forked from letoams/openpgpkey-milter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
69 lines (51 loc) · 2.41 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
WARNING
=======
This is pre-release software. It's only been testing by me on my personal
postfix server. Running this anywhere on a production machine might cost
you your job, although afterwards please do let me know how it failed you
so I can fix it.
openpgpkey-milter
-----------------
openpgpkey-milter is a sendmail/postfix milter service that will attempt
to automatically OpenPGP encrypt plaintext emails received by the MTA/MUA
before relaying the message further towards the recipient(s). These can be
messages received from the network, or generated locally.
Requirements
------------
Apart from requiring a milter compatible mail server (postfix or sendmail),
openpgpkey-milter requires:
* python-unbound / unbound-python (in all major distros)
* python-milter / python-pymilter (in all major distros)
* [python-gnupg](http://pythonhosted.org/python-gnupg/)
(older versions might need a [patch](http://code.google.com/p/python-gnupg/issues/detail?id=94)
* gnupg, libmilter, etc which are dragged in dependancies by the above packages
Recommended
-----------
The [hash-slinger](http://people.redhat.com/pwouters/hash-slinger/)
package contains an "openpgpkey" command that allows you to generate and
verify your own OPENPGPKEY records.
How does it work
----------------
openpgpkey-milter detects when a message is not encrypted with gpg and
then checks all the recipients to see if they published the special
[OPENPGPKEY](http://tools.ietf.org/html/draft-ietf-dane-openpgpkey) DNS record.
Configuration of the milter service
-----------------------------------
To use openpgpkey-milter with postfix, add to `/etc/postfix/main.cf`
smtpd_milters = inet:127.0.0.1:8890
non_smtpd_milters = $smtpd_milters
milter_default_action = tempfail
milter_protocol = 2
If you run `opendkim`, ensure you add openpgpkey-milter **before** opendkim
or you'll break the opendkim signatures. For the fedora/rhel configuration
where opendkims uses port 8891, you can use the following:
smtpd_milters = inet:127.0.0.1:8890, inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_protocol = 2
milter_default_action = accept
Mailing list and bug reports
----------------------------
There is no mailing list yet. Please send questions and bug reports
to paul@nohats.ca. However if you run openpgpkey-milter on your mail
server and it broke, you might be better of mailing me at the unsigned
domain paul@cypherpunks.ca.