summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGab <24553253+gabrix73@users.noreply.github.com>2025-10-17 04:03:23 +0200
committerGitHub <noreply@github.com>2025-10-17 04:03:23 +0200
commit12ca56286bd668d7e344867deff74f86abf78e52 (patch)
tree4bed04fb680c98333dbe68f27c703562fd557924
parent849d88a19af784e07d6603db297c34816c083fc0 (diff)
downloadyamnweb-12ca56286bd668d7e344867deff74f86abf78e52.tar.gz
yamnweb-12ca56286bd668d7e344867deff74f86abf78e52.tar.xz
yamnweb-12ca56286bd668d7e344867deff74f86abf78e52.zip
Revise README for YAMN Web Interface
Updated README.md to enhance documentation and security features.
-rw-r--r--README.md801
1 files changed, 502 insertions, 299 deletions
diff --git a/README.md b/README.md
index 0743f46..3f21b25 100644
--- a/README.md
+++ b/README.md
@@ -1,71 +1,193 @@
-# πŸ” Guida Completa Installazione YAMN Web Interface
-
-## πŸ“‹ Indice
-1. [Prerequisiti](#prerequisiti)
-2. [Installazione Tor](#installazione-tor)
-3. [Installazione YAMN](#installazione-yamn)
-4. [Configurazione File Sicuri](#configurazione-file-sicuri)
-5. [Configurazione Nginx](#configurazione-nginx)
-6. [Configurazione PHP](#configurazione-php)
-7. [Configurazione Cronjob](#configurazione-cronjob)
-8. [Test FunzionalitΓ ](#test-funzionalitΓ )
-9. [Troubleshooting](#troubleshooting)
+# YAMN Web Interface - Mix Network Email Gateway
+
+![Status](https://img.shields.io/badge/status-operational-green)
+![Security](https://img.shields.io/badge/security-hardened-red)
+![Tor](https://img.shields.io/badge/tor-mandatory-purple)
+![License](https://img.shields.io/badge/license-MIT-blue)
+
+A hardened web interface for [YAMN (Yet Another Mix Network)](https://github.com/crooks/yamn) implementing military-grade operational security with mandatory Tor routing and zero metadata retention.
+
+## 🎯 Mission Statement
+
+This interface provides access to the YAMN remailer network. **All traffic is mandatorily routed through Tor before reaching the YAMN network.** The YAMN entry node receives connections exclusively from Tor exit nodes, ensuring the true origin IP address is never exposed.
+
+### Double-Layer Unlinkability
+
+```
+User β†’ Tor Network (3+ hops) β†’ Tor Exit Node β†’ YAMN Entry Remailer
+ ↓
+ YAMN sees only Tor IP
+ User IP: UNKNOWN
+```
+
+- **Layer 1 (Tor):** Conceals identity from YAMN network
+- **Layer 2 (YAMN):** Multi-hop mixing (minimum 3 remailers) prevents recipient from tracing back to entry point
+
+**Result:** Complete unlinkability between sender and recipient.
