converted from RCS
parent
727fb6ca0f
commit
5aae45cfa3
|
@ -0,0 +1 @@
|
||||||
|
kuvert_submit
|
|
@ -0,0 +1,339 @@
|
||||||
|
GNU GENERAL PUBLIC LICENSE
|
||||||
|
Version 2, June 1991
|
||||||
|
|
||||||
|
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||||
|
675 Mass Ave, Cambridge, MA 02139, USA
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
|
of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
Preamble
|
||||||
|
|
||||||
|
The licenses for most software are designed to take away your
|
||||||
|
freedom to share and change it. By contrast, the GNU General Public
|
||||||
|
License is intended to guarantee your freedom to share and change free
|
||||||
|
software--to make sure the software is free for all its users. This
|
||||||
|
General Public License applies to most of the Free Software
|
||||||
|
Foundation's software and to any other program whose authors commit to
|
||||||
|
using it. (Some other Free Software Foundation software is covered by
|
||||||
|
the GNU Library General Public License instead.) You can apply it to
|
||||||
|
your programs, too.
|
||||||
|
|
||||||
|
When we speak of free software, we are referring to freedom, not
|
||||||
|
price. Our General Public Licenses are designed to make sure that you
|
||||||
|
have the freedom to distribute copies of free software (and charge for
|
||||||
|
this service if you wish), that you receive source code or can get it
|
||||||
|
if you want it, that you can change the software or use pieces of it
|
||||||
|
in new free programs; and that you know you can do these things.
|
||||||
|
|
||||||
|
To protect your rights, we need to make restrictions that forbid
|
||||||
|
anyone to deny you these rights or to ask you to surrender the rights.
|
||||||
|
These restrictions translate to certain responsibilities for you if you
|
||||||
|
distribute copies of the software, or if you modify it.
|
||||||
|
|
||||||
|
For example, if you distribute copies of such a program, whether
|
||||||
|
gratis or for a fee, you must give the recipients all the rights that
|
||||||
|
you have. You must make sure that they, too, receive or can get the
|
||||||
|
source code. And you must show them these terms so they know their
|
||||||
|
rights.
|
||||||
|
|
||||||
|
We protect your rights with two steps: (1) copyright the software, and
|
||||||
|
(2) offer you this license which gives you legal permission to copy,
|
||||||
|
distribute and/or modify the software.
|
||||||
|
|
||||||
|
Also, for each author's protection and ours, we want to make certain
|
||||||
|
that everyone understands that there is no warranty for this free
|
||||||
|
software. If the software is modified by someone else and passed on, we
|
||||||
|
want its recipients to know that what they have is not the original, so
|
||||||
|
that any problems introduced by others will not reflect on the original
|
||||||
|
authors' reputations.
|
||||||
|
|
||||||
|
Finally, any free program is threatened constantly by software
|
||||||
|
patents. We wish to avoid the danger that redistributors of a free
|
||||||
|
program will individually obtain patent licenses, in effect making the
|
||||||
|
program proprietary. To prevent this, we have made it clear that any
|
||||||
|
patent must be licensed for everyone's free use or not licensed at all.
|
||||||
|
|
||||||
|
The precise terms and conditions for copying, distribution and
|
||||||
|
modification follow.
|
||||||
|
|
||||||
|
GNU GENERAL PUBLIC LICENSE
|
||||||
|
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||||
|
|
||||||
|
0. This License applies to any program or other work which contains
|
||||||
|
a notice placed by the copyright holder saying it may be distributed
|
||||||
|
under the terms of this General Public License. The "Program", below,
|
||||||
|
refers to any such program or work, and a "work based on the Program"
|
||||||
|
means either the Program or any derivative work under copyright law:
|
||||||
|
that is to say, a work containing the Program or a portion of it,
|
||||||
|
either verbatim or with modifications and/or translated into another
|
||||||
|
language. (Hereinafter, translation is included without limitation in
|
||||||
|
the term "modification".) Each licensee is addressed as "you".
|
||||||
|
|
||||||
|
Activities other than copying, distribution and modification are not
|
||||||
|
covered by this License; they are outside its scope. The act of
|
||||||
|
running the Program is not restricted, and the output from the Program
|
||||||
|
is covered only if its contents constitute a work based on the
|
||||||
|
Program (independent of having been made by running the Program).
|
||||||
|
Whether that is true depends on what the Program does.
|
||||||
|
|
||||||
|
1. You may copy and distribute verbatim copies of the Program's
|
||||||
|
source code as you receive it, in any medium, provided that you
|
||||||
|
conspicuously and appropriately publish on each copy an appropriate
|
||||||
|
copyright notice and disclaimer of warranty; keep intact all the
|
||||||
|
notices that refer to this License and to the absence of any warranty;
|
||||||
|
and give any other recipients of the Program a copy of this License
|
||||||
|
along with the Program.
|
||||||
|
|
||||||
|
You may charge a fee for the physical act of transferring a copy, and
|
||||||
|
you may at your option offer warranty protection in exchange for a fee.
|
||||||
|
|
||||||
|
2. You may modify your copy or copies of the Program or any portion
|
||||||
|
of it, thus forming a work based on the Program, and copy and
|
||||||
|
distribute such modifications or work under the terms of Section 1
|
||||||
|
above, provided that you also meet all of these conditions:
|
||||||
|
|
||||||
|
a) You must cause the modified files to carry prominent notices
|
||||||
|
stating that you changed the files and the date of any change.
|
||||||
|
|
||||||
|
b) You must cause any work that you distribute or publish, that in
|
||||||
|
whole or in part contains or is derived from the Program or any
|
||||||
|
part thereof, to be licensed as a whole at no charge to all third
|
||||||
|
parties under the terms of this License.
|
||||||
|
|
||||||
|
c) If the modified program normally reads commands interactively
|
||||||
|
when run, you must cause it, when started running for such
|
||||||
|
interactive use in the most ordinary way, to print or display an
|
||||||
|
announcement including an appropriate copyright notice and a
|
||||||
|
notice that there is no warranty (or else, saying that you provide
|
||||||
|
a warranty) and that users may redistribute the program under
|
||||||
|
these conditions, and telling the user how to view a copy of this
|
||||||
|
License. (Exception: if the Program itself is interactive but
|
||||||
|
does not normally print such an announcement, your work based on
|
||||||
|
the Program is not required to print an announcement.)
|
||||||
|
|
||||||
|
These requirements apply to the modified work as a whole. If
|
||||||
|
identifiable sections of that work are not derived from the Program,
|
||||||
|
and can be reasonably considered independent and separate works in
|
||||||
|
themselves, then this License, and its terms, do not apply to those
|
||||||
|
sections when you distribute them as separate works. But when you
|
||||||
|
distribute the same sections as part of a whole which is a work based
|
||||||
|
on the Program, the distribution of the whole must be on the terms of
|
||||||
|
this License, whose permissions for other licensees extend to the
|
||||||
|
entire whole, and thus to each and every part regardless of who wrote it.
|
||||||
|
|
||||||
|
Thus, it is not the intent of this section to claim rights or contest
|
||||||
|
your rights to work written entirely by you; rather, the intent is to
|
||||||
|
exercise the right to control the distribution of derivative or
|
||||||
|
collective works based on the Program.
|
||||||
|
|
||||||
|
In addition, mere aggregation of another work not based on the Program
|
||||||
|
with the Program (or with a work based on the Program) on a volume of
|
||||||
|
a storage or distribution medium does not bring the other work under
|
||||||
|
the scope of this License.
