converted from RCS
parent
727fb6ca0f
commit
5aae45cfa3
|
@ -0,0 +1 @@
|
|||
kuvert_submit
|
|
@ -0,0 +1,339 @@
|
|||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||
675 Mass Ave, Cambridge, MA 02139, USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Library General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) 19yy <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) 19yy name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Library General
|
||||
Public License instead of this License.
|
|
@ -0,0 +1,30 @@
|
|||
# well, a simpler makefile is hardly imaginable...
|
||||
DESTDIR=
|
||||
|
||||
# the version number of the package
|
||||
VERSION=$(shell sed -n '1s/^.*(\(.*\)).*$$/\1/p' debian/changelog)
|
||||
|
||||
CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS)
|
||||
CFLAGS:=$(shell dpkg-buildflags --get CFLAGS)
|
||||
CXXFLAGS:=$(shell dpkg-buildflags --get CXXFLAGS)
|
||||
LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS)
|
||||
|
||||
all: kuvert_submit
|
||||
|
||||
clean:
|
||||
-rm -f kuvert_submit kuvert.tmp
|
||||
|
||||
install: kuvert_submit kuvert
|
||||
install -d $(DESTDIR)/usr/bin $(DESTDIR)/usr/share/man/man1 \
|
||||
$(DESTDIR)/usr/share/perl5/Net/Server/Mail/ESMTP/
|
||||
install kuvert_submit $(DESTDIR)/usr/bin
|
||||
# fix the version number
|
||||
sed 's/INSERT_VERSION/$(VERSION)/' kuvert > kuvert.tmp
|
||||
install kuvert.tmp $(DESTDIR)/usr/bin/kuvert
|
||||
-rm kuvert.tmp
|
||||
install plainAUTH.pm $(DESTDIR)/usr/share/perl5/Net/Server/Mail/ESMTP/
|
||||
pod2man --center="User Commands" -r Mail kuvert $(DESTDIR)/usr/share/man/man1/kuvert.1
|
||||
pod2man --center="User Commands" -r Mail kuvert_submit.pod $(DESTDIR)/usr/share/man/man1/kuvert_submit.1
|
||||
|
||||
test:
|
||||
echo $(VERSION)
|
|
@ -0,0 +1,7 @@
|
|||
My thanks go to
|
||||
|
||||
Robert Bihlmeyer <robbe@orcus.priv.at>
|
||||
Norbert Preining <preining@logic.tuwien.ac.at>
|
||||
Robert Waldner <waldner@waldner.priv.at>
|
||||
|
||||
for valuable hints and suggestions regarding this piece of software.
|
1
kuvert
1
kuvert
|
@ -19,7 +19,6 @@
|
|||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
#
|
||||
# $Id: kuvert,v 2.32 2014/07/15 10:55:55 az Exp az $
|
||||
#--
|
||||
|
||||
use strict;
|
||||
|
|
407
kuvert.man
407
kuvert.man
|
@ -1,407 +0,0 @@
|
|||
.Dd February 16, 2003
|
||||
.Dt KUVERT 1
|
||||
.Os Unix
|
||||
.Sh NAME
|
||||
kuvert \- automatically sign and/or encrypt mail based on the recipients
|
||||
.Sh SYNOPSIS
|
||||
.Nm kuvert
|
||||
.Op Fl d
|
||||
.Op Fl b
|
||||
.Op Fl r | Fl k | Fl n | Fl v
|
||||
.Sh DESCRIPTION
|
||||
.Nm kuvert
|
||||
reads mails from its queue, analyzes the recipients, decides to whom
|
||||
it should encrypt and/or sign the mail using the PGP-MIME framework
|
||||
defined in RFC3156 and sends the mail using your real MTA. kuvert can use
|
||||
both old-style 2.x
|
||||
.Xr pgp 1
|
||||
and modern
|
||||
.Xr gpg 1
|
||||
at the same time, or can
|
||||
coerce gpg into producing pgp-2.x-compatible signatures/encrypted data.
|
||||
.Pp
|
||||
The mail submission into the queue is usually done by
|
||||
.Xr kuvert_mta_wrapper "1".
|
||||
.Pp
|
||||
The option
|
||||
.Fl r
|
||||
causes an already running
|
||||
.Nm kuvert
|
||||
process to reload the configuration file and the keyring(s).
|
||||
This is done by sending a SIGUSR1 to the running process.
|
||||
.Pp
|
||||
The option
|
||||
.Fl d
|
||||
activates debugging output to syslog.
|
||||
.Nm kuvert
|
||||
does not fork when in debugging mode and processes just the
|
||||
first mail in the queue, after which it terminates.
|
||||
.Pp
|
||||
If the option
|
||||
.Fl b
|
||||
is given, then
|
||||
.Nm kuvert
|
||||
will send an error mail to the user whenever fatal errors are encountered.
|
||||
.Pp
|
||||
The option
|
||||
.Fl k
|
||||
makes
|
||||
.Nm kuvert
|
||||
kill an already running process.
