[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[minion-cvs] Update man pages, add more, start distributing them
Update of /home/minion/cvsroot/src/minion/etc
In directory moria.mit.edu:/tmp/cvs-serv7604/etc
Modified Files:
mixminiond.conf mixminionrc.5
Added Files:
mixminiond.conf.5
Log Message:
Update man pages, add more, start distributing them
--- NEW FILE: mixminiond.conf.5 ---
.\" $Id: mixminiond.conf.5,v 1.1 2004/03/23 00:06:12 nickm Exp $
.\" Copyright (c) 2004 Nick Mathewson -- see LICENCE for licensing information
.\" "man mdoc.samples" for information on how to tag the document.
.\" Type nroff -mdoc mixminion.1 | less
.Dd March 21, 2004
.Dt MIXMINIOND.CONF 5 Anonymity
.Os GNU/Linux
.Sh NAME
.Nm mixminiond.conf
.Nd Mixminion server configuration file
.Sh SYNOPSIS
.Bl -tag -width Ds -compact
.It Pa $HOME/mixminiond.conf
.It Pa $HOME/etc/mixminiond.conf
.It Pa /etc/mixminiond.conf
.It Pa /etc/mixminion/mixminiond.conf
.El
.Sh DESCRIPTION
.Nm mixminiond
reads its configuration first from the command line, then from its
configuration file, then from its built-in defaults. To find a configuration
file, the software looks in the following locations:
.Bl -enum -offset indent -compact
.It
the configuration file specified with the command-line
.Fl f | Fl \-config
flag, if any.
.It
.Pa $HOME/mixminiond.conf
.It
.Pa $HOME/etc/mixminiond.conf
.It
.Pa /etc/mixminiond.conf
.It
.Pa /etc/mixminion/mixminiond.conf
.El
.Pp
The file itself is line-based, with lines grouped into sections. Blank line
and lines beginning with '#' are treated as comments. All section headings
and entries must appear in the first column.
.Pp
Each non-comment line is either a section header, of the format
"[SectionName]", or an entry of the format "Key: Value". Values may continue
on to later lines by indenting the lines after the first, as in an
RFC822-style message. All names are case-sensitive. Unless otherwise noted,
sections and entries may appear in any order, but no section or entry may
appear more than once.
.Pp
We describe the recognized entry keys below, grouped by section.
.Ss The [Host] Section
.Bl -tag -width ".Cm EntropySource"
.It Cm ShredCommand
A program (such as 'shred -u') used to securely delete files.
.Bq Default: use internal overwrite-and-delete functionality.
.It Cm EntropySource
A character device to provide secure random data for generating keys and
seeding the internal pseudorandom number generator. Not used on Windows.
.Bo Default: try
.Pa /dev/random ,
.Pa /dev/srandom ,
and
.Pa /dev/random
in an appropriate order.
.Bc
.It Cm TrustedUser
The username of a user who should not trigger "file paranoia". For example,
if
.Pa /home/
is owned by the user "system", setting "TrustedUser: system" would prevent
warnings on startup.
This option may appear more than once.
.Bq Default: none.
.It Cm FileParanoia
Boolean: If true, check file permissions on private files and directories and
their parents.
.Bq Default: yes
.El
.Ss The [Server] Section
.Bl -tag -width ".Cm EntropySource"
.It Cm BaseDir
Location to store server files. This is the only file location that you need
to specify; all others default to subdirectories of
.Pa ${BaseDir} .
Defaults to
.Pa /var/spool/minion .
.It Cm Homedir
An obsolete synonym for "BaseDir".
.It Cm LogFile
A file to hold the server log. Defaults to
.Pa ${BaseDir}/log .
.It Cm StatsFile
A file to hold the server stats log. Defaults to
.Pa ${BaseDir}/stats .
.It Cm KeyDir
Directory to hold the server's keys and certificates. Defaults to
.Pa ${BaseDir}/keys .
