• Win95, Win98, or WinNT (3.51 or later)
  
• PGP version PGP 6.x, 5.5.3x or 2.6.x (RSA and IDEA support required)
  
• Mixmaster 2.0.4 [b45 or later required] (optional)
  

Note: If using PGP 5 or 6, simply install the program. Note that remailers have RSA keys, and use conventional encryption. Thus your version of PGP must support RSA encryption and decryption, and conventional IDEA encryption. At the time of this writing, many US freeware versions of PGP 5 and 6 do not contain this support. See below for versions which do. PGP version 5.0 is not supported.

Cyber Knights Templar - PGP 5.5.3ckt and 6.0.2ckt - US and International Freeware Versions

International PGP Homepage's PGP 5.5.3i - International Freeware

To install PGP 5 or 6 for use with Reliable, follow the installation instructions for PGP. Be sure to avoid PGP's Encrypt To Self features, which may compromise your users' anonymity, by disabling PGP's Preferences|Always encrypt to default key

The following instructions only apply if you are using PGP 2.6.x with Reliable. Reliable uses a standard PGP 2.6.x installation plus the required setting of armorlines=0 in config.txt.

WinNT Users: Autoexec.bat is not used to set environment variables in WindowsNT. Instead, go to My Computer|System Properties|Environment to set your PATH variable, or My Computer|Properties|Environment to set PGPPATH.

• Unzip all PGP files into a PGP folder.

• Append PATH in autoexec.bat to include your PGP folder. (REQUIRED)
  e.g. PATH=c:\windows;c:\pgp

• Set PGPPATH in autoexec.bat to your PGP folder. (REQUIRED)
  e.g. SET PGPPATH=c:\pgp

• Set armorlines=0 in PGP's config.txt file (REQUIRED)
  e.g. armorlines=0

• Be sure to avoid EncryptToSelf features by setting the following in PGP's config.txt:
  

          EncryptToSelf = OFF
          MyName = YouForgotToSpecifySignID
      

• To avoid keyring reading problems, it is recommended that you set CharSet = latin1 in PGP's config.txt.
  e.g. CharSet = latin1

• Add all remailer keys to your PGP keyring.
  

IMPORTANT: Reliable requires Mixmaster 2.0.4b45 or later. There are problems in earlier versions of Mixmaster which may cause serious malfunction. Reliable does not currently support Mixmaster 2.9 or later.

Note: Reliable is designed so that you don't have to edit multiple config files. When using Reliable you will generally not edit Mixmaster files directly. Be advised that Reliable will overwrite the following files in your Mixmaster file path:

        mixmaste.con
        destination.blo
        source.blo
        mixmaste.htm
        id.log
        pac*
        ma*
        tm*
    

If you are currently running Mixmaster (as client or remailer), you should make backup copies of these files while testing Reliable.

Note: Installation of Mixmaster is required only if your remailer is mix, remix, or remix2

WinNT Users: Autoexec.bat is not used to set environment variables in WindowsNT. Instead, go to My Computer|Properties|Environment to set MIXPATH, if desired. (Reliable does not require the MIXPATH environment variable to be set.)

• Unzip the Mixmaster distribution to a folder such as C:\MIX.

• Set Reliable's Options|Configuration|Mixmaster Program Path to the appropriate folder.

• Select Tools|Get New Mix Keys.

Note: Win95 long pathnames and filenames, including installation path, should work properly with Reliable. However it is important to choose a DOS compliant and very short Work Path, and a DOS compliant Mail Path. A Work Path of C:\TMP is recommended. Avoid using the program path as a Work Path, particularly with beta versions. The Work Path is set in Options|Configuration.

Note: Be sure to read the Setup Instructions in the Operator's Manual after installing to avoid unnecessary problems. Also make use of Tools|Self Test to verify your configuration.




• Run setup.exe

• If your primary language is not english, consult the Language Files section of this manual for installation of alternate language files.

• One POP3 account.
  
• One SMTP account.
  

• Properly install PGP (required) and Mixmaster 2.0.4 (optional).

• Install Reliable.

• Configure your remailer settings and options in Options|Configuration.

• Create a PGP and Mix key for your remailer.

• Select Tools|Self Test.

The following Global settings are critical:

Remailer Name - The short common name for your remailer.

Remailer Address - The email address where users send mail to be remailed. Include only the address - no name or other text.

Remailer From Header - The address and name which will appear in the From header of remailed messages. This does not need to be a genuine address. Some ISPs require a valid address or domain in the From field. Also, if your bounces bounce, they may be forwarded to the ISP postmaster. To send bounces to an address different than your From header, set Send|SMTP From Address.\\Example: nobody@do.not.reply (Example Remailer)

Middleman Enable - Will your remailer send only to other remailers?

News Enable - Do you allow posting via Anon-Post-To? You must also set Send|News Route to either a mail2news gateway address (i.e. mail2news@network.com) or to an NNTP server address (i.e. news.isp.com).

Work Path - Where should Reliable write temporary files? This is an important setting, and should be set to a very short path, such as C:\TMP or shorter.

Mail Path - This is where most mail is stored.

Mail Dump Path - Plain (non-remailer) messages sent to the account are moved to this folder (unless you enable their deletion). If this path is a Jack B. Nymble mail folder the messages will appear in the View Mail window of JBN. For other clients, the mail is in standard UNIX Message File Format.

PGP Version - You must specify whether you are using PGP 2.6.x, or PGP 5 or 6.

IMPORTANT: Even if you disable CPunk, your remailer still executes CPunk directives, and the other CPunk settings still apply. Reliable remailers are a CPunk/Mix hybrid - all CPunk directives may be used with Mix messages. Don't ignore this section just because you're running a mix-only remailer.

Cypherpunk Enable - Does your remailer accept CPunk messages? If True, you must create a PGP key for your remailer.

Mixmaster Enable - Does your remailer accept Mixmaster messages? If True, you must create a Mix key for your remailer. If False, AND if your remailer is not remix or remix2, then you do not need to install Mixmaster, and may ignore the rest of the Mix configuration settings.

Mixmaster Program Path - This is the folder containing mixmaste.exe.

Retrieve|POP3 Username
Retrieve|POP3 Password
Retrieve|POP3 Server
Send|SMTP Server
Send|News Route - Only if Global|News Enable is True.

Once you have completed the above settings, save your configuration. You may receive an error that the key(s) for your remailer are missing from either PGP or pubring.mix. Any other errors must be addressed before continuing.

To create a PGP or Mix key, use the Generate Key functions in the Tools menu. (PGP 5 and 6 users: Create your key in PGPKeys.) It is also recommended that you paste both your keys into Options|Configuration|Files|remailer-key, so users can obtain the key by sending mail with the subject: remailer-key.

