On Unix, the server can run as a daemon or from the command line. On Windows, the server can run in a Command Prompt window, or you can use the SRVANY.EXE program from the Resource Kit to run it as a system service.
The server has these command-line options. The only required one is -homedir
- -homedir /path/to/data
The directory containing the server's data storage.
Don't log connection open and closed.
Log a lot of debug messages.
Log the protocol exchange.
Fork into the background (Unix only)
- -logfile filepath
When running as a daemon, write log output to specified file (Unix only)
- -pidfile filepath
When running as a daemon, write process id to specified file (Unix only)
- Example: python server.py -homedir /home/confmail/server -debug -logtraffic > debug.log 2>&1
- Example: python server.py -homedir /home/confmail/server -daemon -logfile /home/confmail/server.log -pidfile /home/confmail/server.pid
The server configuration file is named "config.txt" and belongs in the home directory of the server. It consists of a series of name: value pairs. Here is a minimal single server configuration:
- sport: 8081
Here is a minimal server replication configuration:
- Node 1:
- Node 2:
Here are all the available options followed by an example of each:
- sport: port-number
This is the TCP port number for your server to listen on.
- eport: port-number
This is the UDP port for the Entangled DHT to listen on.
- knode: address:port
This is the address and port of another Entangled node, so the server can join the DHT. Multiple knodes can and should be specified, on separate lines. The website will provide a list of nodes you can use. If no node is specified, the DHT will be isolated. This is only desirable in a covert server.
- alt_localstore: /path/to/store
This optional parameter allows you to put the local store somewhere other than under the server home directory. This can be used to let several servers share a local store. The server uses file locking in the local store, so this is safe.
- replpeer: address:port
Network address of the replication partner. Only one can be specified. If none is specified, replication will be disabled. Each server in a pair should replicate to the other.
- repl_authkey: authstring
This is the authorization key of the replication user on the other node, used to login for replication. This should correspond to the string after "replication" in the other node's auth.txt file.
- repl_cert: certificate-digest
This is the digest of the replication partner's certificate, as logged by this server the first time it connects for replication. If this option is specified, the server will not connect to the replication peer unless the certificate digest matches. This prevents man-in-the-middle attacks between the replication peers.
- tor_proxy: host:port
This is the TOR SOCKS proxy used to for STORE PROXY server-to-server sending over TOR. This enables non-TOR users to send to TOR covert servers.
- i2p_proxy: host:port
This is the I2P SOCKS proxy used to for STORE PROXY server-to-server sending over I2P. This enables non-I2P users to send to I2P covert servers.
- socks_proxy: host:port
This is the general SOCKS proxy for server outbound connections. Set if you need to send via SOCKS.
- use_exit_node: true | false
Setting this option to true makes the server send outgoing Direct traffic via TOR exit nodes.
- permit_dns_txt: true | false
Setting this option to false denies DNS TXT command to protect a covert server's anonymity.
The client must set an Alt DNS Server.
- preferred_connection: Direct | TOR | I2P
Sets the preferred method of connecting to other servers.
- max_connections: number
Number of simultaneous incoming connections allowed. Default = 20
- timeout: number
Seconds before an idle client is kicked off. Default = 60
- expire_days: number
Number of days before a block queued for SEND PROXY will be discarded, assuming the receiving server is unavailable. Replication blocks are never discarded. Default = 7
- run_queue_interval: number
Number of seconds between attempts to send replication and proxy messages. Default = 120
- retry_schedule: number,number,number...
If a replication peer or proxy target server is unavailable, this specifies the retry schedule. Default 0,120,300,1800,3600 meaning try once immediately, then after 120 seconds, then after 300 seconds, then after 1800 seconds, then every 3600 seconds thereafter.
- slowest_connection: bytes-per-second
Slowest expected client connection in bytes per second, used to set the block send timeout. Default 768 corresponds to a slow GSM data session.
- max_age_key: num-seconds
Override the default maximum age for a key announcement block on the server. Number is in seconds. There are 86400 seconds in a day.
- max_age_data: num-seconds
Override the default maximum age for a data block on the server. Number is in seconds.
- max_age_message: num-seconds
Override the default maximum age for a message announcement block on the server. Number is in seconds.
- max_age_ack: num-seconds
Override the default maximum age for an acknowledgment on the server. Number is in seconds.
- max_age_claim: num-seconds
Override the default maximum age for an address claim on the server. Number is in seconds.