---
-## 1. Prerequisiti
+## πŸ›‘οΈ Security Features
+
+### Implemented Threat Mitigations
+
+| Threat | Mitigation | Implementation |
+|--------|------------|----------------|
+| **Traffic Analysis** | Padding + Cover traffic | Adaptive padding (512B-32KB) |
+| **Timing Attacks** | Randomized delays | 10-120s random intervals |
+| **Replay Attacks** | Message-ID cache | SQLite cache with 7-day expiration |
+| **Node Compromise** | Forward secrecy | Ephemeral keys per message |
+| **Size Correlation** | Adaptive padding | Standardized message sizes |
+| **Partial Network Observation** | Mixnet architecture | 3-hop minimum chain |
+| **Global Adversary** | Multi-hop routing | Tor + YAMN = 6+ total hops |
+| **Metadata Analysis** | No retention | Zero persistent logs |
+
+### Core Protection Principles
+
+- βœ… **Mandatory Tor Routing** - No exceptions, all traffic via Tor SOCKS5
+- βœ… **Zero Logging** - No access logs, no error logs, no metadata retention
+- βœ… **Military-Grade File Handling** - DoD 5220.22-M compliant deletion (3-pass overwrite)
+- βœ… **Replay Protection** - SHA256 message-ID cache with 7-day TTL
+- βœ… **Timing Obfuscation** - Random delays (10-120s) between operations
+- βœ… **Adaptive Padding** - Messages padded to standard sizes (512B, 1KB, 2KB, 4KB, 8KB, 16KB, 32KB)
+- βœ… **Input Validation** - All user input sanitized and validated
+- βœ… **Fortified Temporary Files** - Created in `/opt/yamn-data/pool/` with 0600 permissions
+- βœ… **Automatic Keyring Updates** - Downloads both stats and pubring.mix via Tor
+- βœ… **Multi-Source Redundancy** - 4 verified pinger sources with automatic fallback
-```bash
-# Sistema operativo supportato
-- Debian 11/12 o Ubuntu 20.04/22.04/24.04
+---
-# Software richiesto
-apt-get update
-apt-get install -y \
- tor \
- torsocks \
- nginx \
- php8.2-fpm \
- php8.2-curl \
- php8.2-sqlite3 \
- php8.2-mbstring \
- sqlite3 \
- curl \
- git
+## πŸ—οΈ Architecture
+
+```
+β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
+β”‚ User Browser β”‚
+β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
+ β”‚ HTTPS (TLS 1.3)
+ β–Ό
+β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
+β”‚ Nginx Web Server β”‚
+β”‚ (No logging enabled) β”‚
+β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
+ β”‚
+ β–Ό
+β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
+β”‚ PHP Frontend β”‚
+β”‚ β€’ index.php (Form interface) β”‚
+β”‚ β€’ send_email_with_tor.php (Message processing) β”‚
+β”‚ β€’ download_remailers.php (Auto-update) β”‚
+β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
+ β”‚
+ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
+ β”‚ β”‚
+ β–Ό β–Ό
+ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
+ β”‚ Tor SOCKS5 β”‚ β”‚ torsocks β”‚
+ β”‚ 127.0.0.1:9050 β”‚ β”‚ wrapper β”‚
+ β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
+ β”‚ β”‚
+ β–Ό β–Ό
+ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
+ β”‚ Tor Network (3+ hops) β”‚
+ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
+ β”‚
+ β–Ό
+ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
+ β”‚ Tor Exit Node β”‚
+ β”‚ (Only IP visible to YAMN) β”‚
+ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
+ β”‚
+ β–Ό
+ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
+ β”‚ YAMN Entry Remailer β”‚
+ β”‚ (Receives from Tor IP only) β”‚
+ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
+ β”‚
+ β–Ό
+ YAMN Network (3+ hops)
+ β”‚
+ β–Ό
+ Recipient
```
---
-## 2. Installazione Tor
+## πŸ“‹ Requirements
+
+### System Requirements
+
+- **OS:** Debian 11/12 or Ubuntu 20.04/22.04/24.04
+- **RAM:** 512MB minimum, 1GB recommended
+- **Disk:** 1GB free space
+- **Network:** Internet connectivity required
+
+### Software Dependencies
-### A. Installare Tor
```bash
-apt-get install -y tor torsocks
+# Core components
+- Tor 0.4.7+ (anonymity network)
+- torsocks (Tor wrapper for applications)
+- YAMN (remailer client)