• Keyring
  Reliable accesses your default PGP keyring, and does not require or use additional rings. All remailer PGP keys (including your own) should be added to your keyring. Reliable does not extract keys from your keyrings except through the Tools|Copy Key (to clipboard) menu item (PGP 2.6.x) or Tools|View PGP Keyring (PGP 5 and 6). Reliable stores a list of the key UserIDs on your keyring in Reliable.DAT, and uses this list to ensure that you have the necessary keys on your ring. The key UserID entries containing the addresses of remailers (Configuration|Files|Remailer Capabilities) are made public via remailer-conf requests.

  When used with PGP 2.6.x, Reliable requires that a remailer's address be in the primary UserID of its key.

  Please also note the The Importance of Regular Key Change section.

• Passphrase
  If using PGP 2.6.x, your remailer's PGP key should have a passphrase of moderate length (40-60 character max). Long phrases may cause decryption errors and lost mail. For additional security consider relocating your keyrings to an encrypted virtual drive. (See Jack B. Nymble's help manual for instructions.)

• Passphrase Entry IMPORTANT
  It is very important that you enter the correct passphrase. If the passphrase is incorrect, mail will be Trashed. If this occurs, requeue the Trash. (No duplicates will result.) Reliable will prompt for your passphrase on startup, or you may use Tools|Enter PGP Passphrase.

  There are several ways that Reliable can help insure your passphrase is correct. The best way is to enter your passphrase and click "OK & Test". Reliable will create and decrypt a message using your passphrase.

  For a faster but less sure method, enter your passphrase twice (once in each box), and click "OK & No Test".

  The best method is to run Tools|Self Test every time you start your remailer (enable Options|Auto Start-Up|Self Test). This will do a more complete check including passphrase, and only takes a few seconds.

  Reliable will also accept your PGP passphrase on the command line as follows:

              reliable.exe -z"Your Passphrase Here"
  

  
  If your passphrase contains spaces it must be enclosed in full quotes as shown.

  Combined with Options|Auto Start-Up|Start Master, this allows Reliable's start-up to be automated. However, note that your passphrase may be vulnerable in the programs or shortcuts which run Reliable. Because of this, sending your passphrase on the command line is generally not recommended. If you do use this method, consider locating your PGP keyrings on an encrypted drive for additional security. Please see the Security Considerations section for more information.

• DSS/DH And Multiple Keys
  Reliable supports DSA (DSS/DH) keys if used with PGP 5 or 6. IMPORTANT: If you create a DSA key for your remailer, you must also provide an RSA key for users and other remailers using PGP 2.6.x. Older remailer clients do not support DSA keys.

  In some cases, other remailers may distribute two keys, RSA and DSS/DH. To specify which key should be preferred when encrypting to other remailers, set Global|PGP Preferred Algorithm. (This setting applies to PGP 5 or 6 users only.)

• Files
  Reliable is designed so that you generally don't have to edit Mixmaster's files. All your options are set in Reliable. Be aware that Reliable overwrites mixmaste.con and other files. All source and destination blocking should be done from within Reliable, and type2.lis and pubring.mix should be edited in Configuration|Files. If you do need to add an additional setting in mixmaste.con, there is a place reserved for this purpose at the end of the file. Use with caution.

• Key Storage
  If running a mix remailer you must generate a mix key (Tools menu). The public key is stored in mix.key, and the secret key in secring.mix. You should also add your key to pubring.mix, type2.lis, and to Options|Configuration|Files|remailer-key.

• Key Passphrase
  Your Mix key does not have a passphrase. To improve security it is recommended that you store your key on an encrypted virtual drive, or decrypt it to a RAMDrive before running Reliable. (The location of secring.mix may be set in Configuration|Mix.)

• Key Flags
  The 'M' flag (denoting a middleman remailer) and the 'N' flag (denoting Anon-Post-To support) on your remailer's Mix key should be updated to reflect these settings in Reliable. For example:
  

      example example@test.com fd1a9b9543825069d827b782a1 2.0.4b42 MCN
  
      

  This signifies the remailer is middleman and has News Enable set. Remove a flag to indicate the function is not used.

• Self Test IMPORTANT
  If your remailer is mix, it is very important to select Tools|Self Test after performing any key maintenance or making configuration changes. It is highly recommended that you use Mixmaster 2.0.4b45 or later. Earlier versions have problems which may cause serious system-wide malfunction.

  Also beware of drives which have limited space, or other problems which may occur when Mixmaster is run. If you do discover a problem after mail has been processed, be sure to requeue the Trash and MailProb folders. (No duplicates will result.)

• Packet ID Logging
  It is important that Mix ID Log Enable be set to true, and that IDEXP be at least 168 hours (one week). Disabling this function will make your remailer susceptible to replay attacks, and will cause your remailer to output multiple messages when the Chain feature is used.

• Multi-Packet Message Storage
  Multi-Packet messages are stored in the Mix File path by Mixmaster as pac* files. Be sure this folder has adequate space. Do not delete these files until they are at least a week old, or mail will be lost. You can set the amount of time these messages are kept in Mix|PACKETEXP.

• Centralized Pooling and Blocking
  Note that Reliable centralizes all pooling, blocking, and middleman features. These functions in Mixmaster are not used.

• 24/7 Public Remailer
  Reliable can be run 24 hours a day, 7 days a week, periodically retrieving, processing, and sending mail for the public. Your remailer can be listed on stats pages, and the keys distributed. The remailer can be CPunk, CPunk/Mix, or Mix. Your remailer may have an RSA key or have both RSA and DSS/DH keys.

  Reliable's Middleman features can be enabled, meaning that any messages which are not destined for an approved remailer will be routed through a random remailer, so that recipients do not see your remailer as the final sender.

  News posting can be enabled on your public remailer, allowing users to post to newsgroups via a dedicated mail2news gateway or a local or public NNTP server. Conversely, news posting can be prohibited or limited as necessary.

• Queued Public Remailer
  If you aren't connected to the net 24 hours a day, you can still run a public remailer. Mail is stored at your POP3 server until you log on to retrieve and send, once or several times a day. Reliable can also be configured to automatically dial in to your ISP at regular intervals you specify, and disconnect the line when idle.

  Alternatively, Reliable can watch for a net connection, and anytime you're online, it will automatically begin functioning. When you're offline, it will go into Sleep Mode.

• Private Remailer
  A private remailer can be run for a selected group or region. Use of the remailer can be limited to word-of-mouth invitation, or further controlled by requiring PGP/Mix encryption, and only distributing your remailer key to a select group. Lists of allowed senders and recipients, or domains, can be configured, or a password can be required in the headers of incoming mail.

