A nymserver is a mail server which stores emails on behalf of anonymous users. It provides long-term pseudonymous identities which can receive and send emails through the server, without revealing the user controling those identities.
nymbarond is an implementation of a type III nymserver, which is built upon the mixminion remailer network.
WARNING: this is still considered alpha quality software. Do NOT use it if you require strong anonymity.
nymbarond is not in intended to be called directly from the command line. Instead you have to arrange for it to be called automatically upon a mail delivery, or when receiving a control message.
-d accountAccept an incoming email for delivery to the specified account. Return non-zero on failure, possibly indicating an inexistant account or exceeded quota. The account name will most probably be the localpart of the recipient email address; e.g. account name is user if the recipient address is user@nymdomain.tld, although you may want to enable localpart suffixes like user-foo@nymdomain.tld in which case you should deal with that at the MTA level and only pass user as argument to nymbarond.
-mAccept a control message from stdin.
To be able to install a nymbaron server you will need to tweak your MTA configuration. Although this is currently not strictly needed, a mixminion server accepting at least mbox delivery is recommanded. Without it, some assumptions in the type III nymserver protocol are false and your hosted accounts are open to replay attacks.
LET ME MAKE THIS ABSOLUTELY CLEAR: SETTING UP A NYMSERVER WITHOUT AN ASSOCIATED MIXMINION SERVER IS A FLAWED CONFIGURATION THAT IS SOLELY ACCEPTABLE FOR TESTING PURPOSES.
A mixminion server will become a requirement in the future.
First create an unpriviledged system account, for example nymbaron, that will hold all nymuser emails and data and run the scripts. Chose a suitable homedir (I recommand something in /var/lib or /var/spool) and make sure other users don't have access to the homedir.
Chose an email domain that will host the nymuser email addresses. It's better to have a different domain that the regular domain used for the host. Configure your MTA to deliver emails for this domain to:
nymbarond -d account
as user nymbaron. If you're not familiar with your MTA, you will want to look for something named "pipe delivery" or similar. Please see the example configurations in the contrib directory.
Arrange for control message delivery. The recommanded way is to assign a mixminion mailbox and route it to the nymserver user on localhost. The server address you will have to advertise will look like "mbox:nymuser@nodename". If you choose to host a nymbaron server without running a mixminion node you can advertise the nymserver user email address directly. Make sure emails sent to this address are piped through the command
nymbarond -m
which will have to run as the chosen nymserver user.
Configure the nymserver. Copy the nymbaronrc file supplied in the contrib directory and adjust the variables to your needs. "path" is the directory where the users data will be stored, and "setupscript" is a script that is run when a new account is created (it lets you send a welcome email, for example).
Test your server. You should be able to create a new user account, receive an email sent from another host, retrieve that email, and send an email from your anonymous account to an email address hosted somewhere else.
Announce your server. We recommand sending an announcement to the alt.privacy.anon-server usenet group and to the nymbaron development mailing list nym3-devel@lists.noreply.org.
Copyright © 2004,2005 Jean-René Reinhard
<jr@komite.net>
and Laurent Fousse <laurent@komite.net>.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, provided that the above copyright notice(s) and this permission notice appear in all copies of the Software and that both the above copyright notice(s) and this permission notice appear in supporting documentation.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.