+- Nginx 1.18+ (web server)
+- PHP 8.1+ with extensions:
+ - php-fpm
+ - php-curl
+ - php-sqlite3
+ - php-mbstring
+
+# Build tools (for YAMN compilation)
+- Go 1.19+ (for building YAMN from source)
+- git
+```
+
+---
+
+## πŸš€ Installation
+
+### Quick Start
+
+```bash
+# 1. Clone repository
+git clone https://github.com/gabrix73/yamnweb.git
+cd yamnweb
+
+# 2. Run installation script
+sudo ./install.sh
+
+# 3. Configure your domain in nginx
+sudo nano /etc/nginx/sites-available/yamnweb
+
+# 4. Test installation
+sudo -u www-data php test_download.php
```
-### B. Configurare Tor
+### Manual Installation
+
+#### Step 1: Install Tor
+
```bash
-# Backup configurazione originale
-cp /etc/tor/torrc /etc/tor/torrc.backup
+# Install Tor and torsocks
+apt-get update
+apt-get install -y tor torsocks
-# Creare nuova configurazione
+# Configure Tor
cat > /etc/tor/torrc << 'EOF'
-# SOCKS proxy con stream isolation
+# SOCKS proxy with stream isolation
SocksPort 127.0.0.1:9050 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9150 IsolateDestAddr IsolateDestPort
-# Control port per gestione circuiti
+# Control port for circuit management
ControlPort 127.0.0.1:9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
-# Ottimizzazione circuiti
+# Circuit optimization
CircuitBuildTimeout 60
LearnCircuitBuildTimeout 0
MaxCircuitDirtiness 600
NewCircuitPeriod 30
-# Stream isolation avanzata
+# Advanced stream isolation
IsolateClientAddr 1
IsolateSOCKSAuth 1
IsolateClientProtocol 1
@@ -73,80 +195,42 @@ IsolateClientProtocol 1
# Security
SafeLogging 1
WarnUnsafeSocks 1
-
-# Performance
-NumEntryGuards 8
-NumDirectoryGuards 3
-
-# Opzionale: Escludere nodi exit in certi paesi
-# ExcludeExitNodes {us},{gb},{au},{ca},{nz}
-# StrictNodes 0
EOF
-```
-### C. Avviare Tor
-```bash
+# Start Tor
systemctl enable tor
systemctl restart tor
systemctl status tor
-# Verificare che sia in ascolto
+# Verify Tor is running
netstat -tlnp | grep tor
-# Dovresti vedere:
-# 127.0.0.1:9050 (SOCKS)
-# 127.0.0.1:9051 (Control)
+# Should show: 127.0.0.1:9050 (SOCKS) and 127.0.0.1:9051 (Control)
```
-### D. Testare Tor
-```bash
-# Test 1: Connessione SOCKS
-curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip
+#### Step 2: Install YAMN
-# Dovrebbe mostrare: "IsTor":true
-
-# Test 2: Con torsocks
-torsocks curl https://check.torproject.org/api/ip
-```
-
----
-
-## 3. Installazione YAMN
-
-### A. Scaricare e compilare YAMN
```bash
-# Creare directory
+# Install Go compiler
+apt-get install -y golang-go
+
+# Download and build YAMN
mkdir -p /opt/yamn-build
cd /opt/yamn-build
-
-# Scaricare sorgenti
wget https://github.com/crooks/yamn/archive/refs/heads/master.zip
unzip master.zip
cd yamn-master
-
-# Installare Go se necessario
-apt-get install -y golang-go
-
-# Compilare
go build
-# Copiare binario
+# Install YAMN
mkdir -p /opt/yamn-master
cp yamn /opt/yamn-master/
chmod +x /opt/yamn-master/yamn
-# Verificare
-/opt/yamn-master/yamn --version
-```
-
-### B. Configurare YAMN
-```bash
-# Creare configurazione
+# Create configuration
cat > /opt/yamn-master/yamn.yml << 'EOF'
-# YAMN Configuration
-
remailer:
- name: "your-remailer" # Cambia con il tuo nome
- address: "yamn@yourdomain.com" # Cambia con la tua email
+ name: "your-remailer"
+ address: "yamn@yourdomain.com"
files:
pubring: "pubring.mix"
@@ -163,229 +247,153 @@ mail:
outfile: no
sendmail: yes
smtprelay: "localhost:25"
- # Se usi autenticazione SMTP:
- # smtpusername: "your-user"
- # smtppassword: "your-pass"
stats:
numcopies: 2
-# Client mode settings
chain:
length: 3
select: "*,*,*"
EOF
-# Creare directory necessarie
+# Create required directories
mkdir -p /opt/yamn-master/{pool,Maildir/{cur,new,tmp},chunkdb}
chmod 700 /opt/yamn-master/{pool,Maildir,chunkdb}
```
----
-
-## 4. Configurazione File Sicuri
+#### Step 3: Install Web Interface
-### A. Creare directory sicure
```bash
-# Directory per dati sensibili (fuori da web root!)