  Later versions of Reliable will provide the ability to ping remailers and produce stats pages, allowing networks of private remailers to be set up.

• Local System Remailer
  Reliable can be set up on a computer to improve the anonymity of a single user. In this case, the remailer is only used by the operator. Reliable's pooling, latency features, and dummy traffic generation can be used to make traffic analysis of mail going into and out of your computer more difficult. [More Information]

• Account Sharing
  The availability of free POP3 servers on the net makes it easy to set up a dedicated POP3 account for your remailer. Or, if you prefer, Reliable can share a POP3 account with your other email. Any non-remailer messages sent to the account can be left on the server for retrieval by your email app, or may be retrieved by Reliable and automatically moved to a JBN mail folder (the Mail Dump folder).

  Another method of account sharing is to use a forwarding address for the remailer. Reliable can be configured to only retrieve mail which contains its own address in the To header, leaving other mail on the server to be retrieved by another program.

• Jack B. Nymble Integration
  Jack B. Nymble version 1.3.3 provides integration with Reliable. Regardless of which configuration you're using, you can inject your own email directly into your Reliable remailer's message pool, without it leaving your system. This provides for much improved handling of multi-packet Mixmaster messages, for example.

  Both Reliable and Jack B. Nymble store messages in Unix Message File Format, which means the programs are compatible for all message handling tasks. For example, any message retrieved by Reliable can be moved to JBN's Inbox and viewed or decrypted in JBN's View Mail window. Reliable can also be easily configured to send all plain, non-remailer messages directly to any JBN mail folder.

• Make Stats Only
  Reliable includes functions to ping remailers and create remailer reliability web pages. These functions may be used even if you aren't configuring a remailer on your system.

• Other Configurations
  Reliable comes with a preset configuration designed to get your remailer up and running. Changes can then be made gradually to customize performance. The Reliable configuration window provides context sensitive descriptions of each of the 100+ configuration options, and what affect it has. Additionally, Reliable includes extensive configuration checking and self-testing to prohibit faulty setups.

If an enable button is inactive (cannot be pressed) this means your configuration is insufficient or has errors.

All sessions may be enabled by pressing the Master button in, or individual sessions may be enabled.

At the bottom of each session console there is a Flush Log button, which erases the console log and resets the counters, and a Start button which enables and attempts to start the session. Note that the Session Manager will automatically start sessions - the start button need be used only when you want the session to run immediately. For example, to check for mail immediately, select the Retrieve tab and press Start.

Before running any sessions it is recommended that you run Tools|Self Test. This will detect many configuration and setup problems, and will avoid lost mail. Run Self-Test as often as possible, such as when starting the program, and anytime your configuration changes.

The Session Manager will initiate a Retrieve session every Mail Check Time Minimum minutes when no other sessions are running. Mail will be scanned first if Scan Enable is True. Scanning mail *may* accomplish the following (depending on configuration):

• Oversize messages may be deleted or deferred without being retrieved. (This does not require Scan Enable)

• Large messages may be deferred (left on server) when load is high. (This does not require Scan Enable)

• Source blocked messages are deleted without retrieval

• Source disallowed messages may be deleted or deferred without retrieval

• Plain (non-remailer) messages may be deleted without retrieval, or may be left on the server for retrieval by another program.

• Non-encrypted (PGP or Mixmaster) messages may be deleted without retrieval

• Multiple messages (exceeding Message Count Maximum) from the same sender may be deleted or deferred without retrieval

After scanning (if enabled) suitable messages are retrieved. A single retrieval session will last no longer than Mail Retrieval Time Maximum minutes if another session is enabled.

Note that messages which are retrieval-deferred (left on the server due to large size) are not subject to Process|Deferral Maximum. If load remains high they will remain on the server indefinitely. If your load is usually high, you should probably set Large Message Defer Enable to False.

If Retrieve|MD5 Hash Expire is set to a non-zero value, Reliable will implement a replay cache by hashing each incoming message during retrieval, and duplicate messages will be deleted. Duplicate messages and multiple messages from the same sender (includes remailers) may also be limited using the Retrieve|Message Count Exceeded method.

Retrieved mail is stored in the MAILIN folder (located in the Mail Path) in UNIX Message File Format. Only mail messages intended for processing should be placed in this folder.

If errors occur during retrieval, the session will be terminated and the error reported to the Session Manager. Retrieval will be attempted again the next time a Retrieve session is initiated. (Errors should cause only temporary termination of retrieval.)

The Session Manager initiates processing whenever the MAILIN folder is non-empty and Retrieval has terminated. (Allow up to one minute for arrivals to be detected.)

Processing may also be initiated to produce dummy messages. These are, when possible, routed back to your remailer as Null messages. This creates cover traffic both in and out of your remailer even when load is low. Dummy messages are either encrypted and inflated CPunk, or Mixmaster, or both, depending on configuration.

Plain messages are sent to the Mail Dump if Keep Plain Mail is true, otherwise they are Deleted. Large messages may be Deferred (moved to the MAILDFR folder) when load is high. Remix-To messages may also be deferred. Deferred messages are processed when load is not high or when they have been deferred for longer than Deferral Maximum minutes.

Output messages are stored in MAILOUT and NNTP, and are queued either according to a Latent-Time directive, or according to Pool Minimum Random Latency and Pool Maximum Random Latency. Use these settings to control the average latency of your remailer.

If a message's single destination is your remailer, the message is sent directly to the MAILIN folder (is not queued for SMTP). If a message is PGP encrypted or Mixmaster, after decryption the original message is disposed and the decrypted message becomes the new process source. Thus you may find messages which seem to appear out of nowhere. This processing technique eliminates the need for repeated decryption in the case of requeued Trash, Problem, and Deferred messages.

If a decryption yields a message which exceeds Message Threshhold Oversize it is Deleted. If the message is Large, it may be deferred.

After a message is processed it is Disposed.

Processing will last no longer than Process Time Maximum minutes if another session is enabled.

The Session Manager initiates a Send session whenever Processing has terminated and MAILOUT is non-empty. A Send session will not be initiated until at least 5 minutes have elapsed since the last Send session terminated.

Messages may be mailed up to 6 minutes before their scheduled mail time. This helps improve the accuracy of Latent-Time directives and compensates for other delays. After a message is mailed, the mail files associated with it (*.Q0 and *.Q1) are deleted.

Reliable uses your computer's clock for message queuing. If you need to flush the mail queue, you can set your clock 5 days ahead, and all messages will be sent. However, in general this technique should not be used to alter send times because Latent-Time directives will be violated, reducing your remailer's security.

