From Newsgroup: alt.privacy
On Sun, 19 Oct 2025 11:21:53 -0000, in article <
20251019112153.49ZdFGDQ7u2B@sewer.dizum.com> Nomen Nescio
<
nobody@dizum.com> wrote:
Hello.
What happens if people resend messages from a.a.m
with the same subject header? Does the fetching
software detects this as replay?
From <https://danner-net.de/omom/tutornymreceive.htm>:
OmniMix rCo Tutorial rCo Nyms rCo Receiving Nym Messages
Incoming nym messages are only forwarded to users authorized to retrieve
them, which is why you must not forget to assign newly created nyms to
specific OmniMix users, at best immediately after sending the creation
message. Otherwise nym replies sent to your mail account aren't decoded,
and those posted to a newsgroup like alt.anonymous.messages will even
show no sign of life at all.
So go to the 'User' tab, select the respective user from the list, which
with a fresh installation usually is 'OmniMix', and click '=' to edit
that account.
A dialog window opens, where you find a list of the 'Nyms' you defined
within the Nym Configurator. Add a checkmark to the nym for which you
just sent a creation message, click 'Accept'. Always repeat that
procedure with the 'Nym' account, which is used by the OmniMix GUI
itself for example to send nym test messages from the 'ModNym' tab.
Otherwise such a task will be aborted with a 'Nym account not assigned
to given user account' error message. Finally restart the servers to
propagate the changes you made.
Since reply blocks may point to an email address or a newsgroup, there
are also two ways to collect reply messages, either from a POP3 (mail)
server or an NNTP (news) server.
So 'Polling' has to be activated ('Enabled' or 'Optional') for 'Mail P'
and / or 'NwsNym', where the first-mentioned is also required if you
only intend to fetch normal, non-nym mails. The option 'Disabled' means,
that the concerning source isn't polled, with 'Optional' OmniMix tries
to obtain messages from the source, but doesn't care about a failure,
whereas 'Enabled' insists in establishing a connection and aborts with
an error message sent to the mail client if the source isn't available.
With reply blocks pointing to a newsgroup it's necessary to enter the parameters of a news server at the 'NwsNym' tab. When selecting a
suitable server you have to consider, that some of them don't keep the
complete set of all messages posted to 'alt.anonymous.messages'. The
most reliable freely accessible server I found was the one at 'news.mixmin.net', run by Zax, which therefore is used by OmniMix.
Different from mail coming from a POP3 server, which is deleted after retrieval, nym messages routed through a newsgroup are available there
for a longer period of time. So OmniMix has to take notes of the
messages it already processed to prevent multiple deliveries. The fact
that each nym server chronologically assigns a strictly ascending order
of numbers to all messages within a newsgroup allows OmniMix to keep
track of its progress within the group by simply storing the number of
the next message that has to be interpreted. The only problem is that
those numbers are news server specific. Therefore especially if you're experimenting with different news servers for nym message retrieval,
that 'Newsgroup Pointer' of the involved accounts may have been set to
values unsuitable for the server you're currently using. If it's too
high OmniMix ignores all messages offered by the server supposing
they've already been downloaded. So after every redefinition of the nym
related news server the newsgroup pointer of all nym accounts with
newsgroup delivery has to be adjusted! The 'Nym' log presents data,
which allow to estimate the correct number. Nevertheless a secure
alternative would be to reset it to 1, which however results in another processing of all nym replies still available at the server no matter
whether they've already been presented to the client.
Now there are several possible ways to retrieve your nym's reply
messages from the newsgroup they are posted to. To download them
directly from there enter access parameters of the news server of your
choice at the 'NwsNym' > 'Server' tab.