.It Cm WorkDir
Directory to hold volatile or large data, such as messages, replay logs, and
so on. Defaults to
.Pa ${BaseDir}/work .
.It Cm QueueDir
Directory to hold messages and packets. Defaults to
.Pa ${WorkDir}/queues .
.It Cm PidFile
File to hold the process identifier of the current server process. Defaults
to
.Pa ${BaseDir}/pid .
.It Cm LogLevel
The minimum severity of messages to send to the server's log; log messages
less severe than this will be ignored. Recognized severities are:
.Bl -tag -width "ERROR"
.It FATAL
An unrecoverable error affecting the entire server and causing an immediate
shutdown.
.It ERROR
An unrecoverable error affecting a single packet or message.
.It WARN
A warning message. This may reflect an error that has resulted in no lost
data, or a worrisome situation that may not actually be an error.
.It INFO
A non-error message describing server status. Logging these messages should
not affect users' anonymity.
.It DEBUG
A verbose debugging message. Logging these messages can fill up your disk
space, and keeping the logs can endanger users' anonymity.
.It TRACE
A hyper-verbose debugging message. Logging these messages can fill up your
disk space rapidly, and keeping the logs will endanger users' anonymity.
.El
LogLevel defaults to "WARN".
.It Cm EchoMessages
Boolean: should the server send log messages to standard output as well as to
the log file? Used for debugging. Defaults to "no".
.It Cm Daemon
Boolean: should the server start in the background? (Not yet supported on
Windows.) Defaults to "no".
.It Cm LogStats
Boolean: should the server keep track of packet statistics such as number of
packets received? Defaults to "yes".
.It Cm StatsInterval
Interval: how often should the server flush packet statistics to disk?
Defaults to "1 day".
.\" .It Cm EncryptIdentityKey
.It Cm IdentityKeyBits
How large should the server's signing key be, in bits? Must be between
2048 and 4096. Defaults to "2048".
.It Cm PublicKeyLifetime
Interval: How often should the server rotate its public key? Must be at
least one day. Defaults to "30 days".
.It Cm PublicKeyOverlap
Interval: How long after a server's public key stops getting used should the
server continue to accept messages using that key? Defaults to "24 hours".
.\" .It Cm EncryptIdentityKey
.It Cm Mode
Should the server relay messages or not? Currently, only "relay" is
supported.
.It Cm Nickname
What nickname should the others call the server? These nicknames must be
unique; must contain only letters, numbers, and hyphens; and must start with
a letter. They should be easy to type, and not too long. Once your server
has published its keys and been included in the directory, you can't change
its nickname without becoming a different server.
.It Cm Contact-Email
An email address that people can use to contact the server's administrator.
Generally, this email address should not depend on the same computer or
network hosting the server it describes--otherwise, people will have no way
to tell the administrator if the network problems.
.It Cm Comments
A string to include in your server descriptor's "Comments" section. You may
want to describe the server's stability, policies, and so forth.
.\" .It Cm ModulePath
.\" .It Cm Module
.It Cm MixAlgorithm
What approach should the server use to delay messages in its Mix pool and
prevent blending attacks? The recognized algorithms are:
.Bl -tag -compact -width "DynamicPool"
.It Timed
Store messages as they arrive, and try to deliver all messages every time
.Va MixInterval
elapses. Not secure, but useful for debugging.
.It DynamicPool
Store messages as they arrive. Every time MixInterval elapses, sends
messages chosen at random, such that it always keeps MixPoolMinSize messages
in the pool, never sends unless it has over MixPoolMinSize messages, and
never sends more than MixPoolRate of the messages in the pool. This
algorithm is also called "Cottrell" or "Mixmaster".
.It BinomialDynamicPool
Store messages as they arrive. Every time MixInterval elapses, send a
\fIrandomly chosen\fP number of messages based on the number that DynamicPool
would send. This algorithm is also called "Binomial" or "BinomialCottrell".