Destination blocking is re-performed just before sending. This means if you update your Destination Blocks, messages which have already been processed and queued will be deleted if they violate the block.

If errors occur during sending the session may be terminated and will not be reinitiated for at least 5 minutes. Errors should cause only temporary termination of sending. Failed messages may be move to the MAILOUT\Errors subfolder. These messages will automatically be requeued every 6 hours, and may also be requeued using the File menu. In some cases a problematic message in the Errors folder may need to be deleted manually.

Posting is handled identically to SMTP Send sessions, described above.

NNTP posting only applies if your remailer supports news posting (Global|News Enable) and Send|News Route is set to an NNTP server address.

• Delete
  Mail which has been processed successfully, non-remailer messages (if Keep Plain Mail is False), source-blocked and source-disallowed messages, completely destination-blocked messages, unsupported messages (PGP Only/Mixmaster; Encrypt-Key; etc.), and incorrectly formatted messages are deleted.

• Trash
  Messages which incur a questionable failure during processing are sent to the Trash folder (in Mail Path). This does not necessarily indicate dysfunction. An example of such a failure is a PGP message which could not be decrypted (this could indicate the user encrypted with the wrong key, or it could indicate that your passphrase is incorrect). Expect occassional messages in the Trash folder, even with correct operation.

  If you consider your remailer to be operating correctly, you can and should delete messages in the Trash folder regularly. If there are possible problems, you can requeue the Trash folder (use File menu), and the messages will be reprocessed. If again they fail, they will be sent to the Trash folder again. In no cases should requeuing the Trash produce multiple output messages, so when in doubt, requeue the Trash. This will reduce lost mail.

• MAILPROB
  If processing fails, and the problem is definitely a configuration problem (such as a PGP failure, Mixmaster failure, insufficient random remailers, etc.) the message will be moved to the MAILPROB folder. An error will be displayed in both the Process and Manager consoles. Unlike Trashed messages, Problem messages should ALWAYS be requeued once the problem is corrected.

• MAILDFR
  Deferred messages are sent to the MAILDFR folder. Messages are deferred from processing when load is high (exceeds Global|High Load Threshhold). Large messages (larger than Message Threshhold Large) and Remix-To messages may be deferred depending on your configuration.

  It is not necessary to requeue deferred messages. They are automatically requeued when load is not high, or when they have been deferred for longer than Process|Deferral Maximum minutes.

• Mail Dump
  If Process|Keep Plain Mail is True, plain (non-remailer) messages will be moved to the Mail Dump Path.

URLs for currents Stats and key sources are configured in Options|Configuration|Stats. Each URL may specify an HTTP URL, a finger address, or a local disk file. Reliable will read stats in Version 1 and Version 2 formats, HTML and plain text.

A Stats session is initiated approximately every Refresh Stats Time. The first URL listed is attempted. If it fails, the next URL is retrieved, etc., until a successful download occurs.

If Refresh Capability Strings is checked, the strings in Files|Remailer Capabilities will be updated automatically. Only the primary CPunk or Mix URL (first listed) will be used to refresh strings. If it is offline, the strings will not be refreshed.

The Active Mixmaster Stats results are written to Mixmaster's mixmaste.htm (RELLIST) file.

After a download, the "i" information icon may show, indicating that new remailers are available, or other information. To see this information, simply click on the blue "i" icon.

The Keys URLs are used to specify locations of remailer keyrings. Specify your most complete source first. Keys are not downloaded automatically. You must be present to approve the key download. Key download may be initiated using the Tools menu. To be sure your remailers keys are up-to-date, it is recommended that keys be downloaded at least once per week.

In the case of Mixmaster type2.lis and pubring.mix URLs, a set of 2 URLs should be listed on each line, separated by a single semicolon (;). The left URL must be the type2.lis source, and the right URL must be the corresponding pubring.mix source.

After downloading keys, it is important to remove expired keys from your PGP keyring (using PGP directly). Having an expired key in addition to a current one may cause mail to be lost.

If a given remailer has both RSA and DH PGP keys, you may specify which is preferred for encryption by selecting Tools|View PGP Keyring, and placing a check mark next to the preferred key.

Mixmaster's keyring may be edited using Tools|View Mix Keyring.

IMPORTANT: After editing your Mixmaster and PGP keyrings, be sure to select Test|Self Test.

Note: If you run a public remailer and wish to be listed on stats pages, you should send an announcement, including your remailer key(s) and capability string, to remailer-operators@anon.lcs.mit.edu. For information on how to join this list, send a message to remailer-operators-request@anon.lcs.mit.edu. You may also announce your remailer in alt.privacy.anon-server and the Cypherpunks Mailing List.. (You can read this list on the web.)

You do not need to be running a remailer to use Reliable's Make Stats functions. However, you do need to have the appropiate PGP keys on your keyring, and Mixmaster installed, if applicable.

Notes:

• For a Make Stats session to start, Send must also be pressed. Reliable will send queued messages before creating the ping messages so that the pings can be sent immediately. It is important to send the ping messages immediately after creation to improve latency measurements.

• Be sure your system clock is accurate when using Make Stats. If other programs modify your system clock (such as Jack B. Nymble's Alter Time feature) be sure they do not change the clock when Reliable is generating or processing messages.

• For best results, keep the Send and Make Stats enable buttons pressed in at all times.

• Trailer and header files may be included to add additional information to the reports, such as links to PGP and Mixmaster keys, and additional information on how to interpret the data. For best results keep the trailer and header files short, containing mostly links to other pages with more information, so that automated download of your stats pages is faster.

When Reliable receives ping responses, it will build the stats files you have specified. You may also rebuild the stats files at any time by selecting Test|Rebuild Stats.

Chain Pings
If Make Stats|Ping CPunk Chains is True, Reliable will also test chains of remailers to determine their performance with Remail-To, Anon-To, Encrypt-To, and Remix-To headers. Remail-To instructs most remailers to send a message without additional encryption, while Anon-To messages may be transparently RePGPed or Remixed. The Encrypt-To and Remix-To results show what remailers support these directives, and also show what remailers correctly receive and process these messages.

Reliable tests all CPunk remailers with each header, even if the remailer is not listed as supporting repgp or remix. These remailer chains should fail. If they do not, the capability string for the remailer should be updated.

Because of the quantity of messages required to test chains, Reliable only generates one chain ping set once every three days. Thus for all four sets to be produced requires a 12 day cycle. Reliable discards response data after it is 14 days old.