+# Create protected directories
mkdir -p /opt/yamn-data/{pool,cache,backups}
chmod 700 /opt/yamn-data
chown www-data:www-data /opt/yamn-data -R
-# Directory web
+# Install web files
mkdir -p /var/www/yamnweb
cd /var/www/yamnweb
-```
-### B. Copiare file sicuri
-```bash
-# Copiare i file PHP sicuri che hai ricevuto:
-# - downloadRemailers_secure.php
-# - tor_extension_secure.php
-# - send_secure.php
-# - index.php (interfaccia)
-# - styles.css
-
-# Impostare permessi
+# Copy application files
+# - index.php
+# - send_email_with_tor.php
+# - download_remailers.php
+# - tor_extension.php
+# - test_download.php
+# - cron_update.sh
+
+# Set permissions
chown www-data:www-data /var/www/yamnweb -R
chmod 755 /var/www/yamnweb
chmod 644 /var/www/yamnweb/*.php
-chmod 644 /var/www/yamnweb/*.css
+chmod 755 /var/www/yamnweb/*.sh
-# RIMUOVERE file log vecchi se presenti
-rm -f /var/www/yamnweb/*.log
-rm -f /var/www/yamnweb/*.txt
-```
-
-### C. Permettere a www-data di usare Tor
-```bash
+# Allow www-data to use Tor
usermod -a -G debian-tor www-data
```
----
+#### Step 4: Configure Nginx
-## 5. Configurazione Nginx
-
-### A. Creare configurazione sito
```bash
cat > /etc/nginx/sites-available/yamnweb << 'EOF'
server {
listen 80;
- server_name your-domain.com; # Cambia con il tuo dominio
-
- # Redirect to HTTPS
+ server_name your-domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
- server_name your-domain.com; # Cambia con il tuo dominio
+ server_name your-domain.com;
# TLS 1.3 only
ssl_protocols TLSv1.3;
ssl_ciphers 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384';
ssl_prefer_server_ciphers on;
- # SSL certificates (usa Let's Encrypt o certificati esistenti)
+ # SSL certificates
ssl_certificate /etc/ssl/certs/your-cert.pem;
ssl_certificate_key /etc/ssl/private/your-key.pem;
# HSTS
- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+ add_header Strict-Transport-Security "max-age=31536000" always;
- # NO LOGS - CRITICO!
+ # CRITICAL: NO LOGS
access_log off;
error_log /dev/null;
# Security headers
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
- add_header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline';" always;
+ add_header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none';" always;
add_header Referrer-Policy "no-referrer" always;
- add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
# Rate limiting
limit_req_zone $binary_remote_addr zone=yamnlimit:10m rate=10r/m;
limit_req zone=yamnlimit burst=5 nodelay;
root /var/www/yamnweb;
- index index.php index.html;
+ index index.php;
- # PHP processing
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- include fastcgi_params;
-
- # Hide PHP version
fastcgi_hide_header X-Powered-By;
}
- # Block access to sensitive files
location ~ /\.(ht|git|env|log|txt|bak|tmp)$ {
deny all;
}
-
- # Block access to secure directories
- location ~ ^/(pool|cache|backups|opt)/ {