.El
Defaults to "Timed".
.It Cm MixInterval
How often should the server consider flushing messages from the mix pool?
See MixAlgorithm for more informatino. Defaults to "30 min".
.It Cm MixPoolRate
Fraction: When running with the DynamicPool or BinomialDynamicPool algorithm,
how much of the pool do we flush at once? See MixAlgorithm for more
information. Setting this value too high can enable some blending attacks.
Defaults to "60%".
.It Cm MixPoolMinSize
Fraction: When running with the DynamicPool or BinomialDynamicPool algorithm,
how many messages do we try to keep in the pool? Setting this value too low
can enable some blending attacks. See MixAlgorithm for more information.
Defaults to "5".
.It Cm Timeout
Interval: In general, how long do we wait for another computer to respond
on the network before assuming that it is down? Defaults to "5 min".
.It Cm MaxBandwidth
Size: If specified, we try not to use more than this amount of network
bandwidth for MMTP per second, on average.
.It Cm MaxBandwidthSpike
Size: If specified, we try not to use more than this amount of network
bandwidth for MMTP per second, ever.
.El
.Ss The [DirectoryServers] Section
.Bl -tag -width ".Cm EntropySource"
.\" .It Cm ServerURL
.\" .It Cm PublishURL
.It Cm Publish
Boolean: should the server advertise itself to the directory servers? Don't
turn this on until you want users to start using your server. Defaults to
"no".
.Pp
Do \fInot\fP set this option to "yes" before you are reasonable confident
that you like your server's configuration, and that it will stay up for a
while. In particular, please do not delete your server's keys after you have
published it, or else the directory will not accept your new keys.
.\" .It Cm MaxSkew
.El
.Ss The [Incoming/MMTP] Section
.Bl -tag -width ".Cm EntropySource"
.It Cm Enabled
Boolean: should the server accept incoming packets? Must be "yes".
.It Cm Hostname
A public hostname that other servers can reach your host by resolving. This
hostname \fImust\fP be reachable by others, or else they won't be able to
find your server. Defaults to the result of
.Xr gethostname 3 .
.It Cm IP
The IP address your server will tell others to connect to. Older versions
of Mixminion use this instead of
.Va Hostname .
If you don't provide this, Mixminion will try to guess your IP, but may
guess wrong.
.It Cm Port
The port your server will tell others to connect to. Defaults to "48099".
.It Cm ListenIP
The IP address your server will \fIactually\fP listen on. Use this option if
you are behind a firewall that forwards MMTP connections to your server.
Defaults to the value of
.Va IP .
.It Cm ListenPort
The Port your server will \fIactually\fP listen on. Use this option if
you are behind a firewall that forwards MMTP connections to your server.
Defaults to the value of
.Va Port .
.\" .It Cm Allow
.\" .It Cm Deny
.\" .It Cm ListenIP6
.El
.Ss The [Outgoing/MMTP] Section
This section configures the outgoing connections your server uses to transmit
Type III packets.
.Bl -tag -width ".Cm EntropySource"
.It Cm Enabled
Should this server deliver packets via MMTP? Must be "yes".
.It Cm Retry
RetrySchedule: how often, and for how long, should the server attempt to
deliver failing messages? Defaults to "Every 1 hour for 1 day, every
7 hours for 5 days".
.It Cm MaxConnections
Integer: How many outgoing connections, at most, will the server try to open
at once? Defaults to "16".
.\" .It Cm Allow
.\" .It Cm Deny
.El
.Ss The [Delivery/Fragmented] Section
This section configures server-side reassembly of fragmented messages.
.Bl -tag -width ".Cm EntropySource"
.It Cm Enabled
Boolean: Should the server reassemble fragmented messages at all? Default:
"no".
.It Cm MaximumSize
Size: What is the largest message size, after compression, that we will
try to reassemble?
