Copyright 2006-2008
Patrick R. McDonald <marlowe@antagonism.org> (GPG key)This document last modified 2008-07-14 14:55:18 -0700
Echolot is a pinger program for anonymous remailers. A pinger program regular sends messages through remailers to determine their reliability, latency, configuration parameters and keys. It then offers these statistics in a format which enables a client to choose its chain of remailers.
When vpopmail writes a message to a Maildir, it writes the message with an owner of vpopmail and a group of vhckpw. The problem occurs when the echolot process (pingd) attempts to access the Maildir. Pingd can not read or write the files written by vpopmail due to permissions issues. The solution is to create a setuid wrapper which vpopmail calls from a .qmail file which writes echolot messages to a Maildir with permissions which are accessible to the pingd process.
By default, pingd assumes it will find emails in a Maildir named mail in ~pinger/echolot. This configuration is set by the "mailin" configuration variable in pingd.conf. The below example assumes the default. Change the commands as appropriate for your setup.
# maildirmake ~pinger/echolot/mail
# chown -R pinger.pinger ~pinger/echolot/mail
The first command creates the Maildir ~pinger/echolot/mail. The second command sets the ownership recursively to pinger.pinger.
# cd /usr/local/bin
# wget -c
http://www.antagonism.org/scripts/write-pinger-maildir
# chown root.root /usr/local/bin/write-pinger-maildir
# chmod 755 /usr/local/bin/write-pinger-maildir
The first line of the script sets the variable, NOW, to the output of the command, "date +%s". The second line sets the FILENAME to "file." followed by an eight digit hexadecimal conversion of the value in $NOW, followed by period, followed by a four digit hexadecimal conversion of the value in "$$", followed by ".tmp". An example of a value in $FILENAME is "file.48319C60.35D0.tmp". The third line sets the MAILDIR to /home/pinger/echolot/mail. Make sure to change this variable as appropriate. The next line copies the contents of STDIN to a file $MAILDIR/tmp/$FILENAME. The last line moves the previous file to the $MAILDIR/new directory so pingd can access it.
Next, you need to create a setuid wrapper for /usr/local/bin/write-pinger-maildir. To do so, we will use the general purpose setuid wrapper, wrapper1.c written by John Simpson.
# wget -c
http://www.jms1.net/code/wrapper1.c
# gcc -DPROG=\"/usr/local/bin/write-pinger-maildir\" -o
/usr/local/bin/pinger-wrapper wrapper1.c
# chown pinger.pinger /usr/local/bin/pinger-wrapper
# chmod 4755 /usr/local/bin/pinger-wrapper
The first line downloads the wrapper1.c program. The next line creates the setuid wrapper. The "-DPROG" option specifies the script, /usr/local/bin/write-pinger-maildir to run setuid. The "-o" option specifies the outfile, in this case /usr/local/bin/pinger-wrapper. Next two commands set the ownership to the user pinger and makes the binary setuid. This means when the binary is run, it runs with the permissions of pinger.
Next, you need to create a .qmail-pinger-default file so vpopmail will call pinger-wrapper every time a message for an address whose user portion begins with "pinger".
# echo "|/usr/local/bin/pinger-wrapper"
# chown vpopmail.vchkpw
~vpopmail/domains/domain.xyz/.qmail-pinger-default
# chmod 600 ~vpopmail/domains/domain.xyz/.qmail-pinger-default
After starting your pinger, you should announce it on the Remailer Operators List. Zax will add your pinger to the stats page.
|
Copyright 2006-2008
Patrick R. McDonald <marlowe@antagonism.org> (GPG key)