Install Echolot YAMN Pinger on a VPS

This tutorial assumes a working VPS server, Debian or Ubuntu installed, with a working MTA (we recommend Postfix) and a Web server installed so that you can serve your pinger's stats pages to the public. These instructions borrow heavily from the original installation instructions for Peter Palfrader's Echolot program.

PART 1: Set up a dedicated instance of YAMN as client. Your new pinger will need YAMN in order to encrypt and decrypt ping messages.

PART 2: Set up Echolot Pinger (originally designed for Cypherpunk & Mixmaster remailers) and make it work with YAMN remailers instead.

PART 3: Add all known YAMN remailer addresses to your YAMN pinger



PART 1: Set up a dedicated instance of YAMN as client

  • As root or as a sudo user create a new user named 'echolot':

    root@vps:~$ adduser echolot
  • Next, install Git which will, later in this tutorial, allow you to download the YAMN source code from Zax's Github repository:

    root@vps:~$ apt install git
  • Install a few more things needed to run your new YAMN Pinger service:

    root@vps:~$ apt install procmail
    root@vps:~$ apt install perl
    root@vps:~$ apt install libgnupg-interface-perl libhtml-template-perl
  • While we are root we should make some necessary changes to our MTA. Assuming Postfix. Ensure these 2 lines are present in your /etc/postfix/main.cf file:

    # Echolot needs to understand user-defined mailboxes so that email addresses
    # like echolot+ping=1583008800=4c84ad53@yourdomain.com will reach your pinger's mailbox.
    recipient_delimiter = +

    # Your pinger relies on Procmail
    mailbox_command = /usr/bin/procmail

    Save and close main.cf and then reload Postfix:

    root@vps:~$ systemctl reload postfix
  • NOTE: If you are using an MTA other than Postfix consult your MTA's documentation to determine how to enable user-defined mailboxes.

  • Logout of root. Login as new user 'echolot'.

  • Install the Go language, for exclusive use by user 'echolot', by following the tutorial HERE.

  • Now let's build the YAMN binary from source. Your new pinger service will need this YAMN binary to function.

    Download the YAMN source code:

    echolot@vps:~$ go get github.com/crooks/yamn

    Move to the folder where YAMN's source code now resides

    echolot@vps:~$ cd ~/go/src/github.com/crooks/yamn
  • Now build the YAMN binary with this command:

    echolot@vps:~/go/src/github.com/crooks/yamn$ go build

    If all went well you should see a newly created binary file called yamn inside the source code folder ~/go/src/github.com/crooks/yamn/

  • Create a folder for your new YAMN binary:

    echolot@vps:~$ mkdir ~/yamn
  • Copy the new yamn binary into your new yamn folder. Your Echolot YAMN pinger is going to need this binary.

    echolot@vps:~$ cp ~/go/src/github.com/crooks/yamn/yamn ~/yamn
  • Now you need to place a yamn.cfg file in that folder. Download this one designed specifically for a YAMN client dedicated to a pinger service: yamn.cfg. Put it in folder /home/echolot/yamn

    echolot@vps:~$ wget --no-check-certificate https://www.sec3.net/yamnhelp/pinger/yamn.cfg
    echolot@vps:~$ mv yamn.cfg ~/yamn

    To make this yamn.cfg work for you you will need to edit the "SMTPRelay" value to the name of your hostname. SMTPRelay should be set to the same value that your Postfix's main.cf uses for 'myhostname'. For example, SEC3.NET's myhostname is morello.sec3.net.

    You will also need to customize this line:

    Pipe = "/usr/sbin/sendmail -f echolot@yourdomain.com -t"

    Change "echolot@yourdomain.com" to your proper pinger address. Some acceptable pinger addresses: echolot@beeblebrox.co.uk or echolot@dreamscape.net

  • You should now have 2 files inside /home/echolot/yamn:

    yamn (binary)
    yamn.cfg

    That's all that you need. Don't improvise by adding any more files like pubring.mix or anything else. Your new pinger will generate any yamn files it needs as it needs them. For the moment just ensure those 2 files and only those 2 files are in your yamn folder.

  • Congratulations! END OF PART 1.



PART 2: Set up your Echolot YAMN Pinger

  • Continue as regular user 'echolot'.

    Download Peter Palfrader's open source Echolot program from HERE.

  • echolot@vps:~$ wget --no-check-certificate https://github.com/crooks/echolot/archive/master.zip

    Extract the Zip file master.zip. (If you encounter an error you probably don't have the Unzip program installed. As root or as sudo user do "apt install unzip" and try again.)

    echolot@vps:~$ unzip master.zip
  • Move the extracted files into a new folder ~/echolot:

    echolot@vps:~$ mv echolot-master /home/echolot/echolot
  • Now let's move to our new echolot folder:

    echolot@vps:~$ cd ~/echolot

  • Delete the sample file pingd.conf.sample. In its place we will use this pingd.conf file. Download it to ~/echolot.

    echolot@vps:~/echolot$ wget --no-check-certificate https://www.sec3.net/yamnhelp/pinger/pingd.conf

    This is a working config file that I use for my Cloaked Yamn Pinger. You will therefore need to edit some lines to make it your own. These parts need to be changed to match your pinger's identity:
    'sitename'
    'my_domain'
    'operator_address'

    Save and close pingd.conf.

