[Nym3-devel] nym server configuration

pgendreau at hermetix.org pgendreau at hermetix.org
Sat Sep 1 01:42:54 CEST 2007 

On Fri, Aug 31, 2007 at 02:57:34PM +0200, Laurent Fousse wrote:
> Hello,
> 
> Thanks for your interest in nymbaron. First I need to inform you that
> nymbaron development is currently stopped as SURB-based nymserver were
> proven insecure. We didn't update the webpage yet.

:(

Too bad, really. It's really not the same service whether it's one way
or to way, in fact I think one way anonym messages have a pretty limited
range of usage and are not completely addressing the issue. I was hoping
Type III would fix that.

> * remop+minion at hermetix.org [Thu, Aug 30, 2007 at 08:18:30PM -0400]:
> > Hi,
> > I'm setting up nymbaron on hermetix.
> > I'm having problems figuring out how to get mail to it or when I'm supposed to use -m or -d
> > 
> > The man page is kind of confusing about that:
> > 
> > | 2. Chose an email domain that will host the nymuser email addresses. It's better to have a different domain that the
> > |   regular domain used for the host. Configure your MTA to deliver emails for this domain to:
> > |   as user nymbaron. If you're not familiar with your MTA, you will want to look for something named "pipe delivery" or
> > |   similar. Please see the example configurations in the contrib directory.
> > |
> > |   nymbarond -d account
> > 
> > I understand that I need to pipe mail for nym at hermetix.org into "nymbarond -d nym"
> > but I'm not sure what "deliver emails for this domain to: as user nymbaron" means.
> > (running as user nym, in my case, I guessed)
> 
> You need to deliver it to the command listed above.
>
> > | 3. Arrange for control message delivery.
> > 
> > What are those anyway? (pings?)
> 
> Control messages include nym creation, and any command from the user
> to the server (querying for new emails, providing new SURBs and so
> on).

Ah! make sense.

> > | The recommanded way is to assign a mixminion mailbox and route it to the nymserver
> > |   user on localhost. The server address you will have to advertise will look like "mbox:nymuser at nodename".
> > 
> > Ok so in my case something like mbox:nym at hermetix -> nym at hermetix.org (local) would be obvious but this confuses me:
> 
> You're using `nym at hermetix' for several purposes in this email. For
> every nymuser account, you need to pipe email sent to $NYM@$DOMAIN to
> `nymbaron -d $NYM'.

The virtual domain takes care of all those.

> Beside these user accounts, you also need an address for the server.
> I'm using a local mixminion mbox, which forwards to the local address
> of the nymserver username, which in turns uses procmail to pipe it to
> `nymbaron -m'.

that's nym at hermetix.org.

> > | If you choose
> > |   to host a nymbaron server without running a mixminion node you can advertise the nymserver user email address directly.
> > |   Make sure emails sent to this address are piped through the command
> > 
> > |   nymbarond -m
> > 
> > Is this for all control message delivery or just in case you advertised the nymserver user email address directly?
> 
> mixminion mbox address can't be piped directly to a command, AFAIK. So
> you need this: mixminion mbox -> local email -> procmail -> pipe to nymbaron.

Ok that's what mbox:nym at hermetix does by delivering to nym at hermetix.org

> Note that in this case, your local email could be a globally valid
> email address as well, such that user can choose to send their control
> message through the mixminion network with mbox delivery (more
> secure), or directly to the email address (less secure, easier for
> testing).
> 
> > Do I need to pipe control messages through a different command (line) than nym messages?
> 
> Yes, as explained above.

Ok, thanks. I guess I should have an internal email address for the
control messages so I can pipe it through the nymbarond -m

> > Where does nymbarond look for this file? I would guess in the user home dir, but still it's unclear.
> 
> You can use $HOME/.nymbaronrc as well.

Good to know.

> > So now I relay mail like this at the MTA level:
> > 
> > @nym.hermetix.org	nym
> > 
> > I have something like this in my mixminion aliases
> > 
> > nym:	nym at hermetix.org
> > 
> > I have a .forward in nym's home containing this:
> > 
> > "|/usr/bin/nymbarond -d nym"
> 
> That looks fine.

Except control messages will go through the same command line as nym
messages. Sorry if my confusion makes it harder than it is.

> > So I went on and tryed to create a test account on the server, heres the
> > transcript of the session (with backtrace):
> > 
> > | nobody at hermes ~ $ nymbaron create
> [...]
> > | IOError: [Errno 2] No such file or directory: '/tmp/tmpKyrxnp/surbs
> > nymbaron is version is 0.1.1
> > 
> > Any idea what might be the problem here?
> 
> You need to provide the server's address as mixminion understands it:
> 
>     mbox:nym at hermetix
>     smtp: ...
> 
> Or maybe it's something else.

I got the same versions running all right on another box. It must be
something else, but, finally, I would think it's on my side.

> Since the SURB-based scheme underlying nymbaron is insecure, you're
> now mostly on your own if you'd like to still use it.

Thanks a lot for your reply, anyway
--
PG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.noreply.org/pipermail/nym3-devel/attachments/20070831/38383841/attachment.pgp

More information about the Nym3-devel mailing list