aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorluis <luis>2007-02-01 15:13:18 +0000
committerluis <luis>2007-02-01 15:13:18 +0000
commitd2472e04d4bc46bcf131846661b509a753148309 (patch)
tree10ca1312da62ee3ab0d44c193cb354728f34b883
parentd43ba48a63506b7ce1d71ee7a5b6dae795d3d67b (diff)
downloadfirma-d2472e04d4bc46bcf131846661b509a753148309.tar.gz
firma-d2472e04d4bc46bcf131846661b509a753148309.tar.bz2
firma: REQUIRE_SIGNATURE e REPLAY_PROTECTION are now set/unset using 1/0, no longer yes/no
README, GUIDELINES: Small fixes
-rwxr-xr-xGUIDELINES6
-rwxr-xr-xREADME35
-rwxr-xr-xfirma38
3 files changed, 39 insertions, 40 deletions
diff --git a/GUIDELINES b/GUIDELINES
index 4c7e6f7..fa9568e 100755
--- a/GUIDELINES
+++ b/GUIDELINES
@@ -16,9 +16,9 @@ In the future this procedure will be automatic.
- Put all new global variables in the GLOBAL_VARS variable.
- - If you are using an unix command, check if its already
- listed in the commands list. If it's not, please add it
- at the bottom of this file.
+ - If you are using an unix command, check if it's already
+ listed in the commands list bellow. If it's not, please
+ add it.
2 - Variables usage
-------------------
diff --git a/README b/README
index e6d6a7d..a136347 100755
--- a/README
+++ b/README
@@ -129,17 +129,16 @@ Development Guidelines
Setup
-----
- Note for Debian users: you'll need the packages "metamail" and "expect" to
- run firma.
+ Note for Debian users: you'll need the "expect" package to run firma.
Firma installation is quite simple:
1 - Create a folder to store lists; by default firma use /usr/local/etc/lists
but you can use anything, just edit firma and change FIRMA_LIST_PATH
variable.
-
+
2 - Copy firma script to whatever you like, e.g. /usr/local/bin and check that
- it has no write permission
+ it has no write permission
3 - Create a list-wide config file (default is /usr/local/etc/firma.conf) with
the common definitions for all lists,
@@ -150,7 +149,7 @@ Setup
LISTS_DIR= path to the mailing lists directory
All those variables can be overwritten at each list's own config file;
- firma.conf should be chmoded as 600, chowned nobody.nobdy or whatever
+ firma.conf should be chmoded as 600, chowned nobody.nobody or whatever
user your MTA runs. If you run postfix, the user is specified by the
main.cf parameter "default_privs".
@@ -167,17 +166,17 @@ Setup
user per mailing list
GROUP= group that runs firma (usually the same as your MTA group);
- defaults to "nogroup"; you can also specify this parameter
+ defaults to "nobody"; you can also specify this parameter
in each mailing list config file if you plan to have one
group per mailing list
- LOG_TO_SYSLOG= set to "1" to log errors and warnings to syslog, else firma
+ LOG_TO_SYSLOG= set to '1' to log errors and warnings to syslog, else firma
will print errors to STDERR
LOGGER_BINARY= if logging to syslog, set the path to logger's binary
SYSLOG_PRIORITY= if logging to syslog, set a priority for the error messages
- (defaults to "user.err")
+ (defaults to 'user.err')
USE_GPG_HIDDEN_RECIPIENT_OPTION= set to '1' to use GnuPG's --hidden-recipient
option, available from version 1.4.0 onwards
@@ -230,9 +229,9 @@ Setup
KEYSERVER= default keyserver to import/export keys
(defaults to keyserver.noreply.org)
- REQUIRE_SIGNATURE= wheter messages sent to the list should be (yes) or dont
- need to be signed to be processed (no); defaults to yes;
- this doesnt affect the way email administration works,
+ REQUIRE_SIGNATURE= whether messages sent to the list should be (1) or don't
+ need to be (0) signed to be processed; defaults to '1';
+ this doesn't affect the way email administration works,
when signature is mandatory
For a list of all config parameters, type
@@ -270,7 +269,7 @@ Setup
unsubscribe all keys with email-address IDs (currently not
implemented)
- use email-address
+ use email-address
uses the given address for message delivery instead
of the primary address of a subscribed key
@@ -293,13 +292,13 @@ Tips
- Use ramdisk to FIRMA_LIST_PATH so all keys and passwords vanishes if the server friezes
- Use a big PASSPHRASE, 25+ chars with alpha-numeric and special ascii keys
-Design and features
+Design and features (OUTDATED)
-------------------
Firma is simple but its simplicity doesn't reflect in lack of design.
