Skip to content

pymander/nymserv

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Some extremely brief instructions on setting up a hod.aarg.net style
nym server.  This assumes you already know about remailers and DNS,
and sendmail, and have already setup the appropriate DNS records
(either A or MX) to receive mail at a "nym" domain name on your
machine.

Make sure you have Perl 5.6 or later, installed with the DB_File
module.  Don't forget to run h2ph when installing perl (cd
/usr/include; h2ph *.h sys/*.h).  If you don't have DB_File, get db
from ftp.cs.berkeley.edu:/ucb/4bsd/db.1.85.tar.gz, install it, and
then reinstall perl so that the DB_File module is available.

Make sure you also have a Mixmaster remailer running.  You will need
to examine the $REMAIL variable and point it at your Mixmaster binary.

Create a new userid/groupid under which to run the nym.  Call it
nymuser.

Create a directory for your nym server to reside in, for example
/usr/nym.  Copy the nymserv perl script into /usr/nym, and make three
subdirectories of /usr/nym:  pgp, queue, and users.  Make sure pgp,
queue, and users are writeable by user nymuser.

Use 'su' to change to your nymserver's new user id, then create a
GnuPG key for your nymserver as follows:

   gpg --gen-key

You will want to make sure that the email addresses for the user id
cover both send@<your-nym-domain> and config@<your-nym-domain>.  For
example, the hod.aarg.net key looks like this:

   pub  1024D/9721FD57 2002-01-29 Hod Nymserver <[email protected]>
   uid                            Hod Nymserver <[email protected]>
   sub  1024g/9A21D444 2002-01-29

Put the key's GnuPG passphrase in the file pgp/passphrase.

Create files /usr/nym/users/postmaster.forward and
/usr/nym/users/admin.forward which contain your real email address.
Create a file users/remailer-key.reply which contains the GnuPG public
key you just created.  Create a ring prototype file by running
commands similar to those below.

   echo 'From: [email protected]' > users/remailer-key.reply
   echo 'Subject: PGP key for nym.alias.net' >> users/remailer-key.reply
   echo '' >> users/remailer-key.reply
   gpg --armor --export $YOUR_NEW_KEY_ID >> users/remailer-key.reply

   cp pgp/pubring.pgp ring-proto.pgp

Edit the configuration variables in the nymserver.pl script to set
your machine name, nymuser keyid (this must be the long keyid as given
by "gpg --with-colons --list-key"), domain names, and the paths
to the needed binaries. You will need the GnuPG::Interface and
Digest::MD5 perl modules, which you can download at CPAN
(http://www.cpan.org/).

If you have an A record for your nymserver, set up finger support.
Put a line like this in /etc/inetd.conf:

finger	stream	tcp	nowait	nymuser	/usr/nym/nymserv nymserv -fingerd

Finally, make a new sendmail.cf file which sends all mail to the nym
domain name through the nymserver.  What follows is an example ".mc"
file suitable for use with sendmail 8.7.5.

-------------------------------------------------------------------------------
divert(-1)

# Example sendmail configuration for a nymserver

include(`../m4/cf.m4')

dnl
dnl  Set your Operating system type below
dnl
OSTYPE(solaris2)dnl

dnl
dnl  These flags are necessary to encure privacy (and to prevent nym
dnl  from lines from being rewritten with names of actual users in the
dnl  password file):
dnl
define(`confPRIVACY_FLAGS',
	`novrfy,noexpn,noreceipts,restrictmailq,restrictqrun')dnl
define(`confFROM_HEADER', `$g')dnl
define(`confLOG_LEVEL', `1')dnl
define(`confTO_IDENT', `0s')dnl
define(`HReceived', `H?R?Received')dnl

dnl
dnl  Recommended:
dnl
define(`confMIME_FORMAT_ERRORS', `False')dnl

dnl
dnl  Uncomment the following line if you want procmail used for local
dnl  mail:
dnl
dnl  FEATURE(local_procmail)

PUSHDIVERT(7)dnl

######################################
###   alias mailer specification   ###
######################################

dnl
dnl  Note here that 8888 should be changed to the user ID of the nym
dnl  user, and 9999 should be changed to the group ID of that user.
dnl
Mnym,		P=/usr/nym/nymserv, F=DFMehluS, L=255, T=X-Unix,
		U=8888 9999, S=10/30, R=20/40,
		A=nymserv -d $u

POPDIVERT`'dnl

MAILER(local)dnl
MAILER(smtp)dnl

LOCAL_RULE_0

dnl
dnl  Replace nym.alias.net with the actual name of your nymserver.
dnl
# Redirect the alias mail to the alias mailer
R$+<@nym.alias.net.>	$#nym $: $1
-------------------------------------------------------------------------------

Here are some additional configuration tips for Postfix users supplied
by Peter Palfrader ([email protected]).  I haven't tried them, and
hopefully some other Postfix users can clarify this if it needs any fixes.

-------------------------------------------------------------------------------
Use a transport by adding the following to etc/postfix/master.cf:

# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (50)
nymserver unix  -       n       n       -       -       pipe
  flags=FR user=nymserv argv=/usr/local/bin/nymserv -d $recipient

Add the following to your transport table (for instance /etc/postfix/transport):

nym.example.com		nymserver:

Run postmap /etc/postfix/transport, and make sure you have

transport_maps = hash:/etc/postfix/transport

in your main.cf.  Then, add nym.example.com to your relay_domains setting
in main.cf:

relay_domains = ....... nym.example.com

If you don't have a relay_domains setting yet, use the "postconf relay_domains"
command to find out what the default is, then add this - with the addition
of the nymserver domain - to main.cf.


-------------------------------------------------------------------------------

If your MTA is exim, you can follow these instructions :

1) make sure you accept mail for the nym domain, so put a line 

 accept domains = nym.alias.net

in your acl section.

2) tell exim the nym domain is to be considered local and should not
be catched by a dnslookup routeur.

3) add a routeur for your nym domain :

  nymserv:
    debug_print = "R: nymserv for $local_part@$domain"
    driver = accept
    domains = +nymdomains
    transport = nymserv_pipe
    no_verify
    no_expn

Don't set any local_part_suffix as it would probably break alias used
(remailer-key for example).

4) add the nymserv_pipe transport :

  nymserv_pipe:
    debug_print = "T: nymserv_pipe for $local_part@$domain"
    driver = pipe
    user = nymserv
    group = nymserv
    path = "/bin:/usr/bin:/usr/local/bin"
    command = "/var/lib/nymserv/nymserver.pl -d $local_part"
    return_path_add
    delivery_date_add
    envelope_to_add

----------------------

An additional guide to setting up Nymserv with some great information
and useful complaints about the lack of documentation may be found
here:
    http://blog.phrog.org/2007/05/12/nymserv-install-notes/

About

Nymserv Email Pseudonym Server

Resources

Stars

Watchers

Forks

Packages

No packages published