|
||||
.Pp
|
||||
With the option
|
||||
.Fl n
|
||||
.Nm kuvert
|
||||
does not
|
||||
.Xr fork 2
|
||||
but keeps running in the foreground.
|
||||
.Pp
|
||||
The option
|
||||
.Fl v
|
||||
makes
|
||||
.Nm kuvert
|
||||
output its version number and exit immediately.
|
||||
.Pp
|
||||
At startup
|
||||
.Nm kuvert
|
||||
reads the keyring(s) and the configuration file,
|
||||
then usually forks and runs the queue once every 60 seconds.
|
||||
Whenever there is a file with a name consisting of digits only in the
|
||||
queue,
|
||||
.Nm kuvert
|
||||
will parse the mime structure into a temporary directory using
|
||||
.Xr MIME::Parser "3pm".
|
||||
.Pp
|
||||
.Nm kuvert
|
||||
then decides whether the mail shall be left as is, clear-text signed
|
||||
or signed and encrypted according to RFC3156.
|
||||
This decision is done independently for every recipient of the
|
||||
mail and works as follows:
|
||||
.Bl -bullet
|
||||
.It
|
||||
If a public key of the recipient is known, sign and encrypt.
|
||||
.It
|
||||
If no public key of the recipient is known, just sign.
|
||||
.El
|
||||
.Pp
|
||||
There are some options governing or overriding this basic setup, see
|
||||
the section
|
||||
.Sx CONFIGURATION
|
||||
for details.
|
||||
.Pp
|
||||
Please note that
|
||||
.Nm kuvert uses the
|
||||
.Ql To: ,
|
||||
.Ql Cc:
|
||||
and
|
||||
.Ql Bcc:
|
||||
headers to determine
|
||||
the recipients.
|
||||
Recipients listed in a
|
||||
.Ql Bcc:
|
||||
header are handled separately from all other recipients and do not affect
|
||||
the choice of actions for other recipients (ie. handling of
|
||||
.Ar -force
|
||||
options).
|
||||
Additionally, if there is a
|
||||
.Ql Resend-To:
|
||||
header,
|
||||
.Nm kuvert
|
||||
will do no signing/encryption and send the mail just as it
|
||||
is to the recipients indicated in the
|
||||
.Ql Resend-To:
|
||||
header.
|
||||
.Pp
|
||||
Afterwards the parsed MIME entity is amended with the signature or
|
||||
replaced with the encrypted data and is sent off using the MTA.
|
||||
The temporary directory is cleaned and
|
||||
.Nm kuvert
|
||||
processes either the
|
||||
next queued message or waits for new messages.
|
||||
.Pp
|
||||
If there are problems, kuvert disables further processing of the respective
|
||||
queuefile (it adds a
|
||||
.Ql \&.
|
||||
at the beginning of the filename, thus making the file ignored for further
|
||||
queue-runs)
|
||||
and sends an error message back to the sender.
|
||||
.Sh CONFIGURATION
|
||||
.Nm kuvert
|
||||
needs some configuration directives in its configuration file
|
||||
.Pa ~/.kuvert .
|
||||
This file is read at startup and whenever you have
|
||||
.Nm kuvert
|
||||
reread things using
|
||||
.Fl r.
|
||||
Empty lines and lines starting with
|
||||
.Ql #
|
||||
are ignored, as well as lines containing directives
|
||||
.Nm kuvert
|
||||
can not interpret.
|
||||
.Pp
|
||||
Directives can either be:
|
||||
.Bl -bullet
|
||||
.It
|
||||
a directive name followed by whitespace and then a value,
|
||||
.It
|
||||
or a regular expression matching an email address, followed by whitespace and an action keyword.
|
||||
.El
|
||||
.Pp
|
||||
The list of directives kuvert understands:
|
||||
.Bl -tag
|
||||
.It Ar PGPPATH Pa path
|
||||
defines the old-style compatible pgp executable to be used.
|
||||
Default:
|
||||
.Pa /usr/bin/pgp
|
||||
.It Ar GPGPATH Pa path
|
||||
defines the gnupg-compatible new-style pgp executable to be used.
|
||||
Default:
|
||||
.Pa /usr/bin/gpg
|
||||
.It Ar USEPGP number
|
||||
if number is not 0, kuvert will use the old-style pgp executable to generate
|
||||
old-style encryption/signatures. If it is 0,
|
||||
.Nm kuvert
|
||||
will use gpg in a
|
||||
compatibility mode to produce the old-style stuff. Please note: gpg needs
|
||||
the gnupg-extension gpg-idea for this compatibility mode. You also
|
||||
have to setup gpg to automatically load this extension.
|
||||
Default: 0
|
||||
.It Ar MTA Pa path-and-args
|
||||
defines the Mail Transfer Agent
|
||||
.Nm kuvert
|
||||
should use. The MTA must read the mail text from stdin, support the flag
|
||||
.Fl t ,
|
||||
and also support multiple recipients given in separate arguments.