This means that the chain ping reports are not up-to-the-minute statistics. Instead they show a composite of tests conducted within the last two weeks. This is designed to help identify remailer combinations which fail, and to determine what directives remailers actually support. To determine if a given remailer is currently reliable, the direct ping report should be consulted.

Machine and Chain Info
In addition to header and trailer files, a plain text file specified in Make Stats|Stats Machine Info File may be inserted into stats reports. This portion of the report is intended for machine reading, and should be in the standard format. This information is used to indicate remailer chains which are broken, and remailers which share the same machine. An example Stats Machine Info File follows:

Groups of remailers sharing a machine or operator: (remailer1 nymserver1) (remailer5 remailer6) Broken type-I remailer chains: (remailer1 remailer2) (remailer2 remailer1) (remailer4 remailer7) (.remix remailer7) (remailer8 .remix) Broken type-II remailer chains: (mixmaster1 mixmaster3)

The line "(.remix remailer7)" indicates that remix messages sent to remailer7 are lost. The line "(remailer8 .remix)" indicates that remailer8 is not remixing properly and messages intended to be remixed are lost.

Reliable does not maintain the information in the Stats Machine Info File. If you wish to include this section in your reports, you will need to maintain this file manually. (The CPunk Chain reports produced by Reliable give a good indication of broken chains.)

Once the stats reports have been created, they may be uploaded to a web site at regular intervals using the FTP Stats facility.

Reliable will upload the files every FTP Minimum Time Between minutes, providing the files have changed since they were last uploaded.

You can switch between DOS modes quickly using Ctrl-H and Ctrl-M. When you press the key Reliable must have the focus.

Retrieve and Send sessions will always run at the same speed, regardless of the DOS Mode setting. Thus if load is high it is more efficient to retrieve and send mail while you are using your computer (disable processing), and Process mail when you are not using your computer.

The other DOS Mode available is Window Paused. This will open a window when DOS runs, and the window will not close until you press a key. This allows you to troubleshoot, showing you some errors displayed in DOS. (To see some PGP, Mixmaster, and other errors, use Test|Show Last DOS Error.)

Note: If you leave Reliable unattended in Window Paused mode and a DOS session times out (because you aren't there to press a key), Reliable will automatically change the DOS Mode to Min with Focus, to prevent further timeouts. Thus a paused DOS window will not pause the program indefinitely. (To pause Reliable, press the Master button out, or use Test|Pause All Functions.)

Verbose
Verbose mode is enabled in the Options menu. This mode will cause Reliable to display more information in the console about what it's doing. In general Verbose mode should be turned off, so that only warnings and errors appear in the console. In this way, if you leave Reliable unattended for a period of time, any errors or warnings will still be visible when you return. If Verbose mode is enabled they will scroll off the console more quickly.

Alarm
Enabling Options|Alarm will cause Reliable to sound an alarm when a console error and/or warning occurs. The sound will play each time the Manager console is updated, or if no sessions are running, it will sound once per minute. To stop the alarm sound, simply click on the console text area. The alarm will not sound again, even if new errors occur, until after you have reset the error count (either by flushing the console logs or by clicking on the error icon).

The error sound may be customized by changing the file "error.wav" in the Reliable program folder. The warning sound is determined by "warning.wav". If you only want the alarm to sound for errors, and not for warnings, simply delete "warning.wav".

Focus Console
If Focus Console is checked, the console tab of the current session will automatically be brought to the top when the session starts. This keeps the currently running session in view. Note: This option is best turned off when Reliable is running in the background, as it will bring the Reliable window to the foreground each time a session starts.

Auto Start-Up
The options in Options|Auto Start-Up determine Reliable's behavior on program start-up, including prompting for PGP passphrase entry, automatically initiating a Self Test, and automatically pressing the Master button in to activate the session manager.

Verify Connection
If checked, Reliable will monitor the Windows dial-up connection status, and will not attempt to initiate net functions (Retrieve, Send, etc.) if your computer is disconnected from the net. As soon as a connection is detected, all functions will again be active. If your computer uses a LAN or cable modem to connect to the net, disable Verify Connection.

Note: If Dialer is enabled (see below), Verify Connection is automatically active.

Disconnect Idle
If Disconnect Idle is checked, and if Reliable originally established the current dial-up connection, it will disconnect (hang up) when all sessions have ceased running. Reliable will not disconnect if another program established the connection, unless you specifically select Tools|Hang Up.

Dialer
Reliable's Dialer is used to establish a dial-up connection with your ISP. Dial-up connections are triggered only by Retrieval sessions. The Dialer can be used in one of two modes:

• Maintain Constant Connection
  If Dialer is enabled, and Disconnect Idle (see above) is unchecked, Reliable will establish or reestablish a dial-up connection whenever a Retrieval session starts. In the event your modem is disconnected, this will ensure that the dial-up connection is reestablished. In this mode, Reliable will not disconnect. Use this mode to maintain a constant connection to your ISP.

• Establish Connection Periodically
  If Dialer is enabled, and Disconnect Idle is checked, Reliable will establish a dial-up connection whenever a Retrieval session starts. When processing, sending, and other sessions have completed, Reliable will disconnect. Reliable will not disconnect if it did not orignally establish the connection. Use this mode to have Reliable dial in to your ISP periodically. Set Configuration|Retrieve|Mail Check Time Minimum to specify how often Reliable establishes a connection.

Alternatively, if you use the Windows dialer, use NetLaunch or a similar program to press the "Reconnect" button automatically, or to dial in periodically. Reliable will detect the connections and disconnections if Verify Connection is checked.

Middleman
Encrypt-To
Remix-To
Rand-Hop
Dummy Message Generation

If you want to force Reliable to always include a particular Cypherpunk remailer for random selection, include the capability "trust" in the remailer's capability string. (Be sure to disable Options|Configuration|Stats|Refresh Remailer Capabilities, which means you will need to maintain your capability strings manually.) Reliable will waive latency and uptime requirements for any remailer with a "trust" capability. Note that this only affects random Cypherpunk remailer selection, and does not affect Mixmaster's random remailer selection. The 'trust' capability should be used very sparingly to avoid selection of inoperative remailers.

When choosing random remailers, the last remailer in the chosen chain will never have the middle capability.

Random Mix remailers are chosen by Mixmaster based on your settings (in Configuration|Mix) and the mixmaste.htm (RELLIST) file. Random Mixmaster remailers are NOT limited by Files|Random Exclusion, and should not be listed there.

It is important to have up-to-date stats and ample settings for sufficient random remailers. The list of currently enabled random Cypherpunk remailers may be displayed by selecting Test|Show Random. Insufficient random remailers will generate errors and warnings in Reliable. To correct this situation, either find a better source for stats, or lower your minimum uptime and maximum latency requirements (CPunk and/or Mixmaster) in your configuration.