- deny all;
- }
-
- # Disable autoindex
- autoindex off;
}
EOF
-# Abilitare sito
+# Enable site
ln -s /etc/nginx/sites-available/yamnweb /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
-# Test configurazione
+# Test and restart
nginx -t
-
-# Riavviare Nginx
systemctl restart nginx
```
----
-
-## 6. Configurazione PHP
+#### Step 5: Configure Automatic Updates
-### A. Configurare PHP-FPM
```bash
-# Modificare /etc/php/8.2/fpm/php.ini
+# Make cron script executable
+chmod +x /var/www/yamnweb/cron_update.sh
-cat >> /etc/php/8.2/fpm/php.ini << 'EOF'
-
-; Security settings
-display_errors = Off
-display_startup_errors = Off
-log_errors = Off
-error_log = /dev/null
-
-; Session security
-session.use_cookies = 0
-session.use_trans_sid = 0
-session.cookie_httponly = 1
-session.cookie_secure = 1
-session.cookie_samesite = Strict
-
-; File uploads
-file_uploads = Off
-upload_max_filesize = 0M
-
-; Execution limits
-max_execution_time = 300
-memory_limit = 256M
-
-; Extensions
-extension=curl
-extension=sqlite3
-extension=mbstring
-EOF
+# Add to crontab
+crontab -u www-data -e
-# Riavviare PHP-FPM
-systemctl restart php8.2-fpm
+# Add this line:
+*/6 * * * * /var/www/yamnweb/cron_update.sh
```
---
-## 7. Configurazione Cronjob
+## πŸ§ͺ Testing
+
+### Test 1: Verify Tor Connection
-### A. Installare script cron
```bash
-# Copiare script cron
-cp cron_update_remailers.sh /var/www/yamnweb/
-chmod +x /var/www/yamnweb/cron_update_remailers.sh
-chown www-data:www-data /var/www/yamnweb/cron_update_remailers.sh
+# Test Tor SOCKS proxy
+curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip
-# Aggiungere a crontab di www-data
-crontab -u www-data -e
+# Expected output: {"IsTor":true, ...}
-# Aggiungere questa riga:
-*/6 * * * * /var/www/yamnweb/cron_update_remailers.sh
-```
+# Test with torsocks
+torsocks curl https://check.torproject.org/api/ip
-### B. Creare log file
-```bash
-touch /var/log/yamn_cron.log
-touch /var/log/yamn_download.log
-chown www-data:www-data /var/log/yamn_*.log
-chmod 600 /var/log/yamn_*.log
+# Expected output: {"IsTor":true, ...}
```
----
+### Test 2: Test Remailer Download
-## 8. Test FunzionalitΓ 
-
-### A. Test manuale download
```bash
-# Eseguire come www-data
-sudo -u www-data php /var/www/yamnweb/test_remailer_download.php
+# Run as www-data user
+sudo -u www-data php /var/www/yamnweb/test_download.php
```
-Output atteso:
+**Expected output:**
```
=== YAMN Secure Downloader Test ===
@@ -404,9 +412,10 @@ Output atteso:
βœ… All checks passed! YAMN is ready to use.
```
-### B. Test invio email
+### Test 3: Test YAMN Sending
+
```bash
-# Creare messaggio di test
+# Create test message
cat > /tmp/test_message.txt << 'EOF'
From: anonymous@anonymous.invalid
To: your-test-email@example.com
@@ -415,143 +424,337 @@ Subject: YAMN Test Message
This is a test message sent through YAMN.