|
||||
Default: /usr/lib/sendmail -om -oi -oem
|
||||
.It Ar SECRETONDEMAND number
|
||||
If SECRETONDEMAND is 1,
|
||||
.Nm kuvert
|
||||
will ask for the
|
||||
key passphrases on demand and just before signing. If SECRETONDEMAND is 0,
|
||||
then
|
||||
.Nm kuvert
|
||||
will query for passphrases on startup and store them itself (which is not very secure).
|
||||
SECRETONDEMAND is automatically set to 0 if GETSECRET or DELSECRET are not set.
|
||||
Default: 0
|
||||
.It Ar GETSECRET Pa path-and-args
|
||||
.It Ar DELSECRET Pa path-and-args
|
||||
define what program to run to deal with externally stored passphrases, if SECRETONDEMAND is set;
|
||||
ignored otherwise.
|
||||
The path-and-args must contain "%s" which will be replaced with the key id in question. The program
|
||||
must print the passphrase on its standard output.
|
||||
GETSECRET is executed to retrieve a passphrase, while DELSECRET is used to delete passphrases.
|
||||
Default: none
|
||||
.It Ar ALWAYSTRUST number
|
||||
if 1, add the alwaystrust parameter to gpg's invocation. See
|
||||
.Xr gpg "1" for details about this parameter. Default: 0
|
||||
.It Ar LOGFILE Pa path
|
||||
sets the file
|
||||
.Nm kuvert
|
||||
logs its actions to. The logs are appended to that
|
||||
file. Default:
|
||||
.Nm kuvert
|
||||
usually logs to syslog.
|
||||
.It Ar QUEUEDIR Pa path
|
||||
sets the directory where kuvert_mta_wrapper and
|
||||
.Nm kuvert
|
||||
put the queue of
|
||||
mails to be processed. Default:
|
||||
.Pa ~/.kuvert_queue
|
||||
.It Ar TEMPDIR Pa path
|
||||
sets the directory
|
||||
.Nm kuvert
|
||||
uses for temporary storage of the parts of the
|
||||
parsed MIME entity.
|
||||
.Em Attention: This directory is cleaned after every mail handled and every file in there is removed!
|
||||
Default:
|
||||
.Pa /tmp/kuvert.<uid>.<pid>.
|
||||
.It Ar INTERVAL number
|
||||
sets the queue check interval. the unit of measurement is seconds.
|
||||
Default: 60 seconds
|
||||
.It Ar IDENTIFY number
|
||||
if non-zero,
|
||||
.Nm kuvert
|
||||
adds a
|
||||
.Ql X-mailer
|
||||
header to all mails it processes. Default: 0
|
||||
.It Ar NGKEY keyid
|
||||
sets the owner's key id for new-style pgp/gpg. To disable new-style pgp/gpg
|
||||
completely, set the keyid to "0". Default: the first private DSA key found is used.
|
||||
.It Ar STDKEY keyid
|
||||
sets the owner's key id for old-style pgp. To disable old-style pgp completely, set the keyid to 0. Default: the first private RSA key found is used.
|
||||
.It Ar DEFAULT action
|
||||
specifies the action to be taken for unspecified recipient addresses.
|
||||
See the next paragraphs for an explanation of the
|
||||
.Ar action
|
||||
argument.
|
||||
.El
|
||||
.Pp
|
||||
All lines not starting with the pound sign
|
||||
.Ql #
|
||||
or a recognized directive
|
||||
are interpreted as a
|
||||
.Xr perl 1
|
||||
regular expression followed by whitespace and an
|
||||
action keyword.
|
||||
.Pp
|
||||
The regular expressions are applied to the email address
|
||||
of the recipients of the mail, and the action keyword describes how to
|
||||
modify
|
||||
.Nm kuvert Ns
|
||||
\&'s behavious for a recipient.
|
||||
.Pp
|
||||
The regular expression has to be written without the bracketing
|
||||
.Ql / Ns
|
||||
-characters.
|
||||
The regular expressions are evaluated case-insensitively,
|
||||
and in the order given in the configuration file. The first matching regexp
|
||||
ends the evaluation sequence.
|
||||
.Pp
|
||||
The default action is to do not encrypt or sign at all, so you should
|
||||
set a default that is reasonable for you by using the
|
||||
.Ql DEFAULT
|
||||
directive.
|
||||
.Pp
|
||||
The known action keywords are:
|
||||
.Bl -tag
|
||||
.It Ar none
|
||||
Send it as it is, do not sign or encrypt at all. The MIME structure of
|
||||
the mail is not changed in whatever way before sending.
|
||||
This is the default action.
|
||||
.Pp
|
||||
This option is
|
||||
.Em slightly special:
|
||||
An explicitly set action of
|
||||
.Ql none
|
||||
is
|
||||
.Em not affected or overridden
|
||||
by any of the
|
||||
.Ar -force
|
||||
options or by the override header.
|
||||
.It Ar std
|
||||
Use just old-style pgp. If there is an old-style key known, encrypt and sign
|
||||
using this old-style key and the owner's old-style key, otherwise just sign
|
||||
using the owner's old-style key.
