[Nym3-devel] nym server configuration

Laurent Fousse laurent at komite.net
Fri Aug 31 14:57:34 CEST 2007 

Hello,

Thanks for your interest in nymbaron. First I need to inform you that
nymbaron development is currently stopped as SURB-based nymserver were
proven insecure. We didn't update the webpage yet.

* remop+minion at hermetix.org [Thu, Aug 30, 2007 at 08:18:30PM -0400]:
> Hi,
> I'm setting up nymbaron on hermetix.
> I'm having problems figuring out how to get mail to it or when I'm supposed to use -m or -d
> 
> The man page is kind of confusing about that:
> 
> | 2. Chose an email domain that will host the nymuser email addresses. It's better to have a different domain that the
> |   regular domain used for the host. Configure your MTA to deliver emails for this domain to:
> |   as user nymbaron. If you're not familiar with your MTA, you will want to look for something named "pipe delivery" or
> |   similar. Please see the example configurations in the contrib directory.
> |
> |   nymbarond -d account
> 
> I understand that I need to pipe mail for nym at hermetix.org into "nymbarond -d nym"
> but I'm not sure what "deliver emails for this domain to: as user nymbaron" means.
> (running as user nym, in my case, I guessed)

You need to deliver it to the command listed above.

> | 3. Arrange for control message delivery.
> 
> What are those anyway? (pings?)

Control messages include nym creation, and any command from the user
to the server (querying for new emails, providing new SURBs and so
on).

> | The recommanded way is to assign a mixminion mailbox and route it to the nymserver
> |   user on localhost. The server address you will have to advertise will look like "mbox:nymuser at nodename".
> 
> Ok so in my case something like mbox:nym at hermetix -> nym at hermetix.org (local) would be obvious but this confuses me:

You're using `nym at hermetix' for several purposes in this email. For
every nymuser account, you need to pipe email sent to $NYM@$DOMAIN to
`nymbaron -d $NYM'.

Beside these user accounts, you also need an address for the server.
I'm using a local mixminion mbox, which forwards to the local address
of the nymserver username, which in turns uses procmail to pipe it to
`nymbaron -m'.

> | If you choose
> |   to host a nymbaron server without running a mixminion node you can advertise the nymserver user email address directly.
> |   Make sure emails sent to this address are piped through the command
> 
> |   nymbarond -m
> 
> Is this for all control message delivery or just in case you advertised the nymserver user email address directly?

mixminion mbox address can't be piped directly to a command, AFAIK. So
you need this: mixminion mbox -> local email -> procmail -> pipe to nymbaron.

Note that in this case, your local email could be a globally valid
email address as well, such that user can choose to send their control
message through the mixminion network with mbox delivery (more
secure), or directly to the email address (less secure, easier for
testing).

> Do I need to pipe control messages through a different command (line) than nym messages?

Yes, as explained above.

> Where does nymbarond look for this file? I would guess in the user home dir, but still it's unclear.

You can use $HOME/.nymbaronrc as well.

> BTW why is it better to use a different domain name? I plan to use the same so I will only pipe mail for a user, not
> a domain. I will use different names for user and addresses, of course.

It's a matter of personal taste, and convenience of configuration.

> > BTW why is it better to use a different domain name? I plan to use the same so I will only pipe mail for a user, not
> > a domain. I will use different names for user and addresses, of course.
> 
> I understand why, finally. It's in case I don't want all the nyms to clash
> with the main domain emails. Good. I'll use nym.hermetix.org then.

Exactly.

> So now I relay mail like this at the MTA level:
> 
> @nym.hermetix.org	nym
> 
> I have something like this in my mixminion aliases
> 
> nym:	nym at hermetix.org
> 
> I have a .forward in nym's home containing this:
> 
> "|/usr/bin/nymbarond -d nym"

That looks fine.

> So I went on and tryed to create a test account on the server, heres the
> transcript of the session (with backtrace):
> 
> | nobody at hermes ~ $ nymbaron create
[...]
> | IOError: [Errno 2] No such file or directory: '/tmp/tmpKyrxnp/surbs
> nymbaron is version is 0.1.1
> 
> Any idea what might be the problem here?

You need to provide the server's address as mixminion understands it:

    mbox:nym at hermetix
    smtp: ...

Or maybe it's something else.

Since the SURB-based scheme underlying nymbaron is insecure, you're
now mostly on your own if you'd like to still use it.

Laurent.

More information about the Nym3-devel mailing list