Mixmaster binary #MixCommand: /home/minion/Mix/mix # Server (or comma-separated list of servers) to use as our relay. #Server: lcs #SubjectLine: Type III Anonymous message #FromTag: [Anon] # #Retry: every 7 hours for 6 days #MaximumSize: 100K #AllowFromAddress: yes ################# # Uncomment this section to enable server-side reassembly of fragmented # messages. # #[Delivery/Fragmented] #Enabled: yes # This size is calculated _before_ message uncompression. #MaximumSize: 100K # How long do we wait to receive enough fragments before we give up # and drop the message. #MaximumInterval: 2 days