|
||||||
|
|
||||||
|
3. You may copy and distribute the Program (or a work based on it,
|
||||||
|
under Section 2) in object code or executable form under the terms of
|
||||||
|
Sections 1 and 2 above provided that you also do one of the following:
|
||||||
|
|
||||||
|
a) Accompany it with the complete corresponding machine-readable
|
||||||
|
source code, which must be distributed under the terms of Sections
|
||||||
|
1 and 2 above on a medium customarily used for software interchange; or,
|
||||||
|
|
||||||
|
b) Accompany it with a written offer, valid for at least three
|
||||||
|
years, to give any third party, for a charge no more than your
|
||||||
|
cost of physically performing source distribution, a complete
|
||||||
|
machine-readable copy of the corresponding source code, to be
|
||||||
|
distributed under the terms of Sections 1 and 2 above on a medium
|
||||||
|
customarily used for software interchange; or,
|
||||||
|
|
||||||
|
c) Accompany it with the information you received as to the offer
|
||||||
|
to distribute corresponding source code. (This alternative is
|
||||||
|
allowed only for noncommercial distribution and only if you
|
||||||
|
received the program in object code or executable form with such
|
||||||
|
an offer, in accord with Subsection b above.)
|
||||||
|
|
||||||
|
The source code for a work means the preferred form of the work for
|
||||||
|
making modifications to it. For an executable work, complete source
|
||||||
|
code means all the source code for all modules it contains, plus any
|
||||||
|
associated interface definition files, plus the scripts used to
|
||||||
|
control compilation and installation of the executable. However, as a
|
||||||
|
special exception, the source code distributed need not include
|
||||||
|
anything that is normally distributed (in either source or binary
|
||||||
|
form) with the major components (compiler, kernel, and so on) of the
|
||||||
|
operating system on which the executable runs, unless that component
|
||||||
|
itself accompanies the executable.
|
||||||
|
|
||||||
|
If distribution of executable or object code is made by offering
|
||||||
|
access to copy from a designated place, then offering equivalent
|
||||||
|
access to copy the source code from the same place counts as
|
||||||
|
distribution of the source code, even though third parties are not
|
||||||
|
compelled to copy the source along with the object code.
|
||||||
|
|
||||||
|
4. You may not copy, modify, sublicense, or distribute the Program
|
||||||
|
except as expressly provided under this License. Any attempt
|
||||||
|
otherwise to copy, modify, sublicense or distribute the Program is
|
||||||
|
void, and will automatically terminate your rights under this License.
|
||||||
|
However, parties who have received copies, or rights, from you under
|
||||||
|
this License will not have their licenses terminated so long as such
|
||||||
|
parties remain in full compliance.
|
||||||
|
|
||||||
|
5. You are not required to accept this License, since you have not
|
||||||
|
signed it. However, nothing else grants you permission to modify or
|
||||||
|
distribute the Program or its derivative works. These actions are
|
||||||
|
prohibited by law if you do not accept this License. Therefore, by
|
||||||
|
modifying or distributing the Program (or any work based on the
|
||||||
|
Program), you indicate your acceptance of this License to do so, and
|
||||||
|
all its terms and conditions for copying, distributing or modifying
|
||||||
|
the Program or works based on it.
|
||||||
|
|
||||||
|
6. Each time you redistribute the Program (or any work based on the
|
||||||
|
Program), the recipient automatically receives a license from the
|
||||||
|
original licensor to copy, distribute or modify the Program subject to
|
||||||
|
these terms and conditions. You may not impose any further
|
||||||
|
restrictions on the recipients' exercise of the rights granted herein.
|
||||||
|
You are not responsible for enforcing compliance by third parties to
|
||||||
|
this License.
|
||||||
|
|
||||||
|
7. If, as a consequence of a court judgment or allegation of patent
|
||||||
|
infringement or for any other reason (not limited to patent issues),
|
||||||
|
conditions are imposed on you (whether by court order, agreement or
|
||||||
|
otherwise) that contradict the conditions of this License, they do not
|
||||||
|
excuse you from the conditions of this License. If you cannot
|
||||||
|
distribute so as to satisfy simultaneously your obligations under this
|
||||||
|
License and any other pertinent obligations, then as a consequence you
|
||||||
|
may not distribute the Program at all. For example, if a patent
|
||||||
|
license would not permit royalty-free redistribution of the Program by
|
||||||
|
all those who receive copies directly or indirectly through you, then
|
||||||
|
the only way you could satisfy both it and this License would be to
|
||||||
|
refrain entirely from distribution of the Program.
|
||||||
|
|
||||||
|
If any portion of this section is held invalid or unenforceable under
|
||||||
|
any particular circumstance, the balance of the section is intended to
|
||||||
|
apply and the section as a whole is intended to apply in other
|
||||||
|
circumstances.
|
||||||
|
|
||||||
|
It is not the purpose of this section to induce you to infringe any
|
||||||
|
patents or other property right claims or to contest validity of any
|
||||||
|
such claims; this section has the sole purpose of protecting the
|
||||||
|
integrity of the free software distribution system, which is
|
||||||
|
implemented by public license practices. Many people have made
|
||||||
|
generous contributions to the wide range of software distributed
|
||||||
|
through that system in reliance on consistent application of that
|
||||||
|
system; it is up to the author/donor to decide if he or she is willing
|
||||||
|
to distribute software through any other system and a licensee cannot
|
||||||
|
impose that choice.
|
||||||
|
|
||||||
|
This section is intended to make thoroughly clear what is believed to
|
||||||
|
be a consequence of the rest of this License.
|
||||||
|
|
||||||
|
8. If the distribution and/or use of the Program is restricted in
|
||||||
|
certain countries either by patents or by copyrighted interfaces, the
|
||||||
|
original copyright holder who places the Program under this License
|
||||||
|
may add an explicit geographical distribution limitation excluding
|
||||||
|
those countries, so that distribution is permitted only in or among
|
||||||
|
countries not thus excluded. In such case, this License incorporates
|
||||||
|
the limitation as if written in the body of this License.
|
||||||
|
|
||||||
|
9. The Free Software Foundation may publish revised and/or new versions
|
||||||
|
of the General Public License from time to time. Such new versions will
|
||||||
|
be similar in spirit to the present version, but may differ in detail to
|
||||||
|
address new problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the Program
|
||||||
|
specifies a version number of this License which applies to it and "any
|
||||||
|
later version", you have the option of following the terms and conditions
|
||||||
|
either of that version or of any later version published by the Free
|
||||||
|
Software Foundation. If the Program does not specify a version number of
|
||||||
|
this License, you may choose any version ever published by the Free Software
|
||||||
|
Foundation.
|
||||||
|
|
||||||
|
10. If you wish to incorporate parts of the Program into other free
|
||||||
|
programs whose distribution conditions are different, write to the author
|
||||||
|
to ask for permission. For software which is copyrighted by the Free
|
||||||
|
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||||
|
make exceptions for this. Our decision will be guided by the two goals
|
||||||
|
of preserving the free status of all derivatives of our free software and
|
||||||
|
of promoting the sharing and reuse of software generally.
|
||||||
|
|
||||||
|
NO WARRANTY
|
||||||
|
|
||||||
|
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||||
|
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||||
|
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||||
|
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||||
|
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||||
|
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||||
|
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||||
|
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||||
|
REPAIR OR CORRECTION.
|
||||||
|
|
||||||
|
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||||
|
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||||
|
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||||
|
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||||
|
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||||
|
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||||
|
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||||
|
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||||
|
POSSIBILITY OF SUCH DAMAGES.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
How to Apply These Terms to Your New Programs
|
||||||
|
|
||||||
|
If you develop a new program, and you want it to be of the greatest
|
||||||
|
possible use to the public, the best way to achieve this is to make it
|
||||||
|
free software which everyone can redistribute and change under these terms.
|
||||||
|
|
||||||
|
To do so, attach the following notices to the program. It is safest
|
||||||
|
to attach them to the start of each source file to most effectively
|
||||||
|
convey the exclusion of warranty; and each file should have at least
|
||||||
|
the "copyright" line and a pointer to where the full notice is found.