|
||||
.It Ar ng
|
||||
Use just new-style pgp, similar to the above.
|
||||
.It Ar stdsign
|
||||
Never encrypt, just sign using the owner's old-style key.
|
||||
.It Ar ngsign
|
||||
Never encrypt, just sign using the owner's new-style key.
|
||||
.It Ar fallback
|
||||
Encrypt with new-style, old-style or sign with new-style (or std-style if no new-style private key is available).
|
||||
If there is a new-style key of the recipient known, encrypt and sign with
|
||||
this key, else if there is an old-style key, encrypt and sign with this
|
||||
key. Otherwise just sign with the owner's new-style key or (as last resort) the old-style key.
|
||||
.It Ar none-force
|
||||
Force no encryption/signing for all recipients of this mail.
|
||||
.It Ar fallback-force
|
||||
Force a fallback-type action for the recipients of this mail:
|
||||
encrypt and sign with new-style or old-style pgp if keys for
|
||||
.Em all affected
|
||||
recipients are available or sign with new-style pgp. Recipients with
|
||||
an action set to
|
||||
.Ql none
|
||||
are
|
||||
.Em not affected
|
||||
by fallback-force. Also note that a mixture of
|
||||
old-style and new-style encryption is possible with fallback-force.
|
||||
.It Ar ngsign-force "," stdsign-force
|
||||
Sign only for all affected recipients, with new-style or old style pgp respectively. Again recipients with action
|
||||
.Ql none
|
||||
are
|
||||
.Em not affected.
|
||||
.It Ar ng-force
|
||||
Encrypt and sign for all recipients of this mail if there is a new-style key
|
||||
available for all of them, otherwise just sign for all of them using
|
||||
new-style pgp. The difference between this action
|
||||
and
|
||||
.Ar fallback-force
|
||||
is that there's no mixing of old-style and new-style pgp possible here.
|
||||
Again recipients with action
|
||||
.Ql none
|
||||
are
|
||||
.Em not affected.
|
||||
.It Ar std-force
|
||||
like
|
||||
.Ar ng-force ","
|
||||
but with old-style pgp.
|
||||
Again recipients with action
|
||||
.Ql none
|
||||
are
|
||||
.Em not affected.
|
||||
.El
|
||||
.Pp
|
||||
Additionally, you can specify an override for a single mail by
|
||||
adding a header to the mail of the form
|
||||
.Ql X-Kuvert: Ar action
|
||||
where action is one of the action keywords just listed
|
||||
above. This override will be applied to all recipients of the given
|
||||
mail and will override all action specifications given in the configuration
|
||||
file, except the explicit
|
||||
.Ql none Ns
|
||||
s. Before final sending an email
|
||||
.Nm kuvert
|
||||
will remove
|
||||
any existing override header from the email.
|
||||
.Pp
|
||||
The various
|
||||
.Ar -force
|
||||
actions are intended for users who want to avoid sending cleartext (signed)
|
||||
and encrypted variants of the same mail to different recipients: You can
|
||||
either turn off encryption or signing completely, or use the maximum
|
||||
amount of privacy that is possible for a given set of recipients by checking
|
||||
for keys for everybody before deciding whether to encrypt or just sign.
|
||||
.Pp
|
||||
The special handling for
|
||||
.Ql none
|
||||
does break this paradigma a bit, but is
|
||||
necessary to make any
|
||||
.Ar -force
|
||||
option a safe choice for your
|
||||
.Ql DEFAULT
|
||||
action: Otherwise
|
||||
.Nm kuvert
|
||||
would send stuff signed or encrypted to recipients you know to be
|
||||
completely unable/unwilling to accept signed or encrypted mail
|
||||
(like mail robots). Therefore these were made unaffected (and disregarded)
|
||||
by the
|
||||
.Ar -force
|
||||
options.
|
||||
.Pp
|
||||
.Sy Please note: the first occurrence of a -force action overrides all possible other occurrences!
|
||||
.Sh FILES
|
||||
.Bl -tag
|
||||
.It Pa ~/.kuvert
|
||||
configuration file for
|
||||
.Nm kuvert
|
||||
and
|
||||
.Xr kuvert_mta_wrapper "1".
|
||||
.It Pa ~/.kuvert_queue
|
||||
the default queue directory for
|
||||
.Nm kuvert
|
||||
if the configuration file does not specify an alternative.
|
||||
.It Pa /tmp/kuvert.pid.<uid>
|
||||
holds the pid of a running process.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr kuvert_mta_wrapper "1",
|
||||
.Xr q-agent "1",
|
||||
.BR gpg "1",
|
||||
.BR pgp "1",
|
||||
RFC3156, RFC2015, RFC2440
|
||||
.Sh AUTHORS
|
||||
.An Alexander Zangerl <az@snafu.priv.at>
|
||||
.Sh BUGS
|
||||
Currently
|
||||
.Nm kuvert
|
||||
needs something sendmail-like in
|
||||
.Pa /usr/lib/sendmail
|
||||
that understands
|
||||
.Fl t,
|
||||
.Fl om,
|
||||
.Fl oi
|
||||
and
|
||||
.Fl "oem".
