Encrypted mail list aliases with GnuPG


Note: the most update information is in the readme file, http://cvs.rediris.es/cvsweb/rediris-cvs/readme?rev=1.3;cvsroot=gpgmailaliases

This is a small script to provide PGP/MIME encrypted mailing lists aliases. The script allow to setup small mailing lists in which all the emails (incoming and outgoing are PGP/Mime encrypted).
The script provides the following anti-spam features:

  • Only PGP encrypted mails to the mailing list address will be accepted.
  • Option to allow also posting only from members of the lists or from everyone that knows the public key of the mailing list.
The PGP private key of the list must not be password protected in the server , so the list should be installed in a proctected/trusted machine.

Configuration

The script is launched from the /etc/aliases, and received a configuration file as argument, for example:

pruebas: "|/usr/local/bin/gpg-aliases.pl /usr/local/lists/mail-example.list"
the configuration file is an ASCII configuration file with three types of lines:
  1. Comments and newlines: Lines that start with "#" are ignored
  2. Configuration option: separated by "=", (variable, values), the following variables should be set:
    • pgpdir : Directory in which the keyring will be stored.
    • gpg: Path to the gpg binary
    • sendmail: Path to the sendmail binary
    • logfile: Path to file in which it will be stored the logs
    • onlymember: set to 1 if you wan to only allow posts from keys (not address) in the member list, if not set everyone with access to the public key of the list can post an encrypted mail to the list.
    • user: userid or keyid of the key of the list, used to know to which key you should encrypt the mail.
    • miaddr: email address of the aliases, to avoid bounce mails.
    • replyon: when the mailing list should reply with a message to the user , accepted values are: notencrypted, onlymember, badsignature, and success , meaning that the list address should be respond to the mail when:
      • notencrypted: Message is not encrypted to the list PGP key.
      • onlymember: Message is encrypted, but only member of the list can post.
      • badsignature: bad signature of the message.
      • success: Message accepted and redistributed to the list. If this value is set, the next parameter should be also be set.
    • replybasetemplate : base path of the reply messages, the path is build with the replybasetemplate and the suffix: "NOTENCRYPTED", "BADSIGNATURE", "ONLYMEMBER" , "SUCCESS.

      Example: If you set replyon to reply on notencrypted messages, and you set:
      replyon = "notencrypted"
      replybasetemplate ="/usr/local/lists/pruebas/reply " ;

      And you should also create the file /usr/local/lists/pruebas/reply.NONENCRYPTED

      In the template the following keywords can be used to replace values of the original mail:

      • #TO: Sender of the message (from)
      • #SUBJECT: Subject of the message
      • #FROM: Address of the list aliases
  3. list of members of the list, keyid & email address to send the mail to, separated by a semicolon ":" , you must add manually the keys to the public ring.

steps to setup a list:

  1. Create a directory to store the PGP keys, (variable pgpdir in the configuration file) for example /usr/local/etc/lists/mail-example
  2. Change to this directory and using gpg generate a new key pair to the lists (use the --homedir option with gpg to define the path to the keyrings,
    gpg --homedir /usr/local/etc/lists/mail-example --gen-key

  3. Add the public keys to the ring (again with --homedir option)
    gpg --homedir /usr/local/etc/lists/mail-example --keyserver your.favorite.keyserver --search-key user1

  4. Modify the configuracion.example file to add the members of the lists and the different options, and place it in a directory (for example /usr/local/etc/lists )
  5. change the uid of the files in the pgpdir to the user and group of the user that runs the /etc/aliases mails (nobody in postfix).
  6. Modify the /etc/aliases file to launch the scripts: mail-example: |/usr/local/bin/mail-gpg /usr/local/etc/lists/mail-example.list (and rebuild the aliasdb with newaliases)
  7. export the public key of the list gpg --homedir /usr/local/etc/lists/mail-example --export -a miaddr > file and distribute it to the list members.
  8. Test it with an email to the mailing list address

Notes:

  1. As stated before the identification of the user (posters) to the list is based in the PGP keys not the mail address.
  2. The mail is sent to the mail address listed in the configuration file , encrypted with the keyid, there is no verification that the keyid/email address is correct.
  3. The keyrings can be shared by different lists in the server but it is better to keep the keyring separated for each list.
  4. Speed in a not heavy loaded PIII 800Mz is about 5segs for each member of the list.
This page has been signed using PGP