|
||||||
|
|
||||||
|
<one line to give the program's name and a brief idea of what it does.>
|
||||||
|
Copyright (C) 19yy <name of author>
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
|
Also add information on how to contact you by electronic and paper mail.
|
||||||
|
|
||||||
|
If the program is interactive, make it output a short notice like this
|
||||||
|
when it starts in an interactive mode:
|
||||||
|
|
||||||
|
Gnomovision version 69, Copyright (C) 19yy name of author
|
||||||
|
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||||
|
This is free software, and you are welcome to redistribute it
|
||||||
|
under certain conditions; type `show c' for details.
|
||||||
|
|
||||||
|
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||||
|
parts of the General Public License. Of course, the commands you use may
|
||||||
|
be called something other than `show w' and `show c'; they could even be
|
||||||
|
mouse-clicks or menu items--whatever suits your program.
|
||||||
|
|
||||||
|
You should also get your employer (if you work as a programmer) or your
|
||||||
|
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||||
|
necessary. Here is a sample; alter the names:
|
||||||
|
|
||||||
|
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||||
|
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||||
|
|
||||||
|
<signature of Ty Coon>, 1 April 1989
|
||||||
|
Ty Coon, President of Vice
|
||||||
|
|
||||||
|
This General Public License does not permit incorporating your program into
|
||||||
|
proprietary programs. If your program is a subroutine library, you may
|
||||||
|
consider it more useful to permit linking proprietary applications with the
|
||||||
|
library. If this is what you want to do, use the GNU Library General
|
||||||
|
Public License instead of this License.
|
|
@ -0,0 +1,30 @@
|
||||||
|
# well, a simpler makefile is hardly imaginable...
|
||||||
|
DESTDIR=
|
||||||
|
|
||||||
|
# the version number of the package
|
||||||
|
VERSION=$(shell sed -n '1s/^.*(\(.*\)).*$$/\1/p' debian/changelog)
|
||||||
|
|
||||||
|
CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS)
|
||||||
|
CFLAGS:=$(shell dpkg-buildflags --get CFLAGS)
|
||||||
|
CXXFLAGS:=$(shell dpkg-buildflags --get CXXFLAGS)
|
||||||
|
LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS)
|
||||||
|
|
||||||
|
all: kuvert_submit
|
||||||
|
|
||||||
|
clean:
|
||||||
|
-rm -f kuvert_submit kuvert.tmp
|
||||||
|
|
||||||
|
install: kuvert_submit kuvert
|
||||||
|
install -d $(DESTDIR)/usr/bin $(DESTDIR)/usr/share/man/man1 \
|
||||||
|
$(DESTDIR)/usr/share/perl5/Net/Server/Mail/ESMTP/
|
||||||
|
install kuvert_submit $(DESTDIR)/usr/bin
|
||||||
|
# fix the version number
|
||||||
|
sed 's/INSERT_VERSION/$(VERSION)/' kuvert > kuvert.tmp
|
||||||
|
install kuvert.tmp $(DESTDIR)/usr/bin/kuvert
|
||||||
|
-rm kuvert.tmp
|
||||||
|
install plainAUTH.pm $(DESTDIR)/usr/share/perl5/Net/Server/Mail/ESMTP/
|
||||||
|
pod2man --center="User Commands" -r Mail kuvert $(DESTDIR)/usr/share/man/man1/kuvert.1
|
||||||
|
pod2man --center="User Commands" -r Mail kuvert_submit.pod $(DESTDIR)/usr/share/man/man1/kuvert_submit.1
|
||||||
|
|
||||||
|
test:
|
||||||
|
echo $(VERSION)
|
|
@ -0,0 +1,7 @@
|
||||||
|
My thanks go to
|
||||||
|
|
||||||
|
Robert Bihlmeyer <robbe@orcus.priv.at>
|
||||||
|
Norbert Preining <preining@logic.tuwien.ac.at>
|
||||||
|
Robert Waldner <waldner@waldner.priv.at>
|
||||||
|
|
||||||
|
for valuable hints and suggestions regarding this piece of software.
|
1
kuvert
1
kuvert
|
@ -19,7 +19,6 @@
|
||||||
# along with this program; if not, write to the Free Software
|
# along with this program; if not, write to the Free Software
|
||||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
#
|
#
|
||||||
# $Id: kuvert,v 2.32 2014/07/15 10:55:55 az Exp az $
|
|
||||||
#--
|
#--
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
|
|
407
kuvert.man
407
kuvert.man
|
@ -1,407 +0,0 @@
|
||||||
.Dd February 16, 2003
|
|
||||||
.Dt KUVERT 1
|
|
||||||
.Os Unix
|
|
||||||
.Sh NAME
|
|
||||||
kuvert \- automatically sign and/or encrypt mail based on the recipients
|
|
||||||
.Sh SYNOPSIS
|
|
||||||
.Nm kuvert
|
|
||||||
.Op Fl d
|
|
||||||
.Op Fl b
|
|
||||||
.Op Fl r | Fl k | Fl n | Fl v
|
|
||||||
.Sh DESCRIPTION
|
|
||||||
.Nm kuvert
|
|
||||||
reads mails from its queue, analyzes the recipients, decides to whom
|
|
||||||
it should encrypt and/or sign the mail using the PGP-MIME framework
|
|
||||||
defined in RFC3156 and sends the mail using your real MTA. kuvert can use
|
|
||||||
both old-style 2.x
|
|
||||||
.Xr pgp 1
|
|
||||||
and modern
|
|
||||||
.Xr gpg 1
|
|
||||||
at the same time, or can
|
|
||||||
coerce gpg into producing pgp-2.x-compatible signatures/encrypted data.
|
|
||||||
.Pp
|
|
||||||
The mail submission into the queue is usually done by
|
|
||||||
.Xr kuvert_mta_wrapper "1".
|
|
||||||
.Pp
|
|
||||||
The option
|
|
||||||
.Fl r
|
|
||||||
causes an already running
|
|
||||||
.Nm kuvert
|
|
||||||
process to reload the configuration file and the keyring(s).
|
|
||||||
This is done by sending a SIGUSR1 to the running process.
|
|
||||||
.Pp
|
|
||||||
The option
|
|
||||||
.Fl d
|
|
||||||
activates debugging output to syslog.
|
|
||||||
.Nm kuvert
|
|
||||||
does not fork when in debugging mode and processes just the
|
|
||||||
first mail in the queue, after which it terminates.
|
|
||||||
.Pp
|
|
||||||
If the option
|
|
||||||
.Fl b
|
|
||||||
is given, then
|
|
||||||
.Nm kuvert
|
|
||||||
will send an error mail to the user whenever fatal errors are encountered.
|
|
||||||
.Pp
|
|
||||||
The option
|
|
||||||
.Fl k
|
|
||||||
makes
|
|
||||||
.Nm kuvert
|
|
||||||
kill an already running process.
|
|
||||||
.Pp
|
|
||||||
With the option
|
|
||||||
.Fl n
|
|
||||||
.Nm kuvert
|
|
||||||
does not
|
|
||||||
.Xr fork 2
|
|
||||||
but keeps running in the foreground.
|
|
||||||
.Pp
|
|
||||||
The option
|
|
||||||
.Fl v
|
|
||||||
makes
|
|
||||||
.Nm kuvert
|
|
||||||
output its version number and exit immediately.
|
|
||||||
.Pp
|
|
||||||
At startup
|
|
||||||
.Nm kuvert
|
|
||||||
reads the keyring(s) and the configuration file,
|
|
||||||
then usually forks and runs the queue once every 60 seconds.
|
|
||||||
Whenever there is a file with a name consisting of digits only in the
|
|
||||||
queue,
|
|
||||||
.Nm kuvert
|
|
||||||
will parse the mime structure into a temporary directory using
|
|
||||||
.Xr MIME::Parser "3pm".