|
||||
.Pp
|
||||
Multiple -force actions won't work.
|
|
@ -1,258 +0,0 @@
|
|||
/*
|
||||
* $Id: kuvert_mta_wrapper.c,v 1.8 2007/06/23 03:14:46 az Exp az $
|
||||
*
|
||||
* this file is part of kuvert, a wrapper around your mta that
|
||||
* does pgp/gpg signing/signing+encrypting transparently, based
|
||||
* on the content of your public keyring(s) and your preferences.
|
||||
*
|
||||
* copyright (c) 1999-2003 Alexander Zangerl <az+kuvert@snafu.priv.at>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <pwd.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/stat.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
#include <syslog.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#define CONFFILE "/.kuvert"
|
||||
#define DEFAULT_QUEUEDIR "/.kuvert_queue"
|
||||
#define BUFLEN 65536
|
||||
#define FALLBACKMTA "/usr/lib/sendmail"
|
||||
|
||||
#define BAILOUT(a,...) {fprintf(stderr,"%s: ",argv[0]); fprintf(stderr, a "\n",##__VA_ARGS__);syslog(LOG_ERR,a,##__VA_ARGS__); exit(1);}
|
||||
|
||||
int main(int argc,char **argv)
|
||||
{
|
||||
struct passwd *pwentry;
|
||||
/* fixme sizes */
|
||||
char filen[256],buffer[BUFLEN],dirn[256];
|
||||
int res,c,fallback=0,spaceleft;
|
||||
char *p,*dirnp;
|
||||
FILE *out;
|
||||
FILE *cf;
|
||||
struct stat statbuf;
|
||||
|
||||
/* determine whether to queue stuff or to call sendmail
|
||||
directly: if there is a proper config file of kuvert in $HOME,
|
||||
and if the flags/args given are "consistent" with a call
|
||||
to sendmail for mail submission, do queue stuff;
|
||||
otherwise exec sendmail. */
|
||||
|
||||
openlog(argv[0],LOG_NDELAY|LOG_PID,LOG_MAIL);
|
||||
|
||||
/* scan the arguments for options:
|
||||
we understand about: no options, non-option-args, --,
|
||||
-bm, -f, -i, -t, -v, -m, -oi, -d*, -e*. everything else means some special
|
||||
instruction to sendmail, so we exec sendmail. */
|
||||
|
||||
/* no getopt error messages, please! */
|
||||
opterr=0;
|
||||
|
||||
while ((c=getopt(argc,argv,"f:itvb:mo:"))!=-1 && !fallback)
|
||||
{
|
||||
switch (c)
|
||||
{
|
||||
case 'v':
|
||||
case 'f':
|
||||
case 'i':
|
||||
case 't':
|
||||
case 'm': /* deprecated option 'metoo',
|
||||
but nmh uses this... */
|
||||
break; /* these options are ok and supported */
|
||||
case 'b':
|
||||
/* just -bm is ok, other -b* are bad */
|
||||
if (!optarg || *optarg != 'm')
|
||||
{
|
||||
fallback=1;
|
||||
syslog(LOG_INFO,"option '-%c%s' mandates fallback",
|
||||
c,optarg ? optarg : "");
|
||||
}
|
||||
break;
|
||||
case 'o':
|
||||
/* -oi, -oe*, -od* are ok */
|
||||
if (!optarg || (*optarg != 'i' && *optarg != 'e'
|
||||
&& *optarg != 'd'))
|
||||
{
|
||||
fallback=1;
|
||||
syslog(LOG_INFO,"option '-%c%s' mandates fallback",
|
||||
c,optarg ? optarg : "");
|
||||
}
|
||||
break;
|
||||
default:
|
||||
/* well, there's an option we do not know, lets bail out */
|
||||
fallback=1;
|
||||
syslog(LOG_INFO,"option '-%c' mandates fallback",
|
||||
c=='?'?optopt:c);
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!fallback)
|
||||
{
|
||||
/* options seem ok, look for config file in $HOME */
|
||||
pwentry=getpwuid(getuid());
|
||||
if (!pwentry)
|
||||
BAILOUT("getpwuid failed: %s",strerror(errno));
|
||||
|
||||
/* open and scan the conffile for an queue-file definition
|
||||
if there is no conffile, kuvert wont work ever */
|
||||
if (snprintf(filen,sizeof(filen),"%s%s",pwentry->pw_dir,CONFFILE)==-1)
|
||||
BAILOUT("overlong filename, suspicious",NULL);
|
||||
if (!(cf=fopen(filen,"r")))
|
||||
{
|
||||
/* no config file -> exec sendmail */
|
||||
syslog(LOG_INFO,"user has no .kuvert config file, fallback");
|
||||
fallback=1;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* scan the lines for ^QUEUEDIR\s+ */
|
||||
dirnp=NULL;
|
||||
while(!feof(cf))
|
||||
{
|
||||
p=fgets(buffer,sizeof(buffer)-1,cf);
|
||||
/* empty file? ok, we'll ignore it */
|
||||
if (!p)
|
||||
break;
|
||||
|
||||