EOF
-# Inviare con yamn
+# Send via YAMN with Tor
cd /opt/yamn-master
torsocks ./yamn --mail --chain="*,*,*" --copies=1 < /tmp/test_message.txt
-# Controllare pool
+# Check pool directory
ls -la /opt/yamn-master/pool/
```
-### C. Test interfaccia web
-```bash
-# Aprire browser e navigare a:
-https://your-domain.com
-
-# Compilare form e inviare email di test
-# Verificare che:
-# 1. Form viene validato correttamente
-# 2. Email viene aggiunta al pool
-# 3. Nessun errore nei log
+### Test 4: Test Web Interface
+
+1. Open browser: `https://your-domain.com`
+2. Fill out the form with test data
+3. Submit message
+4. Verify success message appears
+5. Check no errors in system logs
+
+---
+
+## πŸ”§ Configuration
+
+### Tor Configuration
+
+Edit `/etc/tor/torrc`:
+
+```ini
+# Optional: Exclude certain countries from exit nodes
+# ExcludeExitNodes {us},{gb},{au},{ca},{nz}
+# StrictNodes 0
+
+# Performance tuning
+NumEntryGuards 8
+NumDirectoryGuards 3
+```
+
+### YAMN Configuration
+
+Edit `/opt/yamn-master/yamn.yml`:
+
+```yaml
+# Customize remailer settings
+remailer:
+ name: "your-remailer-name"
+ address: "yamn@your-domain.com"
+
+# SMTP settings (if using authenticated SMTP)
+mail:
+ sendmail: yes
+ smtprelay: "smtp.example.com:587"
+ smtpusername: "your-username"
+ smtppassword: "your-password"
+```
+
+### PHP Configuration
+
+Edit `/etc/php/8.2/fpm/php.ini`:
+
+```ini
+# Security settings
+display_errors = Off
+log_errors = Off
+error_log = /dev/null
+
+# Resource limits
+max_execution_time = 300
+memory_limit = 256M
+
+# Disable file uploads (security)
+file_uploads = Off
+```
+
+---
+
+## πŸ” How It Works
+
+### Message Flow
+
+1. **User submits message** via web form (HTTPS)
+2. **PHP validates input** and checks for replays (SHA256 message-ID)
+3. **Adaptive padding applied** to standardize message size
+4. **Random delay** (10-120 seconds) prevents timing correlation
+5. **Protected temporary file** created in `/opt/yamn-data/pool/` with 0600 permissions
+6. **torsocks wrapper** called: `torsocks yamn --mail --chain="*,*,*" ...`
+7. **All YAMN connections** automatically routed through Tor SOCKS5 (127.0.0.1:9050)
+8. **YAMN receives** connection from Tor exit node IP (user IP unknown)
+9. **Message encrypted** and sent through 3+ YAMN remailers
+10. **Temporary file** wiped (DoD 5220.22-M: 3-pass overwrite)
+11. **Message-ID stored** in replay cache (SQLite, 7-day TTL)
+
+### Tor Routing Implementation
+
+#### For Remailer List Downloads
+
+**File:** `download_remailers.php`
+
+```php
+// cURL configured with Tor SOCKS5 proxy
+curl_setopt_array($ch, [
+ CURLOPT_PROXY => '127.0.0.1:9050', // Tor SOCKS proxy
+ CURLOPT_PROXYTYPE => CURLPROXY_SOCKS5_HOSTNAME, // DNS via Tor
+ // ...
+]);
```
+#### For YAMN Message Sending
+
+**File:** `tor_extension.php`
+
+```php
+// torsocks wrapper forces all connections through Tor
+$command = sprintf(
+ 'torsocks %s --mail --chain=%s --copies=%d < %s',
+ '/opt/yamn-master/yamn',
+ $chain,
+ $copies,
+ $messageFile
+);
+```
+
+**How torsocks works:**
+- Uses `LD_PRELOAD` to intercept syscalls
+- Redirects `connect()` to Tor SOCKS5
+- Resolves DNS through Tor (prevents leaks)
+- Transparent to application (YAMN thinks it's connecting normally)
+
---
-## 9. Troubleshooting
+## πŸ“Š File Structure
-### Problema: "Tor is not available"
+```
+/var/www/yamnweb/
+β”œβ”€β”€ index.php # Main web interface
+β”œβ”€β”€ send_email_with_tor.php # Message processing
+β”œβ”€β”€ download_remailers.php # Auto-update remailer lists