As OmniMix doesn't buffer messages, and therefore nym message retrieval
from its source is only done on a mail client's request, processing time
has to be kept short to avoid a connection timeout initiated by the
client. That becomes even more evident with a slow Tor routing. To solve
the problem increase your client's connection timeout interval and
within OmniMix limit the number of newsgroups articles processed with
each mail request. That's what the 'Analysis Block Size' parameter is designated for. It defines the maximum number of articles analyzed at
once in order to extract your incoming nym messages with '0' meaning no restriction at all. To avoid fingerprinting that amount can randomly be
varied to the downside limited by the percentage defined in 'Variation'.
With a restriction in place you have to check repeatedly for new mail
till the 'Newsgroup Pointer' fields of your OmniMix account's nym
accounts show up-to-date numbers. In order to reread messages set that
pointer manually to a lower value, for example to '1' to reload all
available messages, which can simply be done by clicking at the 'R'
button adjacent to the value. But don't forget to save the changes with 'Modify'.
Especially while fetching only specific messages, which offers an
adversary valuable information, another layer of anonymization provided
by a conncetion through Tor is highly recommended to increase security.
But there are further options to confuse snoops. Beyond the group's
message catalog entries required to locate your own messages within the
range defined by the 'Analysis Block Size' OmniMix can also download a
random amount of already processed articles' so-called 'Xover' data. And additional irrelevant dummy messages ('Messages') can be put between the downloads of real nym replies. Furthermore OmniMix may vary the message processing time ('Delay') randomly to prevent timing analyses. All that
has to be adjusted at the 'NwsNym' > 'Access' tab.
Nevertheless, if you aim at maximum security you have to follow a
different retrieval strategy, namely to download the complete set of the newsgroup's postings to your computer and then to process them locally, shielded from any external observer.
That's where the integrated Hamster server comes into play. It offers a
local news server, preconfigured to work as a buffer of the group where
your nym replies get posted. In freely definable time intervals it
contacts the external NNTP server looking for new articles and
downloading them.
It's very easy to get your Hamster make a move on. Go to the 'Hamster' >
'Run' tab and click 'Start'. And if you want Hamster to start along with OmniMix check the 'Autostart' box.
After a few seconds Hamster gets active, which you can see at the
'Hamster' log list. First it creates resp. updates internal reports,
then, after a while, as per specification at the next quarter of an
hour, it starts to download 'alt.anonymous.messages' articles from the 'news.mixmin.messages' server already mentioned above.
This is also done using the OmniMix NNTP proxy server, so that Hamster
isn't exposed to the Internet. The download process may take some time depending on the 'Pull Limit First' value, which describes the number of
latest articles to retrieve when doing so for the first time. From then
on all articles are downloaded, as defined in 'Pull Limit Later' ('0').
To activate Hamster parameter changes shut down Hamster, press the
'Update Hamster Configuration' button at the 'Hamster' > 'Config' tab,
then restart Hamster. That's also the place where you define the
connection parameters of Hamster's NNTP server. If you change the port
number take care that it doesn't collide with other services, esp.
OmniMix.
At Hamster's 'Groups' tab you can even specify the set of newsgroups
Hamster has to stock. The integration of further groups beyond alt.anonymous.messages may once become relevant with an increasing
number of nym reply postings exceeding the client's download capacity.
Be aware that with an increasing amount of data stored in Hamster a
restart may take longer than OmniMix tries to connect, as auxiliary
files have to be rebuilt. If that happens try to connect manually by
clicking 'Connect' at the 'Hamster' > 'Run' tab.
As you see on the 'NwsNym' > 'Server' tab OmniMix is already configured
to get nym replies from Hamster, so apart from starting that server
nothing has to be done to provide mail clients with their messages.
Of course with a local newsgroup depository countermeasures against
adversaries as described above aren't required. So keep them deactivated
at the 'NwsNym' > 'Access' tab.
