Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

zeyple/INSTALL.md

Go to file
 
 
Cannot retrieve contributors at this time
Install Uninstall
91 lines (63 sloc) 3.12 KB
Raw Blame
Open in GitHub Desktop

Install

A few options are available to install Zeyple, feel free to use the one that suits you best.

  1. Chef cookbook
  2. Ansible role
  3. Bash script [1]
  4. By hand - follow instructions below: [1]

You need to be root here - make sure you understand what you are doing.

  1. Install GnuPG and the Python wrapper for the GPGME library.

    apt-get install gnupg python-gpg sudo

    In case python-gpg is not available you can also still use python-gpgme.

  2. Since Zeyple is going to read and encrypt your emails, it is recommended to create a dedicated user account for this task (using the "postfix" user is very discouraged according to the doc.

    adduser --system --no-create-home --disabled-login zeyple

  3. Import public keys for all potential recipients.

    mkdir -p /var/lib/zeyple/keys && chmod 700 /var/lib/zeyple/keys && chown zeyple: /var/lib/zeyple/keys
sudo -u zeyple gpg --homedir /var/lib/zeyple/keys --keyserver hkp://keys.gnupg.net --search you@domain.tld # repeat for each key

  4. Configure /etc/zeyple.conf from the template zeyple.conf.example.

    cp zeyple.conf.example /etc/zeyple.conf
vim /etc/zeyple.conf

    Default values should be fine in most cases.

  5. Plug it into Postfix.

    cat >> /etc/postfix/master.cf <<'CONF'
zeyple    unix  -       n       n       -       -       pipe
  user=zeyple argv=/usr/local/bin/zeyple.py ${recipient}

localhost:10026 inet  n       -       n       -       10      smtpd
  -o content_filter=
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8,[::1]/128
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
CONF

cat >> /etc/postfix/main.cf <<'CONF'
content_filter = zeyple
CONF

cp zeyple.py /usr/local/bin/zeyple.py
chmod 744 /usr/local/bin/zeyple.py && chown zeyple: /usr/local/bin/zeyple.py

touch /var/log/zeyple.log && chown zeyple: /var/log/zeyple.log

postfix reload

    As a side note, localhost:10026 is used to reinject email into the queue bypassing the zeyple content_filter.

You are good to go! You can send you an email with date | mail -s test root and check it is encrypted.

[1] The Git repository is GPG signed - if you cloned the repository locally, you can make sure it has not been tampered with by importing my key with gpg --recv-keys 09A98A9B then running git tag -v $(git tag | tail -1).

Uninstall

Manually remove the added lines in /etc/postfix/{main,master}.cf then

rm -rfv /etc/zeyple.conf /usr/local/bin/zeyple.py /var/lib/zeyple /var/log/zeyple.log
userdel zeyple
postfix reload