Nymserv Email Pseudonym Server
Perl Shell
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Some extremely brief instructions on setting up a hod.aarg.net style
nym server.  This assumes you already know about remailers and DNS,
and sendmail, and have already setup the appropriate DNS records
(either A or MX) to receive mail at a "nym" domain name on your

Make sure you have Perl 5.6 or later, installed with the DB_File
module.  Don't forget to run h2ph when installing perl (cd
/usr/include; h2ph *.h sys/*.h).  If you don't have DB_File, get db
from ftp.cs.berkeley.edu:/ucb/4bsd/db.1.85.tar.gz, install it, and
then reinstall perl so that the DB_File module is available.

Make sure you also have a Mixmaster remailer running.  You will need
to examine the $REMAIL variable and point it at your Mixmaster binary.

Create a new userid/groupid under which to run the nym.  Call it

Create a directory for your nym server to reside in, for example
/usr/nym.  Copy the nymserv perl script into /usr/nym, and make three
subdirectories of /usr/nym:  pgp, queue, and users.  Make sure pgp,
queue, and users are writeable by user nymuser.

Use 'su' to change to your nymserver's new user id, then create a
GnuPG key for your nymserver as follows:

   gpg --gen-key

You will want to make sure that the email addresses for the user id
cover both send@<your-nym-domain> and config@<your-nym-domain>.  For
example, the hod.aarg.net key looks like this:

   pub  1024D/9721FD57 2002-01-29 Hod Nymserver <send@hod.aarg.net>
   uid                            Hod Nymserver <config@hod.aarg.net>
   sub  1024g/9A21D444 2002-01-29

Put the key's GnuPG passphrase in the file pgp/passphrase.

Create files /usr/nym/users/postmaster.forward and
/usr/nym/users/admin.forward which contain your real email address.
Create a file users/remailer-key.reply which contains the GnuPG public
key you just created.  Create a ring prototype file by running
commands similar to those below.

   echo 'From: nobody@nym.alias.net' > users/remailer-key.reply
   echo 'Subject: PGP key for nym.alias.net' >> users/remailer-key.reply
   echo '' >> users/remailer-key.reply
   gpg --armor --export $YOUR_NEW_KEY_ID >> users/remailer-key.reply

   cp pgp/pubring.pgp ring-proto.pgp

Edit the configuration variables in the nymserver.pl script to set
your machine name, nymuser keyid (this must be the long keyid as given
by "gpg --with-colons --list-key"), domain names, and the paths
to the needed binaries. You will need the GnuPG::Interface and
Digest::MD5 perl modules, which you can download at CPAN

If you have an A record for your nymserver, set up finger support.
Put a line like this in /etc/inetd.conf:

finger	stream	tcp	nowait	nymuser	/usr/nym/nymserv nymserv -fingerd

Finally, make a new sendmail.cf file which sends all mail to the nym
domain name through the nymserver.  What follows is an example ".mc"
file suitable for use with sendmail 8.7.5.


# Example sendmail configuration for a nymserver


dnl  Set your Operating system type below

dnl  These flags are necessary to encure privacy (and to prevent nym
dnl  from lines from being rewritten with names of actual users in the
dnl  password file):
define(`confFROM_HEADER', `$g')dnl
define(`confLOG_LEVEL', `1')dnl
define(`confTO_IDENT', `0s')dnl
define(`HReceived', `H?R?Received')dnl

dnl  Recommended:
define(`confMIME_FORMAT_ERRORS', `False')dnl

dnl  Uncomment the following line if you want procmail used for local
dnl  mail:
dnl  FEATURE(local_procmail)


###   alias mailer specification   ###

dnl  Note here that 8888 should be changed to the user ID of the nym
dnl  user, and 9999 should be changed to the group ID of that user.
Mnym,		P=/usr/nym/nymserv, F=DFMehluS, L=255, T=X-Unix,
		U=8888 9999, S=10/30, R=20/40,
		A=nymserv -d $u




dnl  Replace nym.alias.net with the actual name of your nymserver.
# Redirect the alias mail to the alias mailer
R$+<@nym.alias.net.>	$#nym $: $1

Here are some additional configuration tips for Postfix users supplied
by Peter Palfrader (peter@palfrader.org).  I haven't tried them, and
hopefully some other Postfix users can clarify this if it needs any fixes.

Use a transport by adding the following to etc/postfix/master.cf:

# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (50)
nymserver unix  -       n       n       -       -       pipe
  flags=FR user=nymserv argv=/usr/local/bin/nymserv -d $recipient

Add the following to your transport table (for instance /etc/postfix/transport):

nym.example.com		nymserver:

Run postmap /etc/postfix/transport, and make sure you have

transport_maps = hash:/etc/postfix/transport

in your main.cf.  Then, add nym.example.com to your relay_domains setting
in main.cf:

relay_domains = ....... nym.example.com

If you don't have a relay_domains setting yet, use the "postconf relay_domains"
command to find out what the default is, then add this - with the addition
of the nymserver domain - to main.cf.


If your MTA is exim, you can follow these instructions :

1) make sure you accept mail for the nym domain, so put a line 

 accept domains = nym.alias.net

in your acl section.

2) tell exim the nym domain is to be considered local and should not
be catched by a dnslookup routeur.

3) add a routeur for your nym domain :

    debug_print = "R: nymserv for $local_part@$domain"
    driver = accept
    domains = +nymdomains
    transport = nymserv_pipe

Don't set any local_part_suffix as it would probably break alias used
(remailer-key for example).

4) add the nymserv_pipe transport :

    debug_print = "T: nymserv_pipe for $local_part@$domain"
    driver = pipe
    user = nymserv
    group = nymserv
    path = "/bin:/usr/bin:/usr/local/bin"
    command = "/var/lib/nymserv/nymserver.pl -d $local_part"


An additional guide to setting up Nymserv with some great information
and useful complaints about the lack of documentation may be found