if (!strncmp(buffer,"QUEUEDIR",sizeof("QUEUEDIR")-1))
|
||||
{
|
||||
p=buffer+sizeof("QUEUEDIR")-1;
|
||||
for(;*p && isspace(*p);++p)
|
||||
;
|
||||
if (*p)
|
||||
{
|
||||
dirnp=p;
|
||||
/* strip the newline from the string */
|
||||
for(;*p && *p != '\n';++p)
|
||||
;
|
||||
if (*p == '\n')
|
||||
*p=0;
|
||||
/* strip eventual trailing whitespace */
|
||||
for(--p;p>dirnp && isspace(*p);--p)
|
||||
*p=0;
|
||||
}
|
||||
/* empty dir? ignore it */
|
||||
if (strlen(dirnp)<2)
|
||||
dirnp=NULL;
|
||||
break;
|
||||
}
|
||||
}
|
||||
fclose(cf);
|
||||
}
|
||||
}
|
||||
|
||||
/* fallback to sendmail requested? */
|
||||
if (fallback)
|
||||
{
|
||||
/* mangle argv[0], so that it gets recognizeable by sendmail */
|
||||
argv[0]=FALLBACKMTA;
|
||||
*buffer=0;
|
||||
|
||||
/* bah, c stringhandling is ugly... i just want all args
|
||||
in one string for a nice syslog line... */
|
||||
for(c=0,spaceleft=sizeof(buffer);
|
||||
c<argc;
|
||||
spaceleft-=strlen(argv[c++]))
|
||||
{
|
||||
if (spaceleft <= 0)
|
||||
BAILOUT("overlong command line, suspicious.",NULL);
|
||||
strncat(buffer,argv[c],spaceleft);
|
||||
--spaceleft && c<argc-1 && strcat(buffer," ");
|
||||
}
|
||||
|
||||
syslog(LOG_INFO,"will exec MTA as '%s'",buffer);
|
||||
execv(FALLBACKMTA,argv);
|
||||
/* must not reach here */
|
||||
BAILOUT("execv FALLBACKMTA failed: %s",strerror(errno));
|
||||
}
|
||||
|
||||
/* otherwise queue the stuff for kuvert,
|
||||
first check queuedir and create if missing */
|
||||
if (!dirnp)
|
||||
{
|
||||
if(snprintf(dirn,sizeof(dirn),"%s%s",pwentry->pw_dir,DEFAULT_QUEUEDIR)
|
||||
==-1)
|
||||
BAILOUT("overlong dirname, suspicous.",NULL);
|
||||
dirnp=dirn;
|
||||
}
|
||||
|
||||
res=stat(dirnp,&statbuf);
|
||||
if (res)
|
||||
{
|
||||
if (errno == ENOENT)
|
||||
{
|
||||
/* seems to be missing -> try to create it */
|
||||
if (mkdir(dirnp,0700))
|
||||
BAILOUT("mkdir %s failed: %s\n",dirnp,strerror(errno));
|
||||
}
|
||||
else
|
||||
BAILOUT("stat %s failed: %s\n",dirnp,strerror(errno));
|
||||
}
|
||||
else if (!S_ISDIR(statbuf.st_mode))
|
||||
{
|
||||
BAILOUT("%s is not a directory",dirnp);
|
||||
}
|
||||
else if (statbuf.st_uid != getuid())
|
||||
{
|
||||
BAILOUT("%s is not owned by you - refusing to run",dirnp);
|
||||
}
|
||||
else if ((statbuf.st_mode & 0777) != 0700)
|
||||
{
|
||||
BAILOUT("%s does not have mode 0700 - refusing to run",dirnp);
|
||||
}
|
||||
umask(066); /* absolutely no access for group/others... */
|
||||
|
||||
/* dir does exist now */
|
||||
snprintf(filen,sizeof(filen),"%s/%d",dirnp,getpid());
|
||||
|
||||
/* file create and lock */
|
||||
if (!(out=fopen(filen,"a")))
|
||||
{
|
||||
BAILOUT("fopen %s failed: %s\n",filen,strerror(errno));
|
||||
}
|
||||
if (flock(fileno(out),LOCK_EX))
|
||||
{
|
||||
BAILOUT("flock failed: %s\n",strerror(errno));
|
||||
}
|
||||
|
||||
/* and put the data there */
|
||||
do
|
||||
{
|
||||
res=fread(buffer,1,BUFLEN,stdin);
|
||||
if (!res && ferror(stdin))
|
||||
BAILOUT("fread failure: %s",strerror(errno));
|
||||
if (fwrite(buffer,1,res,out)!=res && ferror(out))
|
||||
BAILOUT("fwrite failure: %s",strerror(errno));
|
||||
}
|
||||
while (res==BUFLEN);
|
||||
|
||||
if (fflush(out)==EOF)
|
||||
BAILOUT("fflush failed: %s",strerror(errno));
|
||||
if (flock(fileno(out),LOCK_UN))
|
||||
{
|
||||
BAILOUT("flock (unlock) failed: %s",strerror(errno));
|
||||
}
|
||||
if (fclose(out)==EOF)
|
||||
BAILOUT("fclose failed: %s",strerror(errno));
|
||||
return 0;
|
||||
}
|
|
@ -1,65 +0,0 @@
|
|||
.Dd October 25, 2001
|
||||
.Dt KUVERT_MTA_WRAPPER 1
|
||||
.Os Unix
|
||||
.Sh NAME
|
||||
kuvert-mta-wrapper \- wrapper around your MTA for mail submission to
|
||||
.Xr kuvert 1
|
||||
.Sh SYNOPSIS
|
||||
.Nm kuvert-mta-wrapper
|
||||
.Op Fl options
|
||||
.Op Ar args
|
||||
.Sh DESCRIPTION
|
||||
.Nm kuvert_mta_wrapper
|
||||
submits an email either directly to your MTA or
|
||||
enqueues it for
|
||||
.Xr kuvert 1
|
||||
for further processing.
