Re: [exim] GPG support inside Exim's config *solved*

Góra strony
Delete this message
Reply to this message
Autor: Cyborg
Data:  
Dla: exim-users
Stare tematy: Re: [exim] GPG support inside Exim's config
Temat: Re: [exim] GPG support inside Exim's config *solved*
Am 14.06.2013 17:21, schrieb Mike Cardwell:
> * on the Fri, Jun 14, 2013 at 11:06:07AM +0200, Cyborg wrote:
>
>> regarding the lastes news about PRISM, i had an idea and maybe someone
>> has done that already:
>>
>> A transport could autosign and autoencrypt messages with pgp/gpg.
>>
>> If it's done via mta the client doesn't need to support it, which means,
>> it will even work with any webmail.
>>
>> Does anyone have a gpg transport working ?
>


finally i had time and got it to work. It's so simple it could be a
default config entry ;)

+ auto encryption + signing
+ auto decryption

Router changes :

dnslookup:
driver = dnslookup
domains = ! +local_domains
# transport = remote_smtp
transport = ${if eq{1}{${lookup mysql{SELECT '1' FROM gpg_config
WHERE '${quote_mysql:${local_part}@${domain}}' = email limit 1
}}}{gpg_transport}{remote_smtp}}
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
# no_more

Transport :

gpg_transport:
     driver = smtp
     size_addition = -1
     transport_filter = '/path/gpg_encrypt' 
'${quote_mysql:$local_part@$domain}'



The same principel is used for the mailbox router and transport.

/gpg_encrypt/ takes stdin, parses it into header and body, sends the
body to gpg und writes the rebuild message to stdout.
If no gpg can be used, i.e. because the key wasn't found, the stdin will
be sent unaltered to stdout. In any case, you get a working result.

All you have to deal with is gpg itself, which wasn't really build for
none-interactive usage ( IMHO it talkes to much in batchmode ;) ).

And don't forget , the keys have to be stored in the EXIM Home, not as
root or a user. Which means, you have to build a suid wrapper if your
virtualmailboxes have uids != exim .


Marius