  • Incoming email will be delivered to /home/echolot/echolot/mail. We need to create that mailbox:

    echolot@vps:~$ mkdir /home/echolot/echolot/mail

    Make sure the directory is owned by user 'echolot':

    echolot@vps:~$ chown echolot. /home/echolot/echolot/mail
  • With procmail now active in your MTA, download this .procmailrc file, place it in the root of user echolot's home folder along side your .bashrc and .profile files, and rename it to its correct filename .procmailrc.

    echolot@vps:~$ wget --no-check-certificate https://www.sec3.net/yamnhelp/pinger/dot-procmailrc
    echolot@vps:~$ mv dot-procmailrc .procmailrc
  • Double-check to make sure that all of Echolot's files and sub-directories ( /home/echolot/echolot/* ) are owned by user 'echolot'.

  • Now before we actually proceed to PART 3 and add public YAMN remailer addresses to our new pinger we need to change the contents of two Echolot files so that it will understand that we are using YAMN and not Mixmaster:

    1) Replace /home/echolot/echolot/Echolot/Conf.pm with this tweaked Conf.pm file. Thank you, Zax for this patch.

    echolot@vps:~$ wget --no-check-certificate https://www.sec3.net/yamnhelp/pinger/Conf.pm
    echolot@vps:~$ mv Conf.pm ~/echolot/Echolot

    2) Replace /home/echolot/echolot/templates/echolot.html with this YAMN-specific echolot.html file.

    echolot@vps:~$ wget --no-check-certificate https://www.sec3.net/yamnhelp/pinger/echolot.html
    echolot@vps:~$ mv echolot.html ~/echolot/templates
  • Logout as user 'echolot' and, once more, login as root or sudo user.

    We need to create a Systemd service to automatically start your YAMN pinger after a VPS crash or a reboot. As root follow this short HOWTO on how to create and enable this service: create-pinger-service.txt, and then return to this tutorial.

  • Congratulations! END OF PART 2.



PART 3: Add all known YAMN remailer addresses to your YAMN pinger

  • As user 'echolot' open two terminal windows.

    In the first terminal window change into the directory where your pinger resides.

    echolot@vps:~$ cd ~/echolot

    And now type these commands:

    echolot@vps:~/echolot$ ./pingd --detach start
    echolot@vps:~/echolot$ tail -f pingd.log
  • In the second terminal window, change into the directory where your pinger resides.

    echolot@vps:~$ cd ~/echolot

    And now add remailer addresses one by one:

    echolot@vps:~/echolot$ ./pingd add address
    echolot@vps:~/echolot$ ./pingd add address
    echolot@vps:~/echolot$ ./pingd add address

    where address is a public yamn remailer, like yamn@300baud.de. At present there are 11 of them.

    Next type this command:

    echolot@vps:~/echolot$ ./pingd getkeyconf

  • Now wait approx. 15-30 minutes for Echolot to start receiving results back from the remailers that you requested keys from.

    Monitor the first terminal in which you started pingd. You should see the contents of Echolot's log file in real time as remailer addresses are returning to you their keys and config files.

  • After about 1 hour go to the second terminal window and execute these 3 commands to update the remailer keys and configs in your Yamn pinger. In the future this will be done for you automatically every 24 hours but for the initial setup we will want to do it manually:

    echolot@vps:~/echolot$ ./pingd buildkeys
    echolot@vps:~/echolot$ ./pingd buildstats
    echolot@vps:~/echolot$ ./pingd buildthesaurus
  • Now navigate to Echolot's /results folder:

    echolot@vps:~/echolot$ cd /home/echolot/echolot/results

    Have a look at the files in there.

    echolot@vps:~/echolot/results$ cat mlist.txt
    echolot@vps:~/echolot/results$ cat pubring.mix

    Those files should list a few remailers. Eventually, in a few hours, all remailers should be listed therein.

  • While we are in the /results folder let's use this opportunity to create a symbolic link:

    echolot@vps:~/echolot/results$ ln -sf echolot.html index.html

    This will allow your visitors to visit your YAMN Pinger Web site more easily. At http://domain.com/yamn/ instead of http://domain.com/yamn/echolot.html

  • We are now going to stop the Echolot program (pingd) that has been running in the first terminal window.

    echolot@vps:~/echolot$ ./pingd --detach stop

    and close and logout of both terminal windows.

  • Now log back in as root or sudo user.

  • As root or sudo user REBOOT your VPS now.

    root@vps:~$ shutdown -r now

    The reason for the reboot is we want to start up your new YAMN pinger via the Systemd service instead of the way we were starting it before - on the command line - which is impractical for longterm usage. Rebooting now can provide you an opportunity to test whether your systemd startup service for your Echolot YAMN pinger actually works.

    If you really do not want to - or cannot - reboot your VPS server at this time that's okay. Just do this command instead:

    root@vps:~$ systemctl start echolot
  • After your VPS server has rebooted, and as root or as sudo user, we want to execute this command to make the files in your /results folder available to the public at your new Yamn Pinger Webpage:

    root@vps:~$ ln -s /home/echolot/echolot/results /var/www/html/domain.com/public_html/yamn

    That second part will be quite different for you. It will depend on your Web server configuration and where your root Web folder is located.

    NOTE: For the symbolic link to be created the /yamn folder MUST NOT EXIST already in your Web pages. If it does exist delete it and try to create the symlink again.

  • If everything worked as expected you should now see your YAMN Stats Webpage at http://yourdomain.com/yamn/

  • Congratulations! END OF PART 3.

  • DONE!



back Home Back Home