|
||||
.Nm kuvert_mta_wrapper
|
||||
should be called by your MUA
|
||||
instead of your usual MTA in order to enable kuvert to intercept and
|
||||
process the outgoing mails. Please see your MUA's documentation about
|
||||
how to override the MTA to be used.
|
||||
.Pp
|
||||
The decision whether queueing or calling the MTA directly is based on
|
||||
the following factors:
|
||||
.Bl -enum
|
||||
.It
|
||||
If there are options given other than
|
||||
.Fl "bm",
|
||||
.Fl "f",
|
||||
.Fl "i",
|
||||
.Fl "t",
|
||||
.Fl "v",
|
||||
.Fl "oi",
|
||||
.Fl "od",
|
||||
.Fl "oe",
|
||||
the standard MTA
|
||||
.Pa /usr/lib/sendmail
|
||||
is executed with the options and arguments given. The result code in this case
|
||||
is the one the MTA returns.
|
||||
.It
|
||||
If there is a configuration file
|
||||
.Pa ~/.kuvert
|
||||
(See
|
||||
.Xr kuvert "1" for possible configuration directives) the mail is queued for
|
||||
.Xr kuvert "1". The options and arguments are ignored.
|
||||
If there are problems, an error message is sent to syslog and -1 is returned.
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag
|
||||
.It Pa ~/.kuvert
|
||||
configuration file for
|
||||
.Xr kuvert "1" and
|
||||
.Xr kuvert_mta_wrapper "1".
|
||||
.It Pa ~/.kuvert_queue
|
||||
the default queue directory for
|
||||
.Xr kuvert "1" if the configuration file does not specify an alternative.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr kuvert 1
|
||||
.Sh AUTHORS
|
||||
.An Alexander Zangerl <az@snafu.priv.at>
|
||||
.Sh BUGS
|
||||
The list of allowed options and the MTA for fallback are set at compile time.
|
||||
.Nm kuvert_mta_wrapper
|
||||
does log only to syslog at the moment.
|
|
@ -1,5 +1,4 @@
|
|||
/*
|
||||
* $Id: kuvert_submit.c,v 2.0 2008/06/01 05:15:35 az Exp az $
|
||||
*
|
||||
* this file is part of kuvert, a wrapper around your mta that
|
||||
* does pgp/gpg signing/signing+encrypting transparently, based
|
||||
|
|
|
@ -0,0 +1,184 @@
|
|||
package Net::Server::Mail::ESMTP::plainAUTH;
|
||||
use strict;
|
||||
use base qw(Net::Server::Mail::ESMTP::Extension);
|
||||
use MIME::Base64;
|
||||
|
||||
use vars qw( $VERSION );
|
||||
$VERSION = '1.0';
|
||||
|
||||
# the following are required by nsme::extension
|
||||
# but not documented :(
|
||||
sub init
|
||||
{
|
||||
my ($self,$parent)=@_;
|
||||
$self->{AUTH}=();
|
||||
return $self;
|
||||
}
|
||||
|
||||
# the smtp operations we add
|
||||
sub verb
|
||||
{
|
||||
return ( [ 'AUTH' => \&handle_auth, ],);
|
||||
}
|
||||
|
||||
# what to add to the esmtp capabilities response
|
||||
sub keyword
|
||||
{
|
||||
return 'AUTH LOGIN PLAIN';
|
||||
}
|
||||
|
||||
# what options to allow for mail from: auth
|
||||
sub option
|
||||
{
|
||||
return (['MAIL', 'AUTH' => sub { return; }]);
|
||||
}
|
||||
|
||||
# and the actual auth handler
|
||||
sub handle_auth
|
||||
{
|
||||
my ($self,$args)=@_;
|
||||
my ($method,$param);
|
||||
$args=~/^(LOGIN|PLAIN)\s*(.*)$/ && (($method,$param)=($1,$2));
|
||||
|
||||
if ($self->{AUTH}->{active})
|
||||
{
|
||||
delete $self->{AUTH}->{active};
|
||||
$self->reply(535, "Authentication phases mixed up.");
|
||||
return undef; # if rv given, server shuts conn!