|
|
||||||
.Pp
|
|
||||||
.Nm kuvert
|
|
||||||
then decides whether the mail shall be left as is, clear-text signed
|
|
||||||
or signed and encrypted according to RFC3156.
|
|
||||||
This decision is done independently for every recipient of the
|
|
||||||
mail and works as follows:
|
|
||||||
.Bl -bullet
|
|
||||||
.It
|
|
||||||
If a public key of the recipient is known, sign and encrypt.
|
|
||||||
.It
|
|
||||||
If no public key of the recipient is known, just sign.
|
|
||||||
.El
|
|
||||||
.Pp
|
|
||||||
There are some options governing or overriding this basic setup, see
|
|
||||||
the section
|
|
||||||
.Sx CONFIGURATION
|
|
||||||
for details.
|
|
||||||
.Pp
|
|
||||||
Please note that
|
|
||||||
.Nm kuvert uses the
|
|
||||||
.Ql To: ,
|
|
||||||
.Ql Cc:
|
|
||||||
and
|
|
||||||
.Ql Bcc:
|
|
||||||
headers to determine
|
|
||||||
the recipients.
|
|
||||||
Recipients listed in a
|
|
||||||
.Ql Bcc:
|
|
||||||
header are handled separately from all other recipients and do not affect
|
|
||||||
the choice of actions for other recipients (ie. handling of
|
|
||||||
.Ar -force
|
|
||||||
options).
|
|
||||||
Additionally, if there is a
|
|
||||||
.Ql Resend-To:
|
|
||||||
header,
|
|
||||||
.Nm kuvert
|
|
||||||
will do no signing/encryption and send the mail just as it
|
|
||||||
is to the recipients indicated in the
|
|
||||||
.Ql Resend-To:
|
|
||||||
header.
|
|
||||||
.Pp
|
|
||||||
Afterwards the parsed MIME entity is amended with the signature or
|
|
||||||
replaced with the encrypted data and is sent off using the MTA.
|
|
||||||
The temporary directory is cleaned and
|
|
||||||
.Nm kuvert
|
|
||||||
processes either the
|
|
||||||
next queued message or waits for new messages.
|
|
||||||
.Pp
|
|
||||||
If there are problems, kuvert disables further processing of the respective
|
|
||||||
queuefile (it adds a
|
|
||||||
.Ql \&.
|
|
||||||
at the beginning of the filename, thus making the file ignored for further
|
|
||||||
queue-runs)
|
|
||||||
and sends an error message back to the sender.
|
|
||||||
.Sh CONFIGURATION
|
|
||||||
.Nm kuvert
|
|
||||||
needs some configuration directives in its configuration file
|
|
||||||
.Pa ~/.kuvert .
|
|
||||||
This file is read at startup and whenever you have
|
|
||||||
.Nm kuvert
|
|
||||||
reread things using
|
|
||||||
.Fl r.
|
|
||||||
Empty lines and lines starting with
|
|
||||||
.Ql #
|
|
||||||
are ignored, as well as lines containing directives
|
|
||||||
.Nm kuvert
|
|
||||||
can not interpret.
|
|
||||||
.Pp
|
|
||||||
Directives can either be:
|
|
||||||
.Bl -bullet
|
|
||||||
.It
|
|
||||||
a directive name followed by whitespace and then a value,
|
|
||||||
.It
|
|
||||||
or a regular expression matching an email address, followed by whitespace and an action keyword.
|
|
||||||
.El
|
|
||||||
.Pp
|
|
||||||
The list of directives kuvert understands:
|
|
||||||
.Bl -tag
|
|
||||||
.It Ar PGPPATH Pa path
|
|
||||||
defines the old-style compatible pgp executable to be used.
|
|
||||||
Default:
|
|
||||||
.Pa /usr/bin/pgp
|
|
||||||
.It Ar GPGPATH Pa path
|
|
||||||
defines the gnupg-compatible new-style pgp executable to be used.
|
|
||||||
Default:
|
|
||||||
.Pa /usr/bin/gpg
|
|
||||||
.It Ar USEPGP number
|
|
||||||
if number is not 0, kuvert will use the old-style pgp executable to generate
|
|
||||||
old-style encryption/signatures. If it is 0,
|
|
||||||
.Nm kuvert
|
|
||||||
will use gpg in a
|
|
||||||
compatibility mode to produce the old-style stuff. Please note: gpg needs
|
|
||||||
the gnupg-extension gpg-idea for this compatibility mode. You also
|
|
||||||
have to setup gpg to automatically load this extension.
|
|
||||||
Default: 0
|
|
||||||
.It Ar MTA Pa path-and-args
|
|
||||||
defines the Mail Transfer Agent
|
|
||||||
.Nm kuvert
|
|
||||||
should use. The MTA must read the mail text from stdin, support the flag
|
|
||||||
.Fl t ,
|
|
||||||
and also support multiple recipients given in separate arguments.
|
|
||||||
Default: /usr/lib/sendmail -om -oi -oem
|
|
||||||
.It Ar SECRETONDEMAND number
|
|
||||||
If SECRETONDEMAND is 1,
|
|
||||||
.Nm kuvert
|
|
||||||
will ask for the
|
|
||||||
key passphrases on demand and just before signing. If SECRETONDEMAND is 0,
|
|
||||||
then
|
|
||||||
.Nm kuvert
|
|
||||||
will query for passphrases on startup and store them itself (which is not very secure).
|
|
||||||
SECRETONDEMAND is automatically set to 0 if GETSECRET or DELSECRET are not set.
|
|
||||||
Default: 0
|
|
||||||
.It Ar GETSECRET Pa path-and-args
|
|
||||||
.It Ar DELSECRET Pa path-and-args
|
|
||||||
define what program to run to deal with externally stored passphrases, if SECRETONDEMAND is set;
|
|
||||||
ignored otherwise.
|
|
||||||
The path-and-args must contain "%s" which will be replaced with the key id in question. The program
|
|
||||||
must print the passphrase on its standard output.
|
|
||||||
GETSECRET is executed to retrieve a passphrase, while DELSECRET is used to delete passphrases.
|
|
||||||
Default: none
|
|
||||||
.It Ar ALWAYSTRUST number
|
|
||||||
if 1, add the alwaystrust parameter to gpg's invocation. See
|
|
||||||
.Xr gpg "1" for details about this parameter. Default: 0
|
|
||||||
.It Ar LOGFILE Pa path
|
|
||||||
sets the file
|
|
||||||
.Nm kuvert
|
|
||||||
logs its actions to. The logs are appended to that
|
|
||||||
file. Default:
|
|
||||||
.Nm kuvert
|
|
||||||
usually logs to syslog.
|
|
||||||
.It Ar QUEUEDIR Pa path
|
|
||||||
sets the directory where kuvert_mta_wrapper and
|
|
||||||
.Nm kuvert
|
|
||||||
put the queue of
|
|
||||||
mails to be processed. Default:
|
|
||||||
.Pa ~/.kuvert_queue
|
|
||||||
.It Ar TEMPDIR Pa path
|
|
||||||
sets the directory
|
|
||||||
.Nm kuvert
|
|
||||||
uses for temporary storage of the parts of the
|
|
||||||
parsed MIME entity.
|
|
||||||
.Em Attention: This directory is cleaned after every mail handled and every file in there is removed!
|
|
||||||
Default:
|
|
||||||
.Pa /tmp/kuvert.<uid>.<pid>.
|
|
||||||
.It Ar INTERVAL number
|
|
||||||
sets the queue check interval. the unit of measurement is seconds.
|
|
||||||
Default: 60 seconds
|
|
||||||
.It Ar IDENTIFY number
|
|
||||||
if non-zero,
|
|
||||||
.Nm kuvert
|
|
||||||
adds a
|
|
||||||
.Ql X-mailer
|
|
||||||
header to all mails it processes. Default: 0
|
|
||||||
.It Ar NGKEY keyid
|
|
||||||
sets the owner's key id for new-style pgp/gpg. To disable new-style pgp/gpg
|
|
||||||
completely, set the keyid to "0". Default: the first private DSA key found is used.
