-
Notifications
You must be signed in to change notification settings - Fork 1
pymander/nymserv
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Some extremely brief instructions on setting up a hod.aarg.net style nym server. This assumes you already know about remailers and DNS, and sendmail, and have already setup the appropriate DNS records (either A or MX) to receive mail at a "nym" domain name on your machine. Make sure you have Perl 5.6 or later, installed with the DB_File module. Don't forget to run h2ph when installing perl (cd /usr/include; h2ph *.h sys/*.h). If you don't have DB_File, get db from ftp.cs.berkeley.edu:/ucb/4bsd/db.1.85.tar.gz, install it, and then reinstall perl so that the DB_File module is available. Make sure you also have a Mixmaster remailer running. You will need to examine the $REMAIL variable and point it at your Mixmaster binary. Create a new userid/groupid under which to run the nym. Call it nymuser. Create a directory for your nym server to reside in, for example /usr/nym. Copy the nymserv perl script into /usr/nym, and make three subdirectories of /usr/nym: pgp, queue, and users. Make sure pgp, queue, and users are writeable by user nymuser. Use 'su' to change to your nymserver's new user id, then create a GnuPG key for your nymserver as follows: gpg --gen-key You will want to make sure that the email addresses for the user id cover both send@<your-nym-domain> and config@<your-nym-domain>. For example, the hod.aarg.net key looks like this: pub 1024D/9721FD57 2002-01-29 Hod Nymserver <[email protected]> uid Hod Nymserver <[email protected]> sub 1024g/9A21D444 2002-01-29 Put the key's GnuPG passphrase in the file pgp/passphrase. Create files /usr/nym/users/postmaster.forward and /usr/nym/users/admin.forward which contain your real email address. Create a file users/remailer-key.reply which contains the GnuPG public key you just created. Create a ring prototype file by running commands similar to those below. echo 'From: [email protected]' > users/remailer-key.reply echo 'Subject: PGP key for nym.alias.net' >> users/remailer-key.reply echo '' >> users/remailer-key.reply gpg --armor --export $YOUR_NEW_KEY_ID >> users/remailer-key.reply cp pgp/pubring.pgp ring-proto.pgp Edit the configuration variables in the nymserver.pl script to set your machine name, nymuser keyid (this must be the long keyid as given by "gpg --with-colons --list-key"), domain names, and the paths to the needed binaries. You will need the GnuPG::Interface and Digest::MD5 perl modules, which you can download at CPAN (http://www.cpan.org/). If you have an A record for your nymserver, set up finger support. Put a line like this in /etc/inetd.conf: finger stream tcp nowait nymuser /usr/nym/nymserv nymserv -fingerd Finally, make a new sendmail.cf file which sends all mail to the nym domain name through the nymserver. What follows is an example ".mc" file suitable for use with sendmail 8.7.5. ------------------------------------------------------------------------------- divert(-1) # Example sendmail configuration for a nymserver include(`../m4/cf.m4') dnl dnl Set your Operating system type below dnl OSTYPE(solaris2)dnl dnl dnl These flags are necessary to encure privacy (and to prevent nym dnl from lines from being rewritten with names of actual users in the dnl password file): dnl define(`confPRIVACY_FLAGS', `novrfy,noexpn,noreceipts,restrictmailq,restrictqrun')dnl define(`confFROM_HEADER', `$g')dnl define(`confLOG_LEVEL', `1')dnl define(`confTO_IDENT', `0s')dnl define(`HReceived', `H?R?Received')dnl dnl dnl Recommended: dnl define(`confMIME_FORMAT_ERRORS', `False')dnl dnl dnl Uncomment the following line if you want procmail used for local dnl mail: dnl dnl FEATURE(local_procmail) PUSHDIVERT(7)dnl ###################################### ### alias mailer specification ### ###################################### dnl dnl Note here that 8888 should be changed to the user ID of the nym dnl user, and 9999 should be changed to the group ID of that user. dnl Mnym, P=/usr/nym/nymserv, F=DFMehluS, L=255, T=X-Unix, U=8888 9999, S=10/30, R=20/40, A=nymserv -d $u POPDIVERT`'dnl MAILER(local)dnl MAILER(smtp)dnl LOCAL_RULE_0 dnl dnl Replace nym.alias.net with the actual name of your nymserver. dnl # Redirect the alias mail to the alias mailer R$+<@nym.alias.net.> $#nym $: $1 ------------------------------------------------------------------------------- Here are some additional configuration tips for Postfix users supplied by Peter Palfrader ([email protected]). I haven't tried them, and hopefully some other Postfix users can clarify this if it needs any fixes. ------------------------------------------------------------------------------- Use a transport by adding the following to etc/postfix/master.cf: # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) nymserver unix - n n - - pipe flags=FR user=nymserv argv=/usr/local/bin/nymserv -d $recipient Add the following to your transport table (for instance /etc/postfix/transport): nym.example.com nymserver: Run postmap /etc/postfix/transport, and make sure you have transport_maps = hash:/etc/postfix/transport in your main.cf. Then, add nym.example.com to your relay_domains setting in main.cf: relay_domains = ....... nym.example.com If you don't have a relay_domains setting yet, use the "postconf relay_domains" command to find out what the default is, then add this - with the addition of the nymserver domain - to main.cf. ------------------------------------------------------------------------------- If your MTA is exim, you can follow these instructions : 1) make sure you accept mail for the nym domain, so put a line accept domains = nym.alias.net in your acl section. 2) tell exim the nym domain is to be considered local and should not be catched by a dnslookup routeur. 3) add a routeur for your nym domain : nymserv: debug_print = "R: nymserv for $local_part@$domain" driver = accept domains = +nymdomains transport = nymserv_pipe no_verify no_expn Don't set any local_part_suffix as it would probably break alias used (remailer-key for example). 4) add the nymserv_pipe transport : nymserv_pipe: debug_print = "T: nymserv_pipe for $local_part@$domain" driver = pipe user = nymserv group = nymserv path = "/bin:/usr/bin:/usr/local/bin" command = "/var/lib/nymserv/nymserver.pl -d $local_part" return_path_add delivery_date_add envelope_to_add ---------------------- An additional guide to setting up Nymserv with some great information and useful complaints about the lack of documentation may be found here: http://blog.phrog.org/2007/05/12/nymserv-install-notes/
About
Nymserv Email Pseudonym Server
Resources
Stars
Watchers
Forks
Packages 0
No packages published