+β”œβ”€β”€ tor_extension.php # Tor routing & YAMN interface
+β”œβ”€β”€ test_download.php # Testing utility
+└── cron_update.sh # Cronjob script
+
+/opt/yamn-master/
+β”œβ”€β”€ yamn # YAMN binary
+β”œβ”€β”€ yamn.yml # YAMN configuration
+β”œβ”€β”€ pubring.mix # Public keyring (auto-updated)
+β”œβ”€β”€ pool/ # Outgoing message queue
+β”œβ”€β”€ Maildir/ # Incoming mail (if running as server)
+└── chunkdb/ # Partial message reassembly
+
+/opt/yamn-data/
+β”œβ”€β”€ pool/ # Secure temp files
+β”œβ”€β”€ cache/
+β”‚ β”œβ”€β”€ remailers.txt # Downloaded stats
+β”‚ └── replay_cache.db # SQLite replay protection
+└── backups/ # Automatic backups
+ β”œβ”€β”€ remailers_*.bak
+ └── pubring_*.bak
+```
+
+---
+
+## πŸ› Troubleshooting
+
+### Problem: "Tor is not available"
+
+**Diagnosis:**
```bash
-# Verificare stato Tor
systemctl status tor
-
-# Verificare porte in ascolto
netstat -tlnp | grep tor
-
-# Test connessione
curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip
+```
-# Se non funziona, riavviare Tor
+**Solution:**
+```bash
systemctl restart tor
+journalctl -u tor -f
```
-### Problema: "Permission denied" su file
+### Problem: "Failed to download from all sources"
+
+**Diagnosis:**
```bash
-# Verificare proprietΓ 
-ls -la /opt/yamn-data/
-ls -la /opt/yamn-master/
+# Test manual download via Tor
+torsocks curl https://echolot.virebent.art/mlist2.txt
-# Correggere permessi
-chown www-data:www-data /opt/yamn-data -R
-chmod 700 /opt/yamn-data
-chmod 700 /opt/yamn-master/pool
+# Check Tor logs
+journalctl -u tor --since "10 minutes ago"
```
-### Problema: "Failed to download from all sources"
+**Solution:**
```bash
-# Test manuale connessione
-torsocks curl https://echolot.virebent.art/mlist2.txt
-
-# Verificare proxy Tor
-ps aux | grep tor
+# Restart Tor
+systemctl restart tor
-# Verificare configurazione PHP cURL
-php -i | grep -i curl
+# Request new circuit
+sudo -u debian-tor tor-control --signal NEWNYM
```
-### Problema: YAMN non invia messaggi
+### Problem: "Permission denied" on files
+
+**Solution:**
```bash
-# Verificare configurazione YAMN
-cat /opt/yamn-master/yamn.yml
+# Fix ownership
+chown www-data:www-data /opt/yamn-data -R
+chmod 700 /opt/yamn-data
-# Test manuale
+# Fix YAMN permissions
+chmod 700 /opt/yamn-master/pool
+chmod 700 /opt/yamn-master/Maildir
+```
+
+### Problem: Messages not sending
+
+**Diagnosis:**
+```bash
+# Test YAMN manually
cd /opt/yamn-master
-echo "Test" | ./yamn --mail --to test@example.com --stdout
+echo "Test" | torsocks ./yamn --mail --to test@example.com --stdout
-# Verificare pool
+# Check pool
ls -la /opt/yamn-master/pool/
-# Verificare pubring
+# Verify pubring.mix exists
ls -la /opt/yamn-master/pubring.mix
```
-### Log utili
+**Solution:**
```bash
-# Log nginx (se abilitati temporaneamente)
-tail -f /var/log/nginx/error.log
+# Force pubring download
+sudo -u www-data php -r "
+require 'download_remailers.php';
+\$d = new SecureRemailerDownloader();
+\$d->forceUpdate();
+"
+```
-# Log PHP
-tail -f /var/log/php8.2-fpm.log
+### Useful Logs
-# Log Tor
+```bash
+# Tor logs
journalctl -u tor -f
-# Log cron
+# Nginx logs (if temporarily enabled)
+tail -f /var/log/nginx/error.log
+
+# PHP logs
+tail -f /var/log/php8.2-fpm.log
+
+# Cron logs
tail -f /var/log/yamn_cron.log
```
---
-## 🎯 Checklist Finale
-
-- [ ] Tor installato e funzionante
-- [ ] YAMN compilato e configurato
-- [ ] Directory sicure create (/opt/yamn-data/)
-- [ ] Nginx configurato senza logging
-- [ ] PHP configurato correttamente
-- [ ] File PHP sicuri installati
-- [ ] Cronjob configurato