|
|
||||||
.It Ar STDKEY keyid
|
|
||||||
sets the owner's key id for old-style pgp. To disable old-style pgp completely, set the keyid to 0. Default: the first private RSA key found is used.
|
|
||||||
.It Ar DEFAULT action
|
|
||||||
specifies the action to be taken for unspecified recipient addresses.
|
|
||||||
See the next paragraphs for an explanation of the
|
|
||||||
.Ar action
|
|
||||||
argument.
|
|
||||||
.El
|
|
||||||
.Pp
|
|
||||||
All lines not starting with the pound sign
|
|
||||||
.Ql #
|
|
||||||
or a recognized directive
|
|
||||||
are interpreted as a
|
|
||||||
.Xr perl 1
|
|
||||||
regular expression followed by whitespace and an
|
|
||||||
action keyword.
|
|
||||||
.Pp
|
|
||||||
The regular expressions are applied to the email address
|
|
||||||
of the recipients of the mail, and the action keyword describes how to
|
|
||||||
modify
|
|
||||||
.Nm kuvert Ns
|
|
||||||
\&'s behavious for a recipient.
|
|
||||||
.Pp
|
|
||||||
The regular expression has to be written without the bracketing
|
|
||||||
.Ql / Ns
|
|
||||||
-characters.
|
|
||||||
The regular expressions are evaluated case-insensitively,
|
|
||||||
and in the order given in the configuration file. The first matching regexp
|
|
||||||
ends the evaluation sequence.
|
|
||||||
.Pp
|
|
||||||
The default action is to do not encrypt or sign at all, so you should
|
|
||||||
set a default that is reasonable for you by using the
|
|
||||||
.Ql DEFAULT
|
|
||||||
directive.
|
|
||||||
.Pp
|
|
||||||
The known action keywords are:
|
|
||||||
.Bl -tag
|
|
||||||
.It Ar none
|
|
||||||
Send it as it is, do not sign or encrypt at all. The MIME structure of
|
|
||||||
the mail is not changed in whatever way before sending.
|
|
||||||
This is the default action.
|
|
||||||
.Pp
|
|
||||||
This option is
|
|
||||||
.Em slightly special:
|
|
||||||
An explicitly set action of
|
|
||||||
.Ql none
|
|
||||||
is
|
|
||||||
.Em not affected or overridden
|
|
||||||
by any of the
|
|
||||||
.Ar -force
|
|
||||||
options or by the override header.
|
|
||||||
.It Ar std
|
|
||||||
Use just old-style pgp. If there is an old-style key known, encrypt and sign
|
|
||||||
using this old-style key and the owner's old-style key, otherwise just sign
|
|
||||||
using the owner's old-style key.
|
|
||||||
.It Ar ng
|
|
||||||
Use just new-style pgp, similar to the above.
|
|
||||||
.It Ar stdsign
|
|
||||||
Never encrypt, just sign using the owner's old-style key.
|
|
||||||
.It Ar ngsign
|
|
||||||
Never encrypt, just sign using the owner's new-style key.
|
|
||||||
.It Ar fallback
|
|
||||||
Encrypt with new-style, old-style or sign with new-style (or std-style if no new-style private key is available).
|
|
||||||
If there is a new-style key of the recipient known, encrypt and sign with
|
|
||||||
this key, else if there is an old-style key, encrypt and sign with this
|
|
||||||
key. Otherwise just sign with the owner's new-style key or (as last resort) the old-style key.
|
|
||||||
.It Ar none-force
|
|
||||||
Force no encryption/signing for all recipients of this mail.
|
|
||||||
.It Ar fallback-force
|
|
||||||
Force a fallback-type action for the recipients of this mail:
|
|
||||||
encrypt and sign with new-style or old-style pgp if keys for
|
|
||||||
.Em all affected
|
|
||||||
recipients are available or sign with new-style pgp. Recipients with
|
|
||||||
an action set to
|
|
||||||
.Ql none
|
|
||||||
are
|
|
||||||
.Em not affected
|
|
||||||
by fallback-force. Also note that a mixture of
|
|
||||||
old-style and new-style encryption is possible with fallback-force.
|
|
||||||
.It Ar ngsign-force "," stdsign-force
|
|
||||||
Sign only for all affected recipients, with new-style or old style pgp respectively. Again recipients with action
|
|
||||||
.Ql none
|
|
||||||
are
|
|
||||||
.Em not affected.
|
|
||||||
.It Ar ng-force
|
|
||||||
Encrypt and sign for all recipients of this mail if there is a new-style key
|
|
||||||
available for all of them, otherwise just sign for all of them using
|
|
||||||
new-style pgp. The difference between this action
|
|
||||||
and
|
|
||||||
.Ar fallback-force
|
|
||||||
is that there's no mixing of old-style and new-style pgp possible here.
|
|
||||||
Again recipients with action
|
|
||||||
.Ql none
|
|
||||||
are
|
|
||||||
.Em not affected.
|
|
||||||
.It Ar std-force
|
|
||||||
like
|
|
||||||
.Ar ng-force ","
|
|
||||||
but with old-style pgp.
|
|
||||||
Again recipients with action
|
|
||||||
.Ql none
|
|
||||||
are
|
|
||||||
.Em not affected.
|
|
||||||
.El
|
|
||||||
.Pp
|
|
||||||
Additionally, you can specify an override for a single mail by
|
|
||||||
adding a header to the mail of the form
|
|
||||||
.Ql X-Kuvert: Ar action
|
|
||||||
where action is one of the action keywords just listed
|
|
||||||
above. This override will be applied to all recipients of the given
|
|
||||||
mail and will override all action specifications given in the configuration
|
|
||||||
file, except the explicit
|
|
||||||
.Ql none Ns
|
|
||||||
s. Before final sending an email
|
|
||||||
.Nm kuvert
|
|
||||||
will remove
|
|
||||||
any existing override header from the email.
|
|
||||||
.Pp
|
|
||||||
The various
|
|
||||||
.Ar -force
|
|
||||||
actions are intended for users who want to avoid sending cleartext (signed)
|
|
||||||
and encrypted variants of the same mail to different recipients: You can
|
|
||||||
either turn off encryption or signing completely, or use the maximum
|
|
||||||
amount of privacy that is possible for a given set of recipients by checking
|
|
||||||
for keys for everybody before deciding whether to encrypt or just sign.
|
|
||||||
.Pp
|
|
||||||
The special handling for
|
|
||||||
.Ql none
|
|
||||||
does break this paradigma a bit, but is
|
|
||||||
necessary to make any
|
|
||||||
.Ar -force
|
|
||||||
option a safe choice for your
|
|
||||||
.Ql DEFAULT
|
|
||||||
action: Otherwise
|
|
||||||
.Nm kuvert
|
|
||||||
would send stuff signed or encrypted to recipients you know to be
|
|
||||||
completely unable/unwilling to accept signed or encrypted mail
|
|
||||||
(like mail robots). Therefore these were made unaffected (and disregarded)
|
|
||||||
by the
|
|
||||||
.Ar -force
|
|
||||||
options.
|
|
||||||
.Pp
|
|
||||||
.Sy Please note: the first occurrence of a -force action overrides all possible other occurrences!
|
|
||||||
.Sh FILES
|
|
||||||
.Bl -tag
|
|
||||||
.It Pa ~/.kuvert
|
|
||||||
configuration file for
|
|
||||||
.Nm kuvert
|
|
||||||
and
|
|
||||||
.Xr kuvert_mta_wrapper "1".
|
|
||||||
.It Pa ~/.kuvert_queue
|
|
||||||
the default queue directory for
|
|
||||||
.Nm kuvert
|
|
||||||
if the configuration file does not specify an alternative.
