Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
91 lines (62 sloc) 3.05 KB

Install

A few options are available to install Zeyple, feel free to use the one that suits you best.

  1. Chef cookbook
  2. Ansible role
  3. Bash script [1]
  4. By hand - follow instructions below: [1]

You need to be root here - make sure you understand what you are doing.

  1. Install GnuPG and the Python wrapper for the GPGME library.

    apt-get install gnupg python-gpgme sudo
  2. Since Zeyple is going to read and encrypt your emails, it is recommended to create a dedicated user account for this task (using the "postfix" user is very discouraged according to the doc.

    adduser --system --no-create-home --disabled-login zeyple
  3. Import public keys for all potential recipients.

    mkdir -p /var/lib/zeyple/keys && chmod 700 /var/lib/zeyple/keys && chown zeyple: /var/lib/zeyple/keys
    sudo -u zeyple gpg --homedir /var/lib/zeyple/keys --keyserver hkp://keys.gnupg.net --search you@domain.tld # repeat for each key
  4. Configure /etc/zeyple.conf from the template zeyple.conf.example.

    cp zeyple.conf.example /etc/zeyple.conf
    vim /etc/zeyple.conf

    Default values should be fine in most cases.

  5. Plug it into Postfix.

    cat >> /etc/postfix/master.cf <<'CONF'
    zeyple    unix  -       n       n       -       -       pipe
      user=zeyple argv=/usr/local/bin/zeyple.py ${recipient}
    
    localhost:10026 inet  n       -       n       -       10      smtpd
      -o content_filter=
      -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
      -o smtpd_helo_restrictions=
      -o smtpd_client_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o mynetworks=127.0.0.0/8,[::1]/128
      -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
    CONF
    
    cat >> /etc/postfix/main.cf <<'CONF'
    content_filter = zeyple
    CONF
    
    cp zeyple.py /usr/local/bin/zeyple.py
    chmod 744 /usr/local/bin/zeyple.py && chown zeyple: /usr/local/bin/zeyple.py
    
    touch /var/log/zeyple.log && chown zeyple: /var/log/zeyple.log
    
    postfix reload

    As a side note, localhost:10026 is used to reinject email into the queue bypassing the zeyple content_filter.

You are good to go! You can send you an email with date | mail -s test root and check it is encrypted.


[1] The Git repository is GPG signed - if you cloned the repository locally, you can make sure it has not been tampered with by importing my key with gpg --recv-keys 09A98A9B then running git tag -v $(git tag | tail -1).

Uninstall

Manually remove the added lines in /etc/postfix/{main,master}.cf then

rm -rfv /etc/zeyple.conf /usr/local/bin/zeyple.py /var/lib/zeyple /var/log/zeyple.log
userdel zeyple
postfix reload