diff options
| author | Gab <24553253+gabrix73@users.noreply.github.com> | 2025-10-17 03:50:50 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-10-17 03:50:50 +0200 |
| commit | d48192b086fab1c11e558512e7bf9ca5d80d95b2 (patch) | |
| tree | 42704f977e6e766508800f9502c18923238f4200 | |
| parent | 4f031eecf8ec6db4110baf2399b85ec4b90419a2 (diff) | |
| download | yamnweb-d48192b086fab1c11e558512e7bf9ca5d80d95b2.tar.gz yamnweb-d48192b086fab1c11e558512e7bf9ca5d80d95b2.tar.xz yamnweb-d48192b086fab1c11e558512e7bf9ca5d80d95b2.zip | |
Revise README with comprehensive installation guide
Updated README to include detailed installation and configuration instructions for YAMN Web Interface, including prerequisites, installation steps for Tor and YAMN, Nginx configuration, PHP settings, and troubleshooting tips.
| -rw-r--r-- | README.md | 571 |
1 files changed, 556 insertions, 15 deletions
@@ -1,16 +1,557 @@ -<b>Yamn Web Interface</b><br> -<p>This repository contains a web interface for <a href="https://github.com/crooks/yamn"><em>crooks/yamn</em></a>, a user-friendly web application designed to facilitate the sending of anonymous emails through a chain of remailers using the yamn network.<br> -The interface is built using HTML5, CSS3, and PHP.</p> - -<b>Instructions</b><br> -<p>Make this repository as your http daemon document's root <pre>/var/www/yamnweb</pre><br> -Create a subdirectory pool/ in /var/www/yamnweb.</p> -<b>Clone down crooks yamn client</b><br> -<pre>git clone https://github.com/crooks/yamn /opt/yamn-master </pre> -<p>Build and ensure the GO Yamn executable path is located at /opt/yamn-master/yamn.<br> -Update the configuration file /opt/yamn-master/yamn.yml with the appropriate settings for your environment.</p> - -<b>It's recommended</b><br> -<p>Configure your http daemon with TLSv1.3 and the following SSL cipher suite: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384.</p> -<p>Make sure your http daemon does not collect ip accesses via module or by commenting out the access logs entirely.<br> +# 🔐 Guida Completa Installazione YAMN Web Interface Sicura + +## 📋 Indice +1. [Prerequisiti](#prerequisiti) +2. [Installazione Tor](#installazione-tor) +3. [Installazione YAMN](#installazione-yamn) +4. [Configurazione File Sicuri](#configurazione-file-sicuri) +5. [Configurazione Nginx](#configurazione-nginx) +6. [Configurazione PHP](#configurazione-php) +7. [Configurazione Cronjob](#configurazione-cronjob) +8. [Test Funzionalità](#test-funzionalità) +9. [Troubleshooting](#troubleshooting) + +--- + +## 1. Prerequisiti + +```bash +# Sistema operativo supportato +- Debian 11/12 o Ubuntu 20.04/22.04/24.04 + +# Software richiesto +apt-get update +apt-get install -y \ + tor \ + torsocks \ + nginx \ + php8.2-fpm \ + php8.2-curl \ + php8.2-sqlite3 \ + php8.2-mbstring \ + sqlite3 \ + curl \ + git +``` + +--- + +## 2. Installazione Tor + +### A. Installare Tor +```bash +apt-get install -y tor torsocks +``` + +### B. Configurare Tor +```bash +# Backup configurazione originale +cp /etc/tor/torrc /etc/tor/torrc.backup + +# Creare nuova configurazione +cat > /etc/tor/torrc << 'EOF' +# SOCKS proxy con stream isolation +SocksPort 127.0.0.1:9050 IsolateDestAddr IsolateDestPort +SocksPort 127.0.0.1:9150 IsolateDestAddr IsolateDestPort + +# Control port per gestione circuiti +ControlPort 127.0.0.1:9051 +CookieAuthentication 1 +CookieAuthFileGroupReadable 1 + +# Ottimizzazione circuiti +CircuitBuildTimeout 60 +LearnCircuitBuildTimeout 0 +MaxCircuitDirtiness 600 +NewCircuitPeriod 30 + +# Stream isolation avanzata +IsolateClientAddr 1 +IsolateSOCKSAuth 1 +IsolateClientProtocol 1 + +# Security +SafeLogging 1 +WarnUnsafeSocks 1 + +# Performance +NumEntryGuards 8 +NumDirectoryGuards 3 + +# Opzionale: Escludere nodi exit in certi paesi +# ExcludeExitNodes {us},{gb},{au},{ca},{nz} +# StrictNodes 0 +EOF +``` + +### C. Avviare Tor +```bash +systemctl enable tor +systemctl restart tor +systemctl status tor + +# Verificare che sia in ascolto +netstat -tlnp | grep tor +# Dovresti vedere: +# 127.0.0.1:9050 (SOCKS) +# 127.0.0.1:9051 (Control) +``` + +### D. Testare Tor +```bash +# Test 1: Connessione SOCKS +curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip + +# Dovrebbe mostrare: "IsTor":true + +# Test 2: Con torsocks +torsocks curl https://check.torproject.org/api/ip +``` + +--- + +## 3. Installazione YAMN + +### A. Scaricare e compilare YAMN +```bash +# Creare directory +mkdir -p /opt/yamn-build +cd /opt/yamn-build + +# Scaricare sorgenti +wget https://github.com/crooks/yamn/archive/refs/heads/master.zip +unzip master.zip +cd yamn-master + +# Installare Go se necessario +apt-get install -y golang-go + +# Compilare +go build + +# Copiare binario +mkdir -p /opt/yamn-master +cp yamn /opt/yamn-master/ +chmod +x /opt/yamn-master/yamn + +# Verificare +/opt/yamn-master/yamn --version +``` + +### B. Configurare YAMN +```bash +# Creare configurazione +cat > /opt/yamn-master/yamn.yml << 'EOF' +# YAMN Configuration + +remailer: + name: "your-remailer" # Cambia con il tuo nome + address: "yamn@yourdomain.com" # Cambia con la tua email + +files: + pubring: "pubring.mix" + secring: "secring.mix" + pooldir: "pool" + maildir: "Maildir" + chunkdb: "chunkdb" + +urls: + pubring: "https://echolot.virebent.art/pubring.mix" + stats: "https://echolot.virebent.art/mlist2.txt" + +mail: + outfile: no + sendmail: yes + smtprelay: "localhost:25" + # Se usi autenticazione SMTP: + # smtpusername: "your-user" + # smtppassword: "your-pass" + +stats: + numcopies: 2 + +# Client mode settings +chain: + length: 3 + select: "*,*,*" +EOF + +# Creare directory necessarie +mkdir -p /opt/yamn-master/{pool,Maildir/{cur,new,tmp},chunkdb} +chmod 700 /opt/yamn-master/{pool,Maildir,chunkdb} +``` + +--- + +## 4. Configurazione File Sicuri + +### A. Creare directory sicure +```bash +# Directory per dati sensibili (fuori da web root!) +mkdir -p /opt/yamn-data/{pool,cache,backups} +chmod 700 /opt/yamn-data +chown www-data:www-data /opt/yamn-data -R + +# Directory web +mkdir -p /var/www/yamnweb +cd /var/www/yamnweb +``` + +### B. Copiare file sicuri +```bash +# Copiare i file PHP sicuri che hai ricevuto: +# - downloadRemailers_secure.php +# - tor_extension_secure.php +# - send_secure.php +# - index.php (interfaccia) +# - styles.css + +# Impostare permessi +chown www-data:www-data /var/www/yamnweb -R +chmod 755 /var/www/yamnweb +chmod 644 /var/www/yamnweb/*.php +chmod 644 /var/www/yamnweb/*.css + +# RIMUOVERE file log vecchi se presenti +rm -f /var/www/yamnweb/*.log +rm -f /var/www/yamnweb/*.txt +``` + +### C. Permettere a www-data di usare Tor +```bash +usermod -a -G debian-tor www-data +``` + +--- + +## 5. Configurazione Nginx + +### A. Creare configurazione sito +```bash +cat > /etc/nginx/sites-available/yamnweb << 'EOF' +server { + listen 80; + server_name your-domain.com; # Cambia con il tuo dominio + + # Redirect to HTTPS + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + server_name your-domain.com; # Cambia con il tuo dominio + + # TLS 1.3 only + ssl_protocols TLSv1.3; + ssl_ciphers 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384'; + ssl_prefer_server_ciphers on; + + # SSL certificates (usa Let's Encrypt o certificati esistenti) + ssl_certificate /etc/ssl/certs/your-cert.pem; + ssl_certificate_key /etc/ssl/private/your-key.pem; + + # HSTS + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + # NO LOGS - CRITICO! + access_log off; + error_log /dev/null; + + # Security headers + add_header X-Frame-Options "DENY" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline';" always; + add_header Referrer-Policy "no-referrer" always; + add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always; + + # Rate limiting + limit_req_zone $binary_remote_addr zone=yamnlimit:10m rate=10r/m; + limit_req zone=yamnlimit burst=5 nodelay; + + root /var/www/yamnweb; + index index.php index.html; + + # PHP processing + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + # Hide PHP version + fastcgi_hide_header X-Powered-By; + } + + # Block access to sensitive files + location ~ /\.(ht|git|env|log|txt|bak|tmp)$ { + deny all; + } + + # Block access to secure directories + location ~ ^/(pool|cache|backups|opt)/ { + deny all; + } + + # Disable autoindex + autoindex off; +} +EOF + +# Abilitare sito +ln -s /etc/nginx/sites-available/yamnweb /etc/nginx/sites-enabled/ +rm -f /etc/nginx/sites-enabled/default + +# Test configurazione +nginx -t + +# Riavviare Nginx +systemctl restart nginx +``` + +--- + +## 6. Configurazione PHP + +### A. Configurare PHP-FPM +```bash +# Modificare /etc/php/8.2/fpm/php.ini + +cat >> /etc/php/8.2/fpm/php.ini << 'EOF' + +; Security settings +display_errors = Off +display_startup_errors = Off +log_errors = Off +error_log = /dev/null + +; Session security +session.use_cookies = 0 +session.use_trans_sid = 0 +session.cookie_httponly = 1 +session.cookie_secure = 1 +session.cookie_samesite = Strict + +; File uploads +file_uploads = Off +upload_max_filesize = 0M + +; Execution limits +max_execution_time = 300 +memory_limit = 256M + +; Extensions +extension=curl +extension=sqlite3 +extension=mbstring +EOF + +# Riavviare PHP-FPM +systemctl restart php8.2-fpm +``` + +--- + +## 7. Configurazione Cronjob + +### A. Installare script cron +```bash +# Copiare script cron +cp cron_update_remailers.sh /var/www/yamnweb/ +chmod +x /var/www/yamnweb/cron_update_remailers.sh +chown www-data:www-data /var/www/yamnweb/cron_update_remailers.sh + +# Aggiungere a crontab di www-data +crontab -u www-data -e + +# Aggiungere questa riga: +*/6 * * * * /var/www/yamnweb/cron_update_remailers.sh +``` + +### B. Creare log file +```bash +touch /var/log/yamn_cron.log +touch /var/log/yamn_download.log +chown www-data:www-data /var/log/yamn_*.log +chmod 600 /var/log/yamn_*.log +``` + +--- + +## 8. Test Funzionalità + +### A. Test manuale download +```bash +# Eseguire come www-data +sudo -u www-data php /var/www/yamnweb/test_remailer_download.php +``` + +Output atteso: +``` +=== YAMN Secure Downloader Test === + +1. Checking current status... + Tor status: Available + +2. Testing download (this may take 1-3 minutes due to random delays)... + ✅ Download successful! + +3. Verifying downloaded files... + ✅ Stats file OK (XXXX bytes) + ✅ Keyring file OK (XXXX bytes) + Detected