|
|
||||||
.It Pa /tmp/kuvert.pid.<uid>
|
|
||||||
holds the pid of a running process.
|
|
||||||
.El
|
|
||||||
.Sh SEE ALSO
|
|
||||||
.Xr kuvert_mta_wrapper "1",
|
|
||||||
.Xr q-agent "1",
|
|
||||||
.BR gpg "1",
|
|
||||||
.BR pgp "1",
|
|
||||||
RFC3156, RFC2015, RFC2440
|
|
||||||
.Sh AUTHORS
|
|
||||||
.An Alexander Zangerl <az@snafu.priv.at>
|
|
||||||
.Sh BUGS
|
|
||||||
Currently
|
|
||||||
.Nm kuvert
|
|
||||||
needs something sendmail-like in
|
|
||||||
.Pa /usr/lib/sendmail
|
|
||||||
that understands
|
|
||||||
.Fl t,
|
|
||||||
.Fl om,
|
|
||||||
.Fl oi
|
|
||||||
and
|
|
||||||
.Fl "oem".
|
|
||||||
.Pp
|
|
||||||
Multiple -force actions won't work.
|
|
|
@ -1,258 +0,0 @@
|
||||||
/*
|
|
||||||
* $Id: kuvert_mta_wrapper.c,v 1.8 2007/06/23 03:14:46 az Exp az $
|
|
||||||
*
|
|
||||||
* this file is part of kuvert, a wrapper around your mta that
|
|
||||||
* does pgp/gpg signing/signing+encrypting transparently, based
|
|
||||||
* on the content of your public keyring(s) and your preferences.
|
|
||||||
*
|
|
||||||
* copyright (c) 1999-2003 Alexander Zangerl <az+kuvert@snafu.priv.at>
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation; either version 2 of the License, or
|
|
||||||
* any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program; if not, write to the Free Software
|
|
||||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pwd.h>
|
|
||||||
#include <sys/file.h>
|
|
||||||
#include <sys/stat.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <syslog.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
|
|
||||||
#define CONFFILE "/.kuvert"
|
|
||||||
#define DEFAULT_QUEUEDIR "/.kuvert_queue"
|
|
||||||
#define BUFLEN 65536
|
|
||||||
#define FALLBACKMTA "/usr/lib/sendmail"
|
|
||||||
|
|
||||||
#define BAILOUT(a,...) {fprintf(stderr,"%s: ",argv[0]); fprintf(stderr, a "\n",##__VA_ARGS__);syslog(LOG_ERR,a,##__VA_ARGS__); exit(1);}
|
|
||||||
|
|
||||||
int main(int argc,char **argv)
|
|
||||||
{
|
|
||||||
struct passwd *pwentry;
|
|
||||||
/* fixme sizes */
|
|
||||||
char filen[256],buffer[BUFLEN],dirn[256];
|
|
||||||
int res,c,fallback=0,spaceleft;
|
|
||||||
char *p,*dirnp;
|
|
||||||
FILE *out;
|
|
||||||
FILE *cf;
|
|
||||||
struct stat statbuf;
|
|
||||||
|
|
||||||
/* determine whether to queue stuff or to call sendmail
|
|
||||||
directly: if there is a proper config file of kuvert in $HOME,
|
|
||||||
and if the flags/args given are "consistent" with a call
|
|
||||||
to sendmail for mail submission, do queue stuff;
|
|
||||||
otherwise exec sendmail. */
|
|
||||||
|
|
||||||
openlog(argv[0],LOG_NDELAY|LOG_PID,LOG_MAIL);
|
|
||||||
|
|
||||||
/* scan the arguments for options:
|
|
||||||
we understand about: no options, non-option-args, --,
|
|
||||||
-bm, -f, -i, -t, -v, -m, -oi, -d*, -e*. everything else means some special
|
|
||||||
instruction to sendmail, so we exec sendmail. */
|
|
||||||
|
|
||||||
/* no getopt error messages, please! */
|
|
||||||
opterr=0;
|
|
||||||
|
|
||||||
while ((c=getopt(argc,argv,"f:itvb:mo:"))!=-1 && !fallback)
|
|
||||||
{
|
|
||||||
switch (c)
|
|
||||||
{
|
|
||||||
case 'v':
|
|
||||||
case 'f':
|
|
||||||
case 'i':
|
|
||||||
case 't':
|
|
||||||
case 'm': /* deprecated option 'metoo',
|
|
||||||
but nmh uses this... */
|
|
||||||
break; /* these options are ok and supported */
|
|
||||||
case 'b':
|
|
||||||
/* just -bm is ok, other -b* are bad */
|
|
||||||
if (!optarg || *optarg != 'm')
|
|
||||||
{
|
|
||||||
fallback=1;
|
|
||||||
syslog(LOG_INFO,"option '-%c%s' mandates fallback",
|
|
||||||
c,optarg ? optarg : "");
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 'o':
|
|
||||||
/* -oi, -oe*, -od* are ok */
|
|
||||||
if (!optarg || (*optarg != 'i' && *optarg != 'e'
|
|
||||||
&& *optarg != 'd'))
|
|
||||||
{
|
|
||||||
fallback=1;
|
|
||||||
syslog(LOG_INFO,"option '-%c%s' mandates fallback",
|
|
||||||
c,optarg ? optarg : "");
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
/* well, there's an option we do not know, lets bail out */
|
|
||||||
fallback=1;
|
|
||||||
syslog(LOG_INFO,"option '-%c' mandates fallback",
|
|
||||||
c=='?'?optopt:c);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (!fallback)
|
|
||||||
{
|
|
||||||
/* options seem ok, look for config file in $HOME */
|
|
||||||
pwentry=getpwuid(getuid());
|
|
||||||
if (!pwentry)
|
|
||||||
BAILOUT("getpwuid failed: %s",strerror(errno));
|
|
||||||
|
|
||||||
/* open and scan the conffile for an queue-file definition
|
|
||||||
if there is no conffile, kuvert wont work ever */
|
|
||||||
if (snprintf(filen,sizeof(filen),"%s%s",pwentry->pw_dir,CONFFILE)==-1)
|
|
||||||
BAILOUT("overlong filename, suspicious",NULL);
|
|
||||||
if (!(cf=fopen(filen,"r")))
|
|
||||||
{
|
|
||||||
/* no config file -> exec sendmail */
|
|
||||||
syslog(LOG_INFO,"user has no .kuvert config file, fallback");
|
|
||||||
fallback=1;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
/* scan the lines for ^QUEUEDIR\s+ */
|
|
||||||
dirnp=NULL;
|
|
||||||
while(!feof(cf))
|
|
||||||
{
|
|
||||||
p=fgets(buffer,sizeof(buffer)-1,cf);
|
|
||||||
/* empty file? ok, we'll ignore it */
|
|
||||||
if (!p)
|
|
||||||
break;
|
|
||||||
|
|
||||||
if (!strncmp(buffer,"QUEUEDIR",sizeof("QUEUEDIR")-1))
|
|
||||||
{
|
|
||||||
p=buffer+sizeof("QUEUEDIR")-1;
|
|
||||||
for(;*p && isspace(*p);++p)
|
|
||||||
;
|
|
||||||
if (*p)
|
|
||||||
{
|
|
||||||
dirnp=p;
|
|
||||||
/* strip the newline from the string */
|
|
||||||
for(;*p && *p != '\n';++p)
|
|
||||||
;
|
|
||||||
if (*p == '\n')
|
|
||||||
*p=0;
|
|
||||||
/* strip eventual trailing whitespace */
|
|
||||||
for(--p;p>dirnp && isspace(*p);--p)