Any other destination will be sent to via a random remailer. If Remix Transparent is enabled, the message will be sent in Mixmaster format. Mixmaster will choose the random remailer. Otherwise, if RePGP Transparent is enabled the message will be sent PGP-encrypted to a random CPunk remailer. Otherwise, the message will be sent unencrypted. The random CPunk remailer chosen will comply with Files|Destination Allow (but a Mix remailer chosen may not.)

The Global|Middleman Feedback setting determines how information requests (remailer-help, remailer-key, etc.), Test-To reports, and source block notifications are sent from your remailer. Send Direct indicates these messages will be sent directly from your remailer, even if the destination is not Destination Allowed. Send Remail-To causes the messages to be sent through one remailer without encryption. (Requires at least one non-pgponly remailer in your active random list.) Send Anon-To causes the messages to be sent through one remailer with transparent RePGP or Remix, if enabled.

Unless you require greater anonymity, the Send Direct or Send Remail-To setting is recommended, so that if your remailer is experiencing encryption problems, for example, users can still obtain remailer-conf and Test-To reports.

Destination Blocks apply to all messages.

IMPORTANT: If your remailer is mix and middleman, be sure to add an "M" to your mix key. This will not be done automatically.

All remailers to be used in a RePGP (Encrypt-To) chain must be supported CPunk remailers which have the 'pgp' capability. The last remailer in a RePGP chain must also support recursive PGP decryption. Any remailers which are NOT capable of recursive PGP decryption (such as Winsock and Juno remailers) should be listed in Files|RePGP Exclusion. (Reliable, Freedom, and Ghio type remailers support recursive decryption and should not be listed.)

For more information on Reliable's implementation of RePGP and Remix, please consult the User's Manual.

Dummy messages are created to follow a chain of random remailers. The length of each chain varies. Eventually dummy messages return to your remailer, encrypted, with Null directives which causes their deletion.

The amount of dummy traffic Reliable generates depends on the Process|Dummy Traffic per 6 Hours setting. Reliable generates dummy traffic every six hours, and schedules the messages to be sent at random times during the next six hours. To disable dummy traffic generation, specify zero (0).

Search strings listed in Files|Source Blocked are used to test the headers of messages. Wildcards are allowed. If Scan is enabled, source-blocked messages are deleted without being retrieved. They are also deleted after retrieval and during processing.

Several example source blocks follow:

    ^Received: *baddomain.com

    ^Received: *123.456.789.###

    ^From: *badaddress@xxx.com

    badaddress@xxx.com

When a source-blocked message is deleted, a message is automatically sent to the sender stating that a block is in place. No more than three of these messages will be mailed in one hour, and a message will not be sent to the same address twice (at least for some time) even if multiple messages arrive. This message will not be sent if the sender is Destination Blocked.

Source Allow
The Files|Source Allow list works similarly. This list may be used for several purposes. For example, the following Source Allow:

    ^To: *thisremailer@isp.com

Source Allow may also be used to run a private remailer which is intended for use only by a limited group.

You can test your source blocks and source allows using the Test menu.

As with source blocking, it is important to make the block as specific as possible to avoid unintended blocks. Wildcards are allowed.

Unlike source blocking, destination headers are tested individually. Only To, CC, BCC, Test-To, Anon-Post-To, and Newsgroups headers are tested. Each address in the header is tested individually, and removed if it is blocked. The message will still be sent if sufficient addresses or newsgroups remain.

Destination blocks should always be in one of the following formats:

    To: badaddressstring
    Newsgroups: badgroupstring
    *universalstring

Here are several examples of destination blocks:

    To: *nosend@blocked.com*

    Newsgroups: alt.bannedhierarchy.*
    Newsgroups: alt.banned.groupname

    *alt.banned.groupname*

Note that Anon-Post-To directives may also be controlled using Files|Newsgroups List without affecting Newsgroups headers.

You can test your destination blocks using the Test menu.

Reliable provides the capability to separately control Anon-Post-To directives and Newsgroups headers. This means that you can control which newsgroups are accepted for NNTP posting, and which are accepted for posting via mail2news gateways (i.e. messages which do not use Anon-Post-To). Destination blocks on Newsgroups affect all news messages, including Anon-Post-To and mail2news email. To block, limit, or allow only Anon-Post-To newsgroups, without affecting other mail2news email traffic, use Files|Newsgroups List. This list is handled according to Global|Newsgroups List Action and does not affect Newsgroups headers.

Wildcards are allowed. Each group in the directive is tested individually, so asterisks before and after the group name are not required in general. List one group or hierarchy per line. Blocked groups are removed, and if no newsgroups remain in the directive, the message is deleted (or handled per directive precedence). Do NOT include "Anon-Post-To:" in the search string. For example:

    alt.banned.group
    alt.bannedhierarchy.*

News Signature
A news signature, specified in Files|News Signature, may be added to some or all news posts. The following settings are available in Global|News Signature|Action:

Only Anon-Post-To posts containing a custom From header
All news posts containing a custom From header
All Anon-Post-To posts
All news posts
Never

Important: If your remailer is mix and you support post, be sure to add "N" to your mix key to indicate that a Post header may be used. (A Mixmaster post header is treated as an Anon-Post-To header.)

Source Allow
Source Blocked
Destination Allow
Destination Blocked
Newsgroups List

    A*B

Wildcard Characters

Characters in pattern	Matches in string
?	Any single character.
*	Zero or more characters.
#	Any single digit (0–9).
^	A carriage return (CRLF)

Wildcard Examples

Kind of match	Pattern	Match	No Match
Multiple characters	a*a	aa, aBa, aBBBa	aBC
Multiple characters	*ab*	abc, AABB, Xab	aZb, bac
Multiple characters	ab*	abcdefg, abc	cab, aab
Single character	a?a	aaa, a3a, aBa	aBBBa
Single digit	a#a	a0a, a1a, a2a	aaa, a10a
Multiple lines	AAA^BBB	AAA BBB	AAABBB

• Self Test - Run Test|Self Test each time you start Reliable, and whenever you change your configuration.

• Remailer Keys - Try to stay up-to-date on new remailers and keys, especially if your remailer is repgp or remix. Add suitable remailers to Files|Remailer Capabilities, Type2.lis, Destination Allow, and RePGP Exclusion (if the remailer does not support recursive decryption). Remove expired and defunct keys from your keyring to prevent encryption with the wrong key.

