From: Adam Jacob Muller (lists-postfixadam.gs)
Date: Thu Apr 12 2007 - 19:46:50 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Apr 12, 2007, at 8:41 AM, mouss wrote:

> Adam Jacob Muller wrote:
>> OK, got about 5000 requests for this, so here goes.
>>
>> http://adam.gs/encrypt/encrypt.tar.bz2
>>
>>
>> It's written in PHP ;)
>> you need a cli version of PHP with mcrypt support.
>>
>> You also need Net_SMTP pear libraries. (pear install Net_SMTP)
>>
>> Some generic configuration is included, it basically boils down to:
>> -o content_filter=encrypt
>> on submission service
>> establish a new service to accept mail back on smtp.
>> add encrypt service definition.
>> encrypt unix - n n - - pipe
>> flags= user=<user>:<group> argv=/path/to/encrypt.php $
>> {client_address} ${client_helo} ${sasl_method} ${sasl_username} $
>> {sender} ${recipient}
>>
>>
>> Suggestions are very welcome. I've tried pretty hard to make sure
>> this thing doesn't loose mail or even bounce it if fucks up, but
>> it's gotten very little testing, i've only used it personally. I
>> am mostly concerned about the header handling, i have *no* idea if
>> I did that right. though, it works for me (Apple Mail, windows
>> mobile mail, thunderbird, a few other MUAs as well)
>>
>
> It seems that
> - you remove all Received and X-Mailer headers
> - you add a new header that you build using envelope infos (but
> with only the first recipient)
>
> If this is true, then you lose the original headers. This may not
> be an issue for a "personal" MTA, but is an issue for general use.
>
> anyway, I am not concerned with hiding data:
> - I don't care if people see the X-Mailer.
> - I don't care if they see the private IPs. and if I did, then I
> could use an IP class reserved for email (machines would have IPs
> in two private classes, with one class being used solely for email.
> This way, disclosure would be limited to the email-specific IP class).
>
>
Removing X-Mailer was just a personal choice, that piece is easily
removed, I forgot it was in there or else I would have taken it out
really.

Only one recipient should ever be passed to the script:
$recipients=array_slice($_SERVER['argv'],6);
if (count($recipients)>1) {
         bailout("<transport>_destination_recipient_limit = 1
required");
}

The original header is in fact, basically lost, but I think the
result is a more easily parseable encrypted form of the header. Is
something missing?

Requiring destination_recipient_limit was a tactical choice, without
this, and including recipient information in the header, I could
theoretically be put in a position where I was encrypting many many
recipients, that has implications, i'm still on the fence here.

FWIW, bailout() returns EX_TEMPFAIL, to give you time to fix this and
retry (as it does on *ALL* errors, so no mail is lost :)

-Adam

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]