That pgp message is encrypted for Hal's remailer. When Hal's remailer gets the message, it will have this block on the front of the body. Hal's remailer can then decrypt it.. Maybe on the inside of this block you can put:
::
Anon-Send-To: <yourrealaddress>
So then there's only one remailer on the chain between
myserver and your real address. For more security you can embed
*another* hop to another remailer with another encrypted address
block. This can continue for as long as you want. The longer the path,
the more secure, but the less reliable.
Once the path has been added, you will be sent mail (through
the anon server) encrypted with your key (all mail to your alias will
be sent out encrypted with your key) with the pathnumber that your
command created. Store this path number in a safe place, because you
will need to use it when you test all your paths for reliability.
You can create multiple paths in this fashion. The remailer
defaults to "spray" mode-- this means that mail to your alias will be
sent through *each* of your paths. This adds reliability at the
expense of security. (It makes traffic analysis easier.)
If you would like to turn off spray mode, send a command to
admin@sitename:
::randmode
To turn spray mode on:
::spraymode
You can actually use this spray mode for more than just an
anon-server. If you'd like to create a mailing list, you can generate
a keypair, distribute to everyone on the mailing list the secret key,
and everyone can send into the anon server a path to themselves. Using
spray mode, mail to the address will go out to every path. This of
course means that anyone can subscribe or unsubscribe (Removing paths
is described below) people to/from the list.
The Credit Scheme
When you startup an account, you get 100 credits. When
mail is sent out along one of the paths, credit is deducted from the
account-- 1 credit per 512 bytes of traffic. Note that if you are in
spray mode credits are deducted for *every* path which is active for
your alias.
If your account does not have enough credit, when a message
comes in you will get mail detailing the size of the message that was
lost and the amount of credits you have in your account. (Size is
listed in 512 byte blocks)
Removing paths
If a certain path which you have active flakes out and becomes
ineffective, you need some way of turning that path off so you're not
paying for it in spray mode, and so you don't lose mail in random
mode. That's what the disablepath command is for. To run the
disablepath command you simply send the command (signed, as always) to
admin@sitename:
::disablepath pathnumber
Pathnumber, here, is the number of the path which was assigned
when you created that path. Hence it is useful for you to keep good
records of your active and disabled paths.
It is possible to reenable a path once it has been
disabled. In order to do this you need to remember the path number
*and* the remailer that it's associated with. To recover a path you
just send:
::recoverpath firsthop pathnum
And the path with the number pathnum is reactivated, with the
firsthop that you give it in the recover command.
Path Verification
You will likely want to keep tabs such that you know when a
given path flakes out on you. For this reaon the "regping" option is
available. This command lets you tell the system how often you want
the anon-server to send a message through every path of yours, with
the pathnumber in the message (encrypted, of course) so that you can
keep tabs on which paths are flaking out on you.
To set your ping frequency, use the regping command:
::regping frequency
Where frequency can be none, hourly, daily, or
weekly. Remember that you are still being charged for these
testpings. The system defaults to weekly.
To get a list of all your active paths, use the command
"showpaths". This command will send out a listing of the
pathnumber and first hop of each of your active paths:
::showpaths
Defeating Traffic Analysis
The system works in concert with remail@sitename, which does
the work to defeat traffic analysis. All mail to each path is first
sent through remail@sitename for added difficulty in traffic analysis.
remail@sitename is a standard cypherpunks remailer with PGP
with a few added features. All outgoing mail is not delivered immediately
upon receipt. Outgoing messages are stored in a pool until five minutes
after each hour, when all messages in the pool are delivered in a random
order, ignoring the order in which they came in.
Every minute there is also a chance that a random uuencoded
message is injected into the remailernet. Each message injected into
the remailer net is sent through a random path of the remailers in
the remailernet, usually between five and 20 hops.