• Stats - Use the best stats URLs you can find, or generate your own stats using Make Stats. Set your Cpunk and Mix random uptime and latency criteria as high as possible while maintaining an ample selection of random remailers. This is important even if your remailer is not middle due to Reliable's user-selected random functions.

• Test Remailers - Test that your remailer is able to send to all other public remailers, and that the encryption keys work. You can do this by sending test messages or by enabling Reliable's Make Stats function for a day. If you are unable to resolve a conflict, please notify the Remailer Operator's List and the appropriate remailer administrator if possible.

• Drive Space - Make sure you have plenty of drive space. Remember that Mixmaster stores multi-packet messages in its file path. Other mail is stored in Reliable's Mail Path.

• No Drive Time-Outs - If you're using an encrypted drive to store keys or other data, be sure it does not time out, and disconnect the drive if you leave the machine unattended. Some software has a time out setting which must be avoided.

• Requeue - If errors occur, the messages will be moved to the Problems folder. After you have corrected the misconfiguration, requeue the Problems folder. In some cases messages will be Trashed. Note that requeuing the Trash or Problems folder will never result in duplicate outgoing messages, so when in doubt, requeue.

• Source Block - If you receive a mail bomb or large amounts of invalid mail, set an accurate source block, then process. Reliable will delete the messages quickly during processing.

• Accurate Blocks - Use accurate and specific source and destination blocks. Blocked mail is Deleted immediately. Be careful not to include blocks which may cause unintended deletions.

• Patience - If your remailer gets backed up with mail, don't delete it. Just keep retrieving, processing, and sending at your normal pace. Eventually your stats will drop, users will see that mail isn't arriving, and they will avoid using your remailer. In time your remailer will catch up, and mail will have been delayed, but not lost. Reliable is designed to handle overloaded MAILIN and MAILOUT directories. In very extreme cases processing and sending may begin to occur out of order (because Reliable will not sort all the messages in an effort to save time), but the functions will continue and eventually return to normal.

• Adjust Load - Tip for reducing load: If your remailer is receiving too much mail, try turning on PGP-only (with an announcement), or increasing your random latency time. Many remailer users choose the fastest remailers they can find, and will use your remailer less if it takes longer.

• Stable Features - Don't over-configure your remailer or change your supported features rapidly. Give users time to adjust to the load your remailer handles and the features it supports.

• Firewall - To help protect against trojan viruses (resident programs which can transmit your keys or other data without your knowledge) and to help prevent hacking attacks, it is highly recommended that you install a quality firewall on your system. A firewall allows you to prevent unauthorized programs from accessing the winsock, and allows you to monitor a program's connection requests, inbound and outbound. A shareware version of the AtGuard Firewall is available here or the current commercial version is available at www.atguard.com. Another good firewall is the PC Conseal Firewall. A demo version is available here. Another firewall is available from McAffee/NAI.

• Key Protection - It is very essential to protect your PGP and Mixmaster keyrings from electronic and physical theft. Installing your keyrings on an encrypted drive is highly recommended. (For instructions, consult the JBN2 User's Manual: Other Security Methods.) It is also important to protect your keys with ample passphrases. Please consult the Passphrase FAQ. In addition, good long-term security relies upon your changing your keys regularly.

• Unattended Protection - Because your keyrings will be available when the remailer is running, and because remailers are often run unattended, it is useful to enable a password on your screen-saver for an added amount of protection from physical theft. (For this to be effective, you will need to locate your keyrings on an encrypted drive, as explained above.)

• Virus Protection - A virus on your computer can render your remailer insecure in a variety of ways. Do not open any unsigned email attachments, and check signed attachments for viruses as well (the sender may not be aware of the virus). Install a quality anti-virus program on your computer. Avoid installing software from questionable sources. Remember that not all viruses are detected by anti-virus software. F-PROT is a recommended free anti-virus program because of its simplicity. It is a DOS program which does not stay resident on your computer. Alternatively you may choose to use Windows anti-virus software.

For this reason, whether you run a private or public remailer, it is highly recommended that you change your remailer's keys every 6 months to one year, and destroy the old keys.

To change your remailer's keys:

• Create new PGP and Mix keys for your remailer. On your RSA PGP key, specify the expiration date for the new key. For example:
  
  Example Remailer <example@remailer.com> EXPIRE: 01-Jan-2000
  (The expiration date of DSS/DH keys may be entered directly to PGP when the key is created.)

• Make a public announcement at least one month in advance of the key change date. This announcement should be made to alt.anonymous.messages, alt.privacy.anon-server, Cypherpunks Mailing List, and remailer-operators@anon.lcs.mit.edu. In the announcement state that the key for your remailer will be changed on the change date, and that users and remailer operators may update their keyrings at this time. Include a copy of the new keys. Sign the message with your remailer's current key.

• Include your new keys in Files|Remailer-Key, and on your keyrings immediately. Some users will update immediately and use the new keys before the change date.

• Make a second public announcement several days before the change date.

• If possible, on the change date request a remailer-conf report from each remailer, and alert operators who have not updated their keyrings.

• One or two weeks after the change date, remove the old keys from your remailer's keyrings, and destroy all copies of the old keys. By doing so, you make all messages sent through your remailer to date more secure.

You may find it convenient to have a separate address to use as a mock sender/recipient. If the final destination is the remailer address, the message will be sent to the Mail Dump. Note that when sending mail to itself Reliable does not generally send the mail via SMTP.

For testing purposes only, you may wish to set Process|Dummy Traffic per 6 Hours to zero (0), and minimum and maximum random latency to 0:00.

Note that Reliable is designed as a low-maintenence remailer. This means it performs most functions automatically. If you attempt to over-control it, you may find its behavior difficult to work with. Try giving it a little space to do its thing, and send test messages to test various remailer functions.

The procedures for installing and configuring Reliable as a local system remailer are virtually identical to those for a public remailer, and Reliable is a low-maintenence remailer. However, there are several issues which you may wish to consider when running a local remailer:

• Make note of Jack B. Nymble's interface features, so that mail does not have to leave your system to be injected into the pool. (If you have your own mail server, it doesn't leave your system anyway.)

• To prohibit unauthorized users, enable CPunk|PGP Only and do not distribute your remailer keys.

• If you have reply-blocks, have them use your remailer as the last hop. If your remailer address is also the terminating address of the reply-block, set Keep Plain Mail to True, and your reply-block messages will be sent to the Mail Dump where they may be decrypted by JBN. Reliable generates some dummy messages which look like reply-block messages, but are deleted. This generates cover traffic for nym accounts.

• You will probably want to remove the X-Comment lines from Configuration|Global, and disable Show Admin, so that it is not obvious that you are running a remailer on your system.

