91 lines
3.6 KiB

this is kuvert, a wrapper around sendmail or other MTAs that
does gpg signing/signing+encrypting transparently, based
on the content of your public keyring(s) and your preferences.
how it works:
you need to configure your MUA to submit mails to kuvert instead of
directly. you configure kuvert either to present an SMTP server to
your MUA, or you make your MUA to use kuvert_submit instead of executing
/usr/sbin/sendmail. kuvert_submit will spool the mail
in kuvert's queue iff there is a suitable configuration file.
kuvert is the tool that takes care of mangling the email. it reads the
queue periodically and handles emails in the queue: signing or encrypting
the mail, then handing it over to /usr/lib/sendmail or an external SMTP
server for transport.
(why a queue? because i thought it might be useful to make sure that none of
your emails leaves your system without kuvert handing it. you might be
very paranoid, and kill kuvert whenever you leave your box (and remove
the keyrings as well).)
on debian systems you simply install the kuvert package, construct
a suitable .kuvert configuration file and off you go.
an example config file is provided
at /usr/share/doc/kuvert/examples/dot-kuvert.
on other systems you need to do the following:
you need perl perl 5.004+, gpg and a raft of perl modules:
MIME::Parser, Mail::Address, Net::SMTPS, Sys::Hostname, Net::Server::Mail,
Authen::SASL, IO::Socket::INET, Filehandle, File::Slurp, File::Temp, Fcntl
and Time::HiRes.
some of those are part of a standard perl intall, others you'll have to
get from your nearest CPAN archive and install.
optional: get linux-kernel keyutils package, the gpg-agent or some
other passphrase cache of your choice.
run make, make install DESTDIR=/ as root
-> kuvert, kuvert_submit, the manpages and one helper module
will be installed in /usr/bin, /usr/share/man/man1 and
/usr/share/perl5/Net/Server/Mail/ESMTP/, respectively.
read the manpages for kuvert(1) and kuvert_submit(1) and
consult the example config file "dot-kuvert". you will need
to create your own config file as ~/.kuvert. sorry, no autoconfig here:
this step is too crucial for a mere robot to perform.
then start kuvert and inject a testmail, look at the logs to check
if everything works correctly.
(historical note: kuvert came into existence in 1996 as pgpmail and
was used only privately until 99, when it was extended and renamed
to guard. some of my friends started using this software, and in
2001 it was finally re-christened kuvert, extended even further
and debianized. in 2008 it received a major overhaul to also provide
inbound smtp as submission mechanism, outbound smtp transport and better
controllability via email addresses. until 2008 kuvert supported pgp2.x.)
please report bugs to me, Alexander Zangerl, <az@snafu.priv.at>.
The original source can always be found at:
Copyright (C) 1999-2013 Alexander Zangerl
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.
You should have received a copy of the GNU General Public License with
the Debian GNU/Linux distribution in file /usr/share/common-licenses/GPL;
if not, write to the Free Software Foundation, Inc., 59 Temple Place,
Suite 330, Boston, MA 02111-1307 USA