-- [ ] Test download completato con successo
-- [ ] Test invio email funzionante
-- [ ] Interfaccia web accessibile
-- [ ] Nessun file .log in /var/www/yamnweb/
-- [ ] Permessi corretti su tutti i file
+## πŸ”’ Security Checklist
+
+- [ ] Tor installed and running
+- [ ] torsocks installed and functional
+- [ ] YAMN compiled and configured
+- [ ] Secure directories created (`/opt/yamn-data/`)
+- [ ] Nginx configured **without logging** (`access_log off; error_log /dev/null;`)
+- [ ] PHP configured to not display errors
+- [ ] All web files owned by `www-data`
+- [ ] Cronjob configured for automatic updates
+- [ ] Test download completed successfully
+- [ ] Test message sent successfully
+- [ ] **No `.log` files in `/var/www/yamnweb/`**
+- [ ] Permissions correct (0700 for sensitive dirs, 0600 for sensitive files)
+- [ ] TLS 1.3 enabled with strong ciphers
+- [ ] Rate limiting active
+- [ ] Security headers configured
+- [ ] Replay protection tested
+- [ ] Timing delays verified
+
+---
+
+## πŸ“š References
+
+- **YAMN Project:** https://github.com/crooks/yamn
+- **YAMN Documentation:** https://mixmin.net/yamn.html
+- **Tor Project:** https://www.torproject.org/
+- **Mixmaster Protocol:** http://mixmaster.sourceforge.net/
+- **Victor's YAMN Pinger:** https://echolot.virebent.art/
+- **Remailer Best Practices:** https://www.freehaven.net/anonbib/
+
+---
+
+## ⚠️ Disclaimer
+
+This software is provided for legitimate privacy protection purposes. Users are responsible for complying with all applicable laws and regulations in their jurisdiction. The authors assume no liability for misuse.
+
+**Important:**
+- Use responsibly and ethically
+- Respect local laws and regulations
+- Do not use for illegal activities
+- Understand the implications of anonymous communication
+
+---
+
+## πŸ“œ License
+
+MIT License - See LICENSE file for details
+
+---
+
+## 🀝 Contributing
+
+Contributions welcome! Please:
+
+1. Fork the repository
+2. Create a feature branch (`git checkout -b feature/amazing-feature`)
+3. Commit your changes (`git commit -m 'Add amazing feature'`)
+4. Push to branch (`git push origin feature/amazing-feature`)
+5. Open a Pull Request
+
+**Security Issues:** Please report security vulnerabilities privately to the project maintainer
+
+---
+
+## πŸ“ž Support
+
+- **Issues:** https://github.com/gabrix73/yamnweb/issues
+- **Repository:** https://github.com/gabrix73/yamnweb
+- **Community:** https://groups.google.com/g/alt.privacy.anon-server
---
-## πŸ“š Riferimenti
+## πŸŽ–οΈ Credits
-- YAMN Documentation: https://mixmin.net/yamn.html
-- Tor Project: https://www.torproject.org/
-- Victor Yamn Pinger: https://echolot.virebent.art/
-- YAMN GitHub: https://github.com/crooks/yamn
+- **YAMN:** Created by [Zax/crooks](https://github.com/crooks)
+- **Tor Project:** https://www.torproject.org
+- **Mixmaster:** Original anonymous remailer protocol
+- **Remailer Community:** For maintaining the anonymous remailer network
---
-## πŸ”’ Note di Sicurezza
-
-**IMPORTANTE:**
-1. Disabilitare SEMPRE i log di Nginx
-2. Non salvare MAI metadata sensibili
-3. Tor SEMPRE obbligatorio per tutti i download e invii
-4. Verificare periodicamente che non ci siano file .log in /var/www/
-5. Mantenere aggiornati Tor e YAMN
-6. Usare HTTPS con TLS 1.3
-7. Rate limiting sempre attivo
-
-**Privacy:**
-- Nessun log IP
-- Nessun timestamp persistente
-- Replay protection attivo
-- Adaptive padding attivo
-- Randomized delays attivi
+**Status:** βœ… Operational | **Last Updated:** October 2025 | **Version:** 2.0