.It Cm MaximumInterval
Interval: How long will the server hold fragments for a message before
giving up on the message? Defaults to "2 days".
.El
.Ss The [Delivery/SMTP] Section
This section configures outgoing email delivery.
.Bl -tag -width ".Cm EntropySource"
.It Cm Enabled
Boolean: Does the server support outgoing email? Don't enable this unless
you have your ISP's permission to run a remailer. Defaults to "no".
.It Cm Retry
RetrySchedule: How often, and for how long, should the server attempt to
send failed SMTP messages? Defaults to "every 7 hours for 6 days".
.It Cm SMTPServer
Hostname of the SMTP server that should be used to deliver outgoing
messages. Defaults to "localhost".
.It Cm MaximumSize
Size: Largest message size (before compression) that we are willing to
deliver. Defaults to "100K".
.It Cm AllowFromAddress
Boolean: Do we allow user-configurable return addresses? (Note that this
allows the user to set only the "Username" portion of the
\&'From: "[Anon] Username" <returnaddress>' header. Defaults to "yes".
.It Cm X-Abuse
What should the X-Abuse header of outgoing messages contain?
.It Cm Comments
What should the Comments header of outgoing messages contain?
.It Cm Message
If provided, a message to put before the content of any outgoing messages.
.It Cm FromTag
What should the 'tag' portion of outgoing return addresses contain? Defaults
to "[Anon]".
.It Cm ReturnAddress
Must contain an email address to put in the "From" header of outgoing mail.
.It Cm BlacklistFile
The name of a file describing which outgoing addresses to support. The file
format is line-based. Lines starting with # and empty lines are ignored.
Whitespace is ignored. All other lines take the format 'deny type value',
type is one of the following:
.Bl -tag -width "allhosts"
.It address
Match an email address, exactly. "Deny address fred@fred" matches "fred@fred"
and 'FRED@FRED'.
.It user
Match the part of an email address before the @, exactly. "Deny user fred"
matches "fred@fred" and "fred@alice", but not "bob@fred" or "mr-fred@alice".
.It onehost
Match the part of an email address after the @, exactly. "Deny onehost fred"
matches "bob@fred" but not "bob@fred.com" or "bob@host.fred".
.It allhosts
Match the part of an email address after the @, or any parent domain thereof.
"Deny allhosts fred.com" matches "bob@fred.com" and "bob@host.fred.com", but
not "bob@com".
.It pattern
match the email address if the provided regex appears anywhere in it. "Deny
pattern /./" matches everything; "Deny pattern /(..)*/" matches all addresses
with an even number of characters. See
.Xr perlre 1
for a description of the regular expression syntax.
.El
.El
.Ss The [Delivery/MBOX] Section
This section configures outgoing delivery to locally configured users via the
'MBOX' module.
.Bl -tag -width ".Cm EntropySource"
.It Cm Enabled
Should the 'MBOX' module be enabled? Defaults to "no".
.It Cm AddressFile
The name of file contain mapping mbox names to email addresses. The file
format is line-based. Blank lines and lines starting with '#' are ignored.
All other lines must be of the format "mboxname: emailaddress@example.com".
.It Cm RemoveContact
A contact address that users can email to be removed from the address file.
.It Cm Retry, SMTPServer, MaximumSize, AllowFromAddress, X-Abuse, \
Comments, Message, FromTag, ReturnAddress
See the corresponding entries in the [Delivery/SMTP] section.
.El
.Ss The [Delivery/SMTP-Via-Mixmaster] Section
This section is deprecated; it allows you to use Mixmaster to deliver
anonymous messages via the Type I/II remailer network. This feature was
useful when there were no Type III remailers that supported outgoing SMTP
delivery, but that time has long since passed.
.Ss Argument Formats
.Bl -tag -width ".Cm EntropySource"
.It Boolean values
Boolean values are case-insensitive. "Yes", "y", "1", "true", and "on" are
considered true; "No", "n", "0", "false" and "off" are considered false.