With the decoding of nym replies OmniMix preserves the headers of the 'envelope' message by preceding the header names with the character
sequence 'O-Nym-'. The introducing 'O-Nym-Crypto:' line is a matter of particular interest, as it offers you some information about the
decryption process, which were the reply block slot ('slot='), the
number of symmetric ('sym=') and asymmetric decryption stages ('asym='),
the subject encoding method ('esub=') used with that message ('p' for
plain unencrypted subject, 'i' for esub/IDEA, 'b' for bsub/Blowfish, 's'
for hsub/SHA256) and the respective nym account ('account='). The
'O-Nym-Sig:' header indicates whether the message's nym server signature
is valid.
So as an answer for a configuration request you have to expect something
like
------------------------------------------------------------------------ O-Nym-Crypto: slot=3; sym=4; asym=1; esub=i;
account=
whopper@nym.mixmin.net
O-Nym-Sig: Good signature (RIPEMD160:[562619C278247C3B] Bananasplit
Pseudonym Server (Bananasplit Pseudonymous Email Server) <
config@nym.mixmin.net>; Mon, 25 May 2015 02:52:31 +0000)
O-Nym-X-Hamster-Info: Score=0 Received=20150525104535 UID=7
O-Nym-Xref: anonymous.invalid alt.anonymous.messages:1073
O-Nym-From: Nomen Nescio <
nobody@dizum.com>
O-Nym-Subject: 5e53ff1d2d343096a8fed57e2de7f3c0b2c4901e55eeb8d3 O-Nym-Message-ID: <
ec4c32d7868ddc2d8871e022705153a5@dizum.com>
O-Nym-Date: Mon, 25 May 2015 08:45:43 +0200 (CEST)
O-Nym-Newsgroups: alt.anonymous.messages
O-Nym-Path: news.mixmin.net!news2.arglkargh.de!sewer!news.dizum.net!not-for-mail O-Nym-Organization: dizum.com - The Internet Problem Provider
O-Nym-X-Abuse:
abuse@dizum.com
O-Nym-Injection-Info: sewer.dizum.com - 194.109.206.211
O-Nym-X-Old-Xref: news.mixmin.net alt.anonymous.messages:564896
Received: by nym.mixmin.net with unique id --jtcNK4vK2FD7 for <
whopper@nym.mixmin.net>; Mon May 25 02:52:31 2015 +0000 (GMT)
Message-ID: <
--jtcNK4vK2FD7@nym.mixmin.net>
Reply-To:
confirm+30dcb911435d759d@nym.mixmin.net
From:
config@nym.mixmin.net
Date: Mon, 25 May 2015 02:52:31 +0000 (GMT)
To:
whopper@nym.mixmin.net
Your configuration request completed successfully.
A new reply block has been received for your mail alias, but has not
yet been activated. In order to start receiving mail with your new
reply block, you must confirm it by sending an (anonymous) E-mail
message to the following address:
confirm+30dcb911435d759d@nym.mixmin.net
The contents of the message can be anything. Any message delivered to
this address will activate your reply block. ------------------------------------------------------------------------
The quoted date of signature means local time, which is why OmniMix adds
the UTC offset.
When OmniMix succeeds to decrypt and forward a reply message it
preserves the originally encrypted version in its 'msg' subfolder. That behaviour can be changed at the 'SetNym' > 'Server' tab.
In case there are problems in decoding a nym reply and OmniMix forwards
the still encrypted message to the client you can try to decrypt it
manually.
To do so go to the Nym Configurator's 'Decoding' tab and paste the
encrypted text into the 'Encoded' field or load a message previously
stored from within your mail client from disk by pressing the 'Load
Message' button. Then click on 'Decode Nym'. The 'Decoded' field finally
shows either the decoded message or a log of the failing decoding
process. You may store the resulting data from the 'Decoded' field to a
file by clicking 'Save Message'. Mail clients usually support the import
of message files in mbox format, so keep that option activated. Of
course this way you can also review the encrypted original messages
stored in the 'msg' subfolder.
--- Synchronet 3.21a-Linux NewsLink 1.2