|
|
||||||
*p=0;
|
|
||||||
}
|
|
||||||
/* empty dir? ignore it */
|
|
||||||
if (strlen(dirnp)<2)
|
|
||||||
dirnp=NULL;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
fclose(cf);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* fallback to sendmail requested? */
|
|
||||||
if (fallback)
|
|
||||||
{
|
|
||||||
/* mangle argv[0], so that it gets recognizeable by sendmail */
|
|
||||||
argv[0]=FALLBACKMTA;
|
|
||||||
*buffer=0;
|
|
||||||
|
|
||||||
/* bah, c stringhandling is ugly... i just want all args
|
|
||||||
in one string for a nice syslog line... */
|
|
||||||
for(c=0,spaceleft=sizeof(buffer);
|
|
||||||
c<argc;
|
|
||||||
spaceleft-=strlen(argv[c++]))
|
|
||||||
{
|
|
||||||
if (spaceleft <= 0)
|
|
||||||
BAILOUT("overlong command line, suspicious.",NULL);
|
|
||||||
strncat(buffer,argv[c],spaceleft);
|
|
||||||
--spaceleft && c<argc-1 && strcat(buffer," ");
|
|
||||||
}
|
|
||||||
|
|
||||||
syslog(LOG_INFO,"will exec MTA as '%s'",buffer);
|
|
||||||
execv(FALLBACKMTA,argv);
|
|
||||||
/* must not reach here */
|
|
||||||
BAILOUT("execv FALLBACKMTA failed: %s",strerror(errno));
|
|
||||||
}
|
|
||||||
|
|
||||||
/* otherwise queue the stuff for kuvert,
|
|
||||||
first check queuedir and create if missing */
|
|
||||||
if (!dirnp)
|
|
||||||
{
|
|
||||||
if(snprintf(dirn,sizeof(dirn),"%s%s",pwentry->pw_dir,DEFAULT_QUEUEDIR)
|
|
||||||
==-1)
|
|
||||||
BAILOUT("overlong dirname, suspicous.",NULL);
|
|
||||||
dirnp=dirn;
|
|
||||||
}
|
|
||||||
|
|
||||||
res=stat(dirnp,&statbuf);
|
|
||||||
if (res)
|
|
||||||
{
|
|
||||||
if (errno == ENOENT)
|
|
||||||
{
|
|
||||||
/* seems to be missing -> try to create it */
|
|
||||||
if (mkdir(dirnp,0700))
|
|
||||||
BAILOUT("mkdir %s failed: %s\n",dirnp,strerror(errno));
|
|
||||||
}
|
|
||||||
else
|
|
||||||
BAILOUT("stat %s failed: %s\n",dirnp,strerror(errno));
|
|
||||||
}
|
|
||||||
else if (!S_ISDIR(statbuf.st_mode))
|
|
||||||
{
|
|
||||||
BAILOUT("%s is not a directory",dirnp);
|
|
||||||
}
|
|
||||||
else if (statbuf.st_uid != getuid())
|
|
||||||
{
|
|
||||||
BAILOUT("%s is not owned by you - refusing to run",dirnp);
|
|
||||||
}
|
|
||||||
else if ((statbuf.st_mode & 0777) != 0700)
|
|
||||||
{
|
|
||||||
BAILOUT("%s does not have mode 0700 - refusing to run",dirnp);
|
|
||||||
}
|
|
||||||
umask(066); /* absolutely no access for group/others... */
|
|
||||||
|
|
||||||
/* dir does exist now */
|
|
||||||
snprintf(filen,sizeof(filen),"%s/%d",dirnp,getpid());
|
|
||||||
|
|
||||||
/* file create and lock */
|
|
||||||
if (!(out=fopen(filen,"a")))
|
|
||||||
{
|
|
||||||
BAILOUT("fopen %s failed: %s\n",filen,strerror(errno));
|
|
||||||
}
|
|
||||||
if (flock(fileno(out),LOCK_EX))
|
|
||||||
{
|
|
||||||
BAILOUT("flock failed: %s\n",strerror(errno));
|
|
||||||
}
|
|
||||||
|
|
||||||
/* and put the data there */
|
|
||||||
do
|
|
||||||
{
|
|
||||||
res=fread(buffer,1,BUFLEN,stdin);
|
|
||||||
if (!res && ferror(stdin))
|
|
||||||
BAILOUT("fread failure: %s",strerror(errno));
|
|
||||||
if (fwrite(buffer,1,res,out)!=res && ferror(out))
|
|
||||||
BAILOUT("fwrite failure: %s",strerror(errno));
|
|
||||||
}
|
|
||||||
while (res==BUFLEN);
|
|
||||||
|
|
||||||
if (fflush(out)==EOF)
|
|
||||||
BAILOUT("fflush failed: %s",strerror(errno));
|
|
||||||
if (flock(fileno(out),LOCK_UN))
|
|
||||||
{
|
|
||||||
BAILOUT("flock (unlock) failed: %s",strerror(errno));
|
|
||||||
}
|
|
||||||
if (fclose(out)==EOF)
|
|
||||||
BAILOUT("fclose failed: %s",strerror(errno));
|
|
||||||
return 0;
|
|
||||||
}
|
|
|
@ -1,65 +0,0 @@
|
||||||
.Dd October 25, 2001
|
|
||||||
.Dt KUVERT_MTA_WRAPPER 1
|
|
||||||
.Os Unix
|
|
||||||
.Sh NAME
|
|
||||||
kuvert-mta-wrapper \- wrapper around your MTA for mail submission to
|
|
||||||
.Xr kuvert 1
|
|
||||||
.Sh SYNOPSIS
|
|
||||||
.Nm kuvert-mta-wrapper
|
|
||||||
.Op Fl options
|
|
||||||
.Op Ar args
|
|
||||||
.Sh DESCRIPTION
|
|
||||||
.Nm kuvert_mta_wrapper
|
|
||||||
submits an email either directly to your MTA or
|
|
||||||
enqueues it for
|
|
||||||
.Xr kuvert 1
|
|
||||||
for further processing.
|
|
||||||
.Nm kuvert_mta_wrapper
|
|
||||||
should be called by your MUA
|
|
||||||
instead of your usual MTA in order to enable kuvert to intercept and
|
|
||||||
process the outgoing mails. Please see your MUA's documentation about
|
|
||||||
how to override the MTA to be used.
|
|
||||||
.Pp
|
|
||||||
The decision whether queueing or calling the MTA directly is based on
|
|
||||||
the following factors:
|
|
||||||
.Bl -enum
|
|
||||||
.It
|
|
||||||
If there are options given other than
|
|
||||||
.Fl "bm",
|
|
||||||
.Fl "f",
|
|
||||||
.Fl "i",
|
|
||||||
.Fl "t",
|
|
||||||
.Fl "v",
|
|
||||||
.Fl "oi",
|
|
||||||
.Fl "od",
|
|
||||||
.Fl "oe",
|
|
||||||
the standard MTA
|
|
||||||
.Pa /usr/lib/sendmail
|
|
||||||
is executed with the options and arguments given. The result code in this case
|
|
||||||
is the one the MTA returns.
|
|
||||||
.It
|
|
||||||
If there is a configuration file
|
|
||||||
.Pa ~/.kuvert
|
|
||||||
(See
|
|
||||||
.Xr kuvert "1" for possible configuration directives) the mail is queued for
|
|
||||||
.Xr kuvert "1". The options and arguments are ignored.
|
|
||||||
If there are problems, an error message is sent to syslog and -1 is returned.
|
|
||||||
.El
|
|
||||||
.Sh FILES
|
|
||||||
.Bl -tag
|
|
||||||
.It Pa ~/.kuvert
|
|
||||||
configuration file for
|
|
||||||
.Xr kuvert "1" and
|
|
||||||
.Xr kuvert_mta_wrapper "1".
|
|
||||||
.It Pa ~/.kuvert_queue
|
|
||||||
the default queue directory for
|
|
||||||
.Xr kuvert "1" if the configuration file does not specify an alternative.