For Cypherpunk, add your remailer address to Stats Book|Add page. You can also include the name:

    yourremailer@isp.com (Name)

After making these changes press Update in the Stats Book.

Note: If you run a public remailer and wish to be listed on stats pages, you should send an announcement, including your remailer key(s) and capability string, to remailer-operators@anon.lcs.mit.edu. For information on how to join this list, send a message to remailer-operators-request@anon.lcs.mit.edu. You may also announce your remailer in alt.privacy.anon-server and the Cypherpunks Mailing List.. (You can read this list on the web.)

Configuring the Mail Dump
Reliable's Mail Dump (where plain non-remailer messages are sent) is designed to be compatible with JBN (and any UNIX Message File Format compatible app). For example, if your JBN Inbox is C:\JBN\Inbox, set Reliable's Mail Dump Path to C:\JBN\Inbox\MailDump. The MailDump folder will appear in JBN's View Mail window. Any plain text messages sent to your remailer will appear there (providing you have set Process|Keep Plain Mail to True).

Sending to UNIX
Jack B. Nymble 1.3.2 and later is capable of sending mail directly to your Reliable MAILIN folder in lieu of an SMTP server. Messages sent in this manner are handled identically to those retrieved via POP3, and are subject to blocking. For even more automation, consider upgrading to JBN version 2 and consult the JBN2 instructions.

In Jack B. Nymble's Options|User Profile, choose an unused SMTP tab. Under SMTP Server, enter the full path of your Reliable MAILIN folder. e.g. C:\Reliable\Mail\MAILIN

Also enter a Real Email Address which will appear in the From header of sent mail.

When mail is sent in JBN using this server profile, the messages will be written to the path specified in UNIX Message File Format.

IMPORTANT: Note that ALL messages sent via this profile will be sent to your Reliable MAILIN folder and processed, regardless of their destination address. In general, when using this profile, your remailer should always be the first hop in your Message Book's chain of remailers.

Note: If you run a public remailer and wish to be listed on stats pages, you should send an announcement, including your remailer key(s) and capability string, to remailer-operators@anon.lcs.mit.edu. For information on how to join this list, send a message to remailer-operators-request@anon.lcs.mit.edu. You may also announce your remailer in alt.privacy.anon-server and the Cypherpunks Mailing List.. (You can read this list on the web.)

Configuring the Mail Dump
Reliable's Mail Dump (where plain non-remailer messages are sent) is designed to be compatible with JBN (and any UNIX Message File Format compatible app). For example, if your JBN2 Mial Folder is C:\JBN2\Mail, set Reliable's Mail Dump Path to C:\JBN2\Mail\MailDump. The MailDump folder will appear in JBN2's View Mail window. Any plain text messages sent to your remailer will appear there (providing you have set Process|Keep Plain Mail to True).

Sending to UNIX
Jack B. Nymble v2 is capable of automatically sending mail directly to your Reliable MAILIN folder in lieu of an SMTP server. Messages sent in this manner are handled identically to those retrieved via POP3, and are subject to blocking.

In Jack B. Nymble's Window|Send Profiles, on the UNIX tab, enter your remailer's address in the appropriate box. In Folder, enter the full path of your Reliable MAILIN folder. e.g. C:\Reliable\Mail\MAILIN JBN2 will automatically reroute messages to your remailer to this folder whenever you send via the Default Send Profile.

• NetLaunch
  NetLaunch is a useful system tray utility which can initiate dial-up connections, automatically press the "Reconnect" button if you are disconnected, and will launch/close programs you specify upon connection/disconnection. This small and efficient program is recommended for use with Reliable under Win95, 98, and NT.

  NetLaunch may be downloaded from Black Castle Software.

• Firewalls
  To help protect against trojan viruses (resident programs which can transmit your keys or other data without your knowledge) and to help prevent hacking attacks, it is highly recommended that you install a quality firewall on your system. A shareware version of the AtGuard Firewall is available here or the current commercial version is available at www.atguard.com. Another good firewall is the PC Conseal Firewall. A demo version is available here. Another firewall is available from McAffee/NAI.

    LangMsg.DAT         (Main Language File)
    LangConf.DAT        (Configuration Language File)
    OperMan.htm         (Operator's Manual)
    UserMan.htm         (User's Manual)

Currently available language packs:

• English (Standard)
  
• German (Not available for current version)
  

[If you are multi-lingual and are interested in providing a translation, please contact Potato Software.]

• Prepare a form letter which explains what an anonymous remailer is, how it functions, what you consider its acceptable uses, and the reasons for its existence. Many people are ignorant as to what a remailer is. Some have been told "remailers are illegal"; others believe they are for spamming. Send this informative letter automatically to anyone who sends mail to your admin address. In that letter, specify that to request a personal reply, they need to send mail with a subject of "Reply Requested".

• Explain that a sender cannot be effectively blocked because remailers can be used in chains, and the original source of the message is unknown. However, give the recipient the option of being blocked from receiving mail from your remailer. Also inform the recipient that individuals can be blocked from all remailers by sending their request to dstblk-request@nym.alias.net. Also remind the recipient that most email and newsgroup programs can filter messages from unwanted sources.

• If a user is posting what you consider to be inappropriate material to a newsgroup or domain: If you know who the sender is, request that the posts stop. If they do not, block the sender. If the sender is unknown or cannot be blocked, you have two ethical options as a remailer operator: a) Discontinue support of posting to the affected newsgroup(s) or domain, temporarily or permanently; b) take no action.

• Remember you are not there to be abused. If you receive threatening or harassing mail, from a user or a recipient, send a complaint with attached copy to the sender's ISP. Most ISPs do not tolerate users who are abusive, and those who are opponents of anonymous services generally are not anonymous. While you are responsible for maintaining the anonymity of your users' mail, you are not responsible for maintaining the anonymity of other parties, such as irate and abusive recipients, or anyone, including users, who send harassing mail to your admin address.

Michael Uplawski for his translation and web page work on Reliable's and Jack B. Nymble's documention, his design of Reliable's icon, and his efforts at coordinating the FTP Site at Franken.

S.R. Heller for his continuing work on SPGP.DLL, which makes Reliable's integration with PGP 5 and 6 feasible.

Ulf Moller for his work on and support of Mixmaster 2.0.4 for DOS, which made Reliable's support of Mixmaster possible.

Electronic Frontiers Georgia (EFGA) for hosting a Potato Software and privacy-related FTP Site.

AnonMailNet for hosting the Potato Software FTP Site as well as the Potato Software Homepage.

Beta-testers and users for their continuing feedback and patience.

All those who made contributions toward the purchase of Jack B. Nymble's and Reliable's internet control developer licenses.