- Uses a gpg keyring to store both the keys and the subscribers options
-
+
- Command line is simple to avoid admin tasks resting in some .bash_history
- Non-pgp blocks in a message are discarded since we don't want to deal with
@@ -309,16 +308,16 @@ Design and features
the message
- Firma doesn't use any disk write when processing a message; no temp files
- that may rest in the system; everything goes in memory (but take care,
- sometimes it will use the swap and then is best to make it encrypted)
+ that may rest in the system; everything goes in memory (but take care,
+ sometimes it will use the swap and then is best to make it encrypted)
- By default it doesn't archive messages in the server
- By default it removes the Subject header and put it inside the encrypted
message, as Subject are outside the PGP/MIME context
- - Messages appear to be sent To: Undisclosed Recipients
-
+ - Messages appear to be sent To: Undisclosed Recipients
+
Major features are:
- Keyring support
diff --git a/firma b/firma
index 9f2705d..427eebd 100755
--- a/firma
+++ b/firma
@@ -188,17 +188,17 @@ WARNING: $LIST_NAME: Removing this address from LIST_ADMIN."
done
LIST_ADMIN="$valid_admins"
- if [[ "$REQUIRE_SIGNATURE" != "yes" && "$REQUIRE_SIGNATURE" != "no" ]]; then
- REQUIRE_SIGNATURE="yes"
+ if [[ "$REQUIRE_SIGNATURE" != "0" ]]; then
+ REQUIRE_SIGNATURE="1"
fi
if [[ -z "$LIST_REQUEST_ADDRESS" ]]; then
LIST_REQUEST_ADDRESS="$(echo $LIST_ADDRESS | cut -d @ -f 1)-request@$(echo $LIST_ADDRESS | cut -d @ -f 2)"
fi
- if [[ "$REPLAY_PROTECTION" == "yes" ]]; then
+ if [[ "$REPLAY_PROTECTION" == "1" ]]; then
if [[ -z "$REPLAY_COUNT" ]]; then
- REPLAY_COUNT="10"
+ REPLAY_COUNT="150"
fi
if [[ -z "$REPLAY_FILE" ]]; then
REPLAY_FILE="$REPLAY_DEFAULT_FILE"
@@ -749,7 +749,7 @@ function ProcessMessage {
# else, if the message was correctly encrypted but its signature is invalid,
#+send a warning about this to the list administrator(s) and to sender
- elif [[ "$ENCRYPTED_TO_LIST" == "1" && "$BAD_SIGNATURE" == "1" && "$REQUIRE_SIGNATURE" == "yes" ]]; then
+ elif [[ "$ENCRYPTED_TO_LIST" == "1" && "$BAD_SIGNATURE" == "1" && "$REQUIRE_SIGNATURE" == "1" ]]; then
GetSenderAddress
@@ -761,17 +761,17 @@ function ProcessMessage {
else
# if bounce processing is enabled, continue
- if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != 1 ]]; then
+ if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != "1" ]]; then
GetSenderAddress
if [[ -n "$SENDER_ADDRESS" ]]; then
# if the message was encrypted with the list's public key
- if [[ $ENCRYPTED_TO_LIST == 1 ]]; then
+ if [[ $ENCRYPTED_TO_LIST == "1" ]]; then
# then, if signature can't be checked, then probably the sender is not subscribed to the list
# send a bounce, if possible
- if [[ "$SIGNATURE_CHECKING_FAILED" == "1" && "$REQUIRE_SIGNATURE" == "yes" ]]; then
+ if [[ "$SIGNATURE_CHECKING_FAILED" == "1" && "$REQUIRE_SIGNATURE" == "1" ]]; then
# this is the body of the message to be sent, so no indentation here
MESSAGE_BODY="\
@@ -782,7 +782,7 @@ function ProcessMessage {
# or, if message can be decrypted but its signature can't be checked, then message wasn't signed
# send a bounce, if possible
- elif [[ $MESSAGE_DECRYPTION_OKAY == 1 ]]; then
+ elif [[ $MESSAGE_DECRYPTION_OKAY == "1" ]]; then
# this is the body of the message to be sent, so no indentation here
MESSAGE_BODY="\
@@ -791,7 +791,7 @@ function ProcessMessage {
questions."