|
|
||||||
.El
|
|
||||||
.Sh SEE ALSO
|
|
||||||
.Xr kuvert 1
|
|
||||||
.Sh AUTHORS
|
|
||||||
.An Alexander Zangerl <az@snafu.priv.at>
|
|
||||||
.Sh BUGS
|
|
||||||
The list of allowed options and the MTA for fallback are set at compile time.
|
|
||||||
.Nm kuvert_mta_wrapper
|
|
||||||
does log only to syslog at the moment.
|
|
|
@ -1,5 +1,4 @@
|
||||||
/*
|
/*
|
||||||
* $Id: kuvert_submit.c,v 2.0 2008/06/01 05:15:35 az Exp az $
|
|
||||||
*
|
*
|
||||||
* this file is part of kuvert, a wrapper around your mta that
|
* this file is part of kuvert, a wrapper around your mta that
|
||||||
* does pgp/gpg signing/signing+encrypting transparently, based
|
* does pgp/gpg signing/signing+encrypting transparently, based
|
||||||
|
|
|
@ -0,0 +1,184 @@
|
||||||
|
package Net::Server::Mail::ESMTP::plainAUTH;
|
||||||
|
use strict;
|
||||||
|
use base qw(Net::Server::Mail::ESMTP::Extension);
|
||||||
|
use MIME::Base64;
|
||||||
|
|
||||||
|
use vars qw( $VERSION );
|
||||||
|
$VERSION = '1.0';
|
||||||
|
|
||||||
|
# the following are required by nsme::extension
|
||||||
|
# but not documented :(
|
||||||
|
sub init
|
||||||
|
{
|
||||||
|
my ($self,$parent)=@_;
|
||||||
|
$self->{AUTH}=();
|
||||||
|
return $self;
|
||||||
|
}
|
||||||
|
|
||||||
|
# the smtp operations we add
|
||||||
|
sub verb
|
||||||
|
{
|
||||||
|
return ( [ 'AUTH' => \&handle_auth, ],);
|
||||||
|
}
|
||||||
|
|
||||||
|
# what to add to the esmtp capabilities response
|
||||||
|
sub keyword
|
||||||
|
{
|
||||||
|
return 'AUTH LOGIN PLAIN';
|
||||||
|
}
|
||||||
|
|
||||||
|
# what options to allow for mail from: auth
|
||||||
|
sub option
|
||||||
|
{
|
||||||
|
return (['MAIL', 'AUTH' => sub { return; }]);
|
||||||
|
}
|
||||||
|
|
||||||
|
# and the actual auth handler
|
||||||
|
sub handle_auth
|
||||||
|
{
|
||||||
|
my ($self,$args)=@_;
|
||||||
|
my ($method,$param);
|
||||||
|
$args=~/^(LOGIN|PLAIN)\s*(.*)$/ && (($method,$param)=($1,$2));
|
||||||
|
|
||||||
|
if ($self->{AUTH}->{active})
|
||||||
|
{
|
||||||
|
delete $self->{AUTH}->{active};
|
||||||
|
$self->reply(535, "Authentication phases mixed up.");
|
||||||
|
return undef; # if rv given, server shuts conn!
|
||||||
|
}
|
||||||
|
elsif ($self->{AUTH}->{completed})
|
||||||
|
{
|
||||||
|
$self->reply(504,"Already authenticated.");
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
elsif (!$method)
|
||||||
|
{
|
||||||
|
$self->reply(501,"Unknown authentication method.");
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
|
||||||
|
$self->{AUTH}->{active}=$method;
|
||||||
|
|
||||||
|
if ($param eq '*')
|
||||||
|
{
|
||||||
|
delete $self->{AUTH}->{active};
|
||||||
|
$self->reply(501, "Authentication cancelled.");
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($method eq 'PLAIN')
|
||||||
|
{
|
||||||
|
if ($param) # plain: immediate with args
|
||||||
|
{
|
||||||
|
my (undef,$user,$pwd)=split(/\0/,decode_base64($param),3);
|
||||||
|
if (!$user)
|
||||||
|
{
|
||||||
|
delete $self->{AUTH}->{active};
|
||||||
|
$self->reply(535, "5.7.8 Authentication failed.");
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
return run_callback($self,$user,$pwd);
|
||||||
|
}
|
||||||
|
else # plain: or empty challenge and then response
|
||||||
|
{
|
||||||
|
$self->reply(334," ");
|
||||||
|
# undocumented but crucial: direct stuff to this method
|
||||||
|
$self->next_input_to(\&process_response);
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elsif ($method eq 'LOGIN')
|
||||||
|
{
|
||||||
|
# login is always two challenges
|
||||||
|
$self->reply(334, "VXNlcm5hbWU6"); # username
|
||||||
|
$self->next_input_to(\&process_response);
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# runs user-supplied callback on username and password
|
||||||
|
# responds success if callback succeeds
|
||||||
|
# sets complete if ok, clears active either way
|
||||||
|
sub run_callback
|
||||||
|
{
|
||||||
|
my ($self,$user,$pass)=@_;
|
||||||
|
my $ok;
|
||||||
|
|
||||||
|
my $ref=$self->{callback}->{AUTH};
|
||||||
|
if (ref $ref eq 'ARRAY' && ref $ref->[0] eq 'CODE')
|
||||||
|
{
|
||||||
|
my $c=$ref->[0];
|
||||||
|
$ok=&$c($self,$user,$pass);
|
||||||
|
}
|
||||||
|
if ($ok)
|
||||||
|
{
|
||||||
|
$self->reply(235, "Authentication successful");
|
||||||
|
$self->{AUTH}->{completed}=1;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$self->reply(535,"Authentication failed.");
|
||||||
|
}
|
||||||
|
delete $self->{AUTH}->{active};
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
|
||||||
|
# deals with any response, based on active method
|
||||||
|
sub process_response
|
||||||
|
{
|
||||||
|
my ($self,$args)=@_;
|
||||||
|
|
||||||
|
if (!$self->{AUTH}->{active} || $self->{AUTH}->{completed})
|
||||||
|
{
|
||||||
|
delete $self->{AUTH}->{active};
|
||||||
|
$self->reply(535, "Authentication phases mixed up.");
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
if (!$args)
|
||||||
|
{
|
||||||
|
delete $self->{AUTH}->{active};
|
||||||
|
$self->reply(535, "5.7.8 Authentication failed.");
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($self->{AUTH}->{active} eq "PLAIN")
|
||||||
|
{
|
||||||
|
# plain is easy: only one response containing everything
|
||||||
|
my (undef,$user,$pwd)=split(/\0/,decode_base64($args),3);
|
||||||
|
if (!$user)
|
||||||
|
{
|
||||||
|
delete $self->{AUTH}->{active};
|
||||||
|
$self->reply(535, "5.7.8 Authentication failed.");
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
return run_callback($self,$user,$pwd);
|
||||||
|
}
|
||||||
|
elsif ($self->{AUTH}->{active} eq "LOGIN")
|
||||||
|
{
|
||||||
|
# uglier: two challenges for username+password
|
||||||
|
my ($input)=split(/\0/,decode_base64($args));
|
||||||
|
|
||||||
|
# is this the second time round?
|
||||||
|
if ($self->{AUTH}->{user})
|
||||||
|
{
|
||||||
|
return run_callback($self,$self->{AUTH}->{user},$input);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
# nope, first time: save username and challenge
|
||||||
|
# for password
|
||||||
|
$self->{AUTH}->{user}=$input;
|
||||||
|
$self->reply(334, "UGFzc3dvcmQ6"); # password
|
||||||
|
$self->next_input_to(\&process_response);
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
delete $self->{AUTH}->{active};
|
||||||
|
$self->reply(535, "Authentication mixed up.");
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
Loading…
Reference in New Issue