Suggested system:
- Firewall pf (for setting client access to SMTP) (e.g. included in OpenBSD)
- Mailsystem postfix which supports pipe processing via shell scripts
Two independent implementations are available:
- Posix Shell implementation
bin/sign.shwhich uses (printf,sed and openssl). - Perl implementtion
bin/sign.pl
- Edit /etc/postfix/master.cf, add
-o content_filter=sign:dummy.
smtp inet n - - - - smtpd
-o content_filter=sign:dummy
-
Decide script implementation.
-
POSIX shell script:
sign unix - n n - 10 pipe
flags=Rq user=mail null_sender=
argv=<PREFIX>/bin/sign.sh -f ${sender} -- ${recipient}
-
Edit 'etc/smtp-signer.conf', specify PASSWORD (and do not change later!).'
-
Perl:
sign unix - n n - 10 pipe
flags=Rq user=mail null_sender=
argv=<PREFIX>/bin/sign.pl -f ${sender} -- ${recipient}
- Edit 'sign.pl' configuration variables.
A couple of administration tasks are abstracted via thin shell command-line tool wrappers with the filename pattern signer-<SUBJECT>-<ACTION>
(e.g. user, cert and client as subjects, and add, del as action.)
Add bin/ to $PATH e.g. run . ./setenv.
Run tools as root e.g. via sudo signer-....
signer-user-add <user> <password>
This will add a new user to the system (with shell/login disabled).
signer-client-add <ip>
The current implementation adds a new entry in a text file for pf and reloads the firewall.
signer-cert-add <keyfile> <certfile>
This will convert and add certificates where the key is encrypted by a common password.
signer-user-del <user>
This will delete user; the current implementation will remove the user from the system database (e.g. passwd).
signer-client-del <ip>
This will delete the ip from a pf-table text-file and update the firewall.
signer-cert-del <email>
This will delete the key/cert files from certs/ for a particular email address.
- Copy key (without password) as
<email>_key-plain.pem. - Copy cert as
<email>_cert.pem - Run `scripts/convert.sh '
- Copy
<email>_all.pem,<email>_key.pemand<email>_cert.pemfiles tocertsfolder.
The tests folder contains 'send mail' test scripts in various languages/SMTP APIs.
cd testscp test.rc.sample test.rc- Edit test.rc
- Run tests
- Perl:
./mail.pl - Python:
./mail.py - NodeJS
cd nodejs/nodemailernpm update(once)node ./mail.js
Further testing tools:
- Test tool for a self-signed X.509 email certificate
tests/gen-test-cert.sh <email>
cd <PREFIX>
. ./setenv
cd tests
./gen-test-cert.sh foo@bar.com
sudo signer-cert-add foo@bar.com_key.pem foo@bar.com_cert.pem