approximately XX key entries + +=== Test Complete === +✅ All checks passed! YAMN is ready to use. +``` + +### B. Test invio email +```bash +# Creare messaggio di test +cat > /tmp/test_message.txt << 'EOF' +From: anonymous@anonymous.invalid +To: your-test-email@example.com +Subject: YAMN Test Message + +This is a test message sent through YAMN. +EOF + +# Inviare con yamn +cd /opt/yamn-master +torsocks ./yamn --mail --chain="*,*,*" --copies=1 < /tmp/test_message.txt + +# Controllare pool +ls -la /opt/yamn-master/pool/ +``` + +### C. Test interfaccia web +```bash +# Aprire browser e navigare a: +https://your-domain.com + +# Compilare form e inviare email di test +# Verificare che: +# 1. Form viene validato correttamente +# 2. Email viene aggiunta al pool +# 3. Nessun errore nei log +``` + +--- + +## 9. Troubleshooting + +### Problema: "Tor is not available" +```bash +# Verificare stato Tor +systemctl status tor + +# Verificare porte in ascolto +netstat -tlnp | grep tor + +# Test connessione +curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip + +# Se non funziona, riavviare Tor +systemctl restart tor +``` + +### Problema: "Permission denied" su file +```bash +# Verificare proprietà +ls -la /opt/yamn-data/ +ls -la /opt/yamn-master/ + +# Correggere permessi +chown www-data:www-data /opt/yamn-data -R +chmod 700 /opt/yamn-data +chmod 700 /opt/yamn-master/pool +``` + +### Problema: "Failed to download from all sources" +```bash +# Test manuale connessione +torsocks curl https://echolot.virebent.art/mlist2.txt + +# Verificare proxy Tor +ps aux | grep tor + +# Verificare configurazione PHP cURL +php -i | grep -i curl +``` + +### Problema: YAMN non invia messaggi +```bash +# Verificare configurazione YAMN +cat /opt/yamn-master/yamn.yml + +# Test manuale +cd /opt/yamn-master +echo "Test" | ./yamn --mail --to test@example.com --stdout + +# Verificare pool +ls -la /opt/yamn-master/pool/ + +# Verificare pubring +ls -la /opt/yamn-master/pubring.mix +``` + +### Log utili +```bash +# Log nginx (se abilitati temporaneamente) +tail -f /var/log/nginx/error.log + +# Log PHP +tail -f /var/log/php8.2-fpm.log + +# Log Tor +journalctl -u tor -f + +# Log cron +tail -f /var/log/yamn_cron.log +``` + +--- + +## 🎯 Checklist Finale + +- [ ] Tor installato e funzionante +- [ ] YAMN compilato e configurato +- [ ] Directory sicure create (/opt/yamn-data/) +- [ ] Nginx configurato senza logging +- [ ] PHP configurato correttamente +- [ ] File PHP sicuri installati +- [ ] Cronjob configurato +- [ ] Test download completato con successo +- [ ] Test invio email funzionante +- [ ] Interfaccia web accessibile +- [ ] Nessun file .log in /var/www/yamnweb/ +- [ ] Permessi corretti su tutti i file + +--- + +## 📚 Riferimenti + +- YAMN Documentation: https://mixmin.net/yamn.html +- Tor Project: https://www.torproject.org/ +- Victor Yamn Pinger: https://echolot.virebent.art/ +- YAMN GitHub: https://github.com/crooks/yamn + +--- + +## 🔒 Note di Sicurezza + +**IMPORTANTE:** +1. Disabilitare SEMPRE i log di Nginx +2. Non salvare MAI metadata sensibili +3. Tor SEMPRE obbligatorio per tutti i download e invii +4. Verificare periodicamente che non ci siano file .log in /var/www/ +5. Mantenere aggiornati Tor e YAMN +6. Usare HTTPS con TLS 1.3 +7. Rate limiting sempre attivo + +**Privacy:** +- Nessun log IP +- Nessun timestamp persistente +- Replay protection attivo +- Adaptive padding attivo +- Randomized delays attivi |
