OpenPGP milter service to automatically PGP encrypt plaintext emails when possible
Python Shell
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
debian
packaging
CHANGES
LICENSE
README
README.md
TODO
openpgpkey-milter

README.md

WARNING

This is pre-release software. It's only been testing by me on my personal postfix server. Running this anywhere on a production machine might cost you your job, although afterwards please do let me know how it failed you so I can fix it.

openpgpkey-milter

openpgpkey-milter is a sendmail/postfix milter service that will attempt to automatically OpenPGP encrypt plaintext emails received by the MTA/MUA before relaying the message further towards the recipient(s). These can be messages received from the network, or generated locally.

Requirements

Apart from requiring a milter compatible mail server (postfix or sendmail), openpgpkey-milter requires:

  • python-unbound / unbound-python (in all major distros)
  • python-milter / python-pymilter (in all major distros)
  • python-gnupg (older versions might need a patch
  • gnupg, libmilter, etc which are dragged in dependancies by the above packages

Recommended

The hash-slinger package contains an "openpgpkey" command that allows you to generate and verify your own OPENPGPKEY records.

How does it work

openpgpkey-milter detects when a message is not encrypted with gpg and then checks all the recipients to see if they published the special OPENPGPKEY DNS record.

Configuration of the milter service

To use openpgpkey-milter with postfix, add to /etc/postfix/main.cf

 smtpd_milters = inet:127.0.0.1:8890
 non_smtpd_milters = $smtpd_milters
 milter_default_action = tempfail
 milter_protocol = 2

If you run opendkim, ensure you add openpgpkey-milter before opendkim or you'll break the opendkim signatures. For the fedora/rhel configuration where opendkims uses port 8891, you can use the following:

 smtpd_milters = inet:127.0.0.1:8890, inet:127.0.0.1:8891
 non_smtpd_milters = $smtpd_milters
 milter_protocol = 2
 milter_default_action = accept

Mailing list and bug reports

There is no mailing list yet. Please send questions and bug reports to paul@nohats.ca. However if you run openpgpkey-milter on your mail server and it broke, you might be better of mailing me at the unsigned domain paul@cypherpunks.ca.