|
||||
}
|
||||
elsif ($self->{AUTH}->{completed})
|
||||
{
|
||||
$self->reply(504,"Already authenticated.");
|
||||
return undef;
|
||||
}
|
||||
elsif (!$method)
|
||||
{
|
||||
$self->reply(501,"Unknown authentication method.");
|
||||
return undef;
|
||||
}
|
||||
|
||||
$self->{AUTH}->{active}=$method;
|
||||
|
||||
if ($param eq '*')
|
||||
{
|
||||
delete $self->{AUTH}->{active};
|
||||
$self->reply(501, "Authentication cancelled.");
|
||||
return undef;
|
||||
}
|
||||
|
||||
if ($method eq 'PLAIN')
|
||||
{
|
||||
if ($param) # plain: immediate with args
|
||||
{
|
||||
my (undef,$user,$pwd)=split(/\0/,decode_base64($param),3);
|
||||
if (!$user)
|
||||
{
|
||||
delete $self->{AUTH}->{active};
|
||||
$self->reply(535, "5.7.8 Authentication failed.");
|
||||
return undef;
|
||||
}
|
||||
return run_callback($self,$user,$pwd);
|
||||
}
|
||||
else # plain: or empty challenge and then response
|
||||
{
|
||||
$self->reply(334," ");
|
||||
# undocumented but crucial: direct stuff to this method
|
||||
$self->next_input_to(\&process_response);
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
elsif ($method eq 'LOGIN')
|
||||
{
|
||||
# login is always two challenges
|
||||
$self->reply(334, "VXNlcm5hbWU6"); # username
|
||||
$self->next_input_to(\&process_response);
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
|
||||
# runs user-supplied callback on username and password
|
||||
# responds success if callback succeeds
|
||||
# sets complete if ok, clears active either way
|
||||
sub run_callback
|
||||
{
|
||||
my ($self,$user,$pass)=@_;
|
||||
my $ok;
|
||||
|
||||
my $ref=$self->{callback}->{AUTH};
|
||||
if (ref $ref eq 'ARRAY' && ref $ref->[0] eq 'CODE')
|
||||
{
|
||||
my $c=$ref->[0];
|
||||
$ok=&$c($self,$user,$pass);
|
||||
}
|
||||
if ($ok)
|
||||
{
|
||||
$self->reply(235, "Authentication successful");
|
||||
$self->{AUTH}->{completed}=1;
|
||||
}
|
||||
else
|
||||
{
|
||||
$self->reply(535,"Authentication failed.");
|
||||
}
|
||||
delete $self->{AUTH}->{active};
|
||||
return undef;
|
||||
}
|
||||
|
||||
# deals with any response, based on active method
|
||||
sub process_response
|
||||
{
|
||||
my ($self,$args)=@_;
|
||||
|
||||
if (!$self->{AUTH}->{active} || $self->{AUTH}->{completed})
|
||||
{
|
||||
delete $self->{AUTH}->{active};
|
||||
$self->reply(535, "Authentication phases mixed up.");
|
||||
return undef;
|
||||
}
|
||||
if (!$args)
|
||||
{
|
||||
delete $self->{AUTH}->{active};
|
||||
$self->reply(535, "5.7.8 Authentication failed.");
|
||||
return undef;
|
||||
}
|
||||
|
||||
if ($self->{AUTH}->{active} eq "PLAIN")
|
||||
{
|
||||
# plain is easy: only one response containing everything
|
||||
my (undef,$user,$pwd)=split(/\0/,decode_base64($args),3);
|
||||
if (!$user)
|
||||
{
|
||||
delete $self->{AUTH}->{active};
|
||||
$self->reply(535, "5.7.8 Authentication failed.");
|
||||
return undef;
|
||||
}
|
||||
return run_callback($self,$user,$pwd);
|
||||
}
|
||||
elsif ($self->{AUTH}->{active} eq "LOGIN")
|
||||
{
|
||||
# uglier: two challenges for username+password
|
||||
my ($input)=split(/\0/,decode_base64($args));
|
||||
|
||||
# is this the second time round?
|
||||
if ($self->{AUTH}->{user})
|
||||
{
|
||||
return run_callback($self,$self->{AUTH}->{user},$input);
|
||||
}
|
||||
else
|
||||
{
|
||||
# nope, first time: save username and challenge
|
||||
# for password
|
||||
$self->{AUTH}->{user}=$input;
|
||||
$self->reply(334, "UGFzc3dvcmQ6"); # password
|
||||
$self->next_input_to(\&process_response);
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
delete $self->{AUTH}->{active};
|
||||
$self->reply(535, "Authentication mixed up.");
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
|
||||
1;
|
Loading…
Reference in New Issue