.It Intervals of time
Time intervals are given as a floating-point value, and a unit. The units
may be single or plural. Recognized units are "second", "sec", "minute",
"min", "hour", "day", "week", "month" (30 days), "mon", and "year" (365
days). "1.5 hour", "90 min", "90 minutes", and "5400 sec" are all the same
value.
.It Sizes
Data sizes are given as a numeric value and a unit. The units are
case-insensitive, and may be single or plural. Recognized units are "b",
"byte", "octet", "K", "KB", "M", "MB", "G", and "GB". If no units
are given, we default to "bytes". "524288 bytes", "524288", "512K",
"512 KB", and ".5 MB" are all the same size.
.It Retry Schedules
Delivery retry schedules are given as a comma-separated series of elements.
An element may be either an Interval, which indicates a single retry attempt
after that interval has passed; or a string of the format "every <Interval1>
for <Interval2>", which retries with a period of Interval1 until Interval2
has passed.
.Pp
For example, "5 minutes, every 10 min for 1 hour, 1 day", makes one attempt
after 5 minutes, and 6 more attempts at ten-minute intervals thereafter, then
one final attempt 1 day after that.
.Pp
Note: New deliveries are only attempted when MixInterval has passed; if the
intervals in a RetrySchedule are smaller than the value of MixInterval, they
are interpreted to mean, "Retry at the earliest opportunity."
.It Fractions
A fraction may be given as a floating point value between 0.0 and 1.0, or
a percentage (followed by a single percent sign).
.El
.Sh EXAMPLE
See the mixminiond.conf file in the standard Mixminion distribution for an
example.
.Sh AUTHORS
See the AUTHORS section in
.Xr mixminion 1 .
.Xr mixminion 1
.Sh SEE ALSO
.Xr mixminion 1
.Xr mixminiond 8
Index: mixminiond.conf
===================================================================
RCS file: /home/minion/cvsroot/src/minion/etc/mixminiond.conf,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -d -r1.46 -r1.47
--- mixminiond.conf 10 Mar 2004 19:34:59 -0000 1.46
+++ mixminiond.conf 23 Mar 2004 00:06:12 -0000 1.47
@@ -202,6 +202,9 @@
# When you are ready for other people to start using your server,
# uncomment this line to publish your keys to the world.
#
+# After you uncomment this line, __do not__ delete your server's
+# keys, or else your new keys will not be recognized by the directory!
+#
#Publish: yes
Index: mixminionrc.5
===================================================================
RCS file: /home/minion/cvsroot/src/minion/etc/mixminionrc.5,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- mixminionrc.5 18 Mar 2004 05:35:32 -0000 1.2
+++ mixminionrc.5 23 Mar 2004 00:06:12 -0000 1.3
@@ -3,7 +3,7 @@
.\" "man mdoc.samples" for information on how to tag the document.
.\" Type nroff -mdoc mixminion.1 | less
.Dd March 15, 2004
-.Dt MIXMINION 5 Anonymity
+.Dt MIXMINIONRC 5 Anonymity
.Os GNU/Linux
.Sh NAME
.Nm mixminionrc
@@ -67,12 +67,12 @@
warnings on startup.
This option may appear more than once.
.Bq Default: none.
-.It Cm FileParanoia boolean
-If true, check file permissions on private files and directories and
+.It Cm FileParanoia
+Boolean: If true, check file permissions on private files and directories and
their parents.
.Bq Default: yes
.El
-.Ss The [Host] Section
+.Ss The [User] Section
.Bl -tag -width ".Cm EntropySource"
.It Cm UserDir
Location to store a user's queued packets, cached directories, and so on.
@@ -179,7 +179,7 @@
ConnectionTimeout: 180 seconds
.Ed
.Sh AUTHORS
-See
+See the AUTHORS section in
.Xr mixminion 1
.Sh SEE ALSO
.Xr mixminion 1