ComposeAndSendBounceMessage
- elif [[ "$SIGNATURE_MADE_BY_SENDER" != "1" && "$REQUIRE_SIGNATURE" == "yes" ]]; then
+ elif [[ "$SIGNATURE_MADE_BY_SENDER" != "1" && "$REQUIRE_SIGNATURE" == "1" ]]; then
# this is the body of the message to be sent, so no indentation here
MESSAGE_BODY="\
@@ -1846,7 +1846,7 @@ function AllowMessageProcessing {
local -i return_code=0
if [[ "$MODE" == "admin-non-interactive" ]]; then
- REQUIRE_SIGNATURE="yes"
+ REQUIRE_SIGNATURE="1"
fi
if [[ "$ENCRYPTED_TO_LIST" == "1" ]]; then
@@ -2099,8 +2099,8 @@ function SourceListConfig {
keyserver="$(EvalConfigParameter $LIST_CONFIG_FILE KEYSERVER)"
[[ -n "$keyserver" ]] && KEYSERVER="$keyserver"
- [[ "$1" == "help" ]] && echo -e "\tREQUIRE_SIGNATURE= wheter messages sent to the list should be (yes) or dont
-\t need to be signed to be processed (no); defaults to yes;
+ [[ "$1" == "help" ]] && echo -e "\tREQUIRE_SIGNATURE= whether messages sent to the list should be (1) or dont
+\t need to be (0) signed to be processed; defaults to '1';
\t this doesnt affect the way email administration works,
\t when signature is mandatory." || \
REQUIRE_SIGNATURE="$(EvalConfigParameter $LIST_CONFIG_FILE REQUIRE_SIGNATURE)"
@@ -2115,7 +2115,7 @@ function SourceListConfig {
\t all randomizing its delivery." || \
DELIVERY_RANDOMIZATION="$(EvalConfigParameter $LIST_CONFIG_FILE DELIVERY_RANDOMIZATION)"
- [[ "$1" == "help" ]] && echo -e "\tREPLAY_PROTECTION= when set to \"yes\", stores sha1sums
+ [[ "$1" == "help" ]] && echo -e "\tREPLAY_PROTECTION= when set to '1', stores sha1sums
\t of the last REPLAY_COUNT received messages; then,
\t if some message with an already stored sha1sum, then
\t its bounced back to the sender and considered as an attempt
@@ -2123,12 +2123,12 @@ function SourceListConfig {
REPLAY_PROTECTION="$(EvalConfigParameter $LIST_CONFIG_FILE REPLAY_PROTECTION)"
[[ "$1" == "help" ]] && echo -e "\tREPLAY_COUNT= number of messages to store sha1sums;
-\t defaults to 10 and only used when
-\t REPLAY_PROTECTION is set to \"yes\"." || \
+\t defaults to 150 and only used when
+\t REPLAY_PROTECTION is set to '1'." || \
REPLAY_COUNT="$(EvalConfigParameter $LIST_CONFIG_FILE REPLAY_COUNT)"
[[ "$1" == "help" ]] && echo -e "\tREPLAY_FILE= file to store sha1sums of messages;
-\t only used when REPLAY_PROTECTION is set to \"yes\";
+\t only used when REPLAY_PROTECTION is set to '1';
\t defaults to $REPLAY_DEFAULT_FILE." || \
REPLAY_FILE="$(EvalConfigParameter $LIST_CONFIG_FILE REPLAY_FILE)"
}
@@ -2200,7 +2200,7 @@ function ReplayProtectionFlush {
# returns: 0
#-------------------------------------------------------------
- if [[ "$REPLAY_PROTECTION" == "yes" ]]; then
+ if [[ "$REPLAY_PROTECTION" == "1" ]]; then
if [[ -f "$REPLAY_FILE" ]]; then
if [[ "$(wc -l $REPLAY_FILE | cut -d " " -f 1)" -gt "$REPLAY_COUNT" ]]; then
sed -i -e '1d' $REPLAY_FILE
@@ -2229,7 +2229,7 @@ function ReplayProtectionCheck {
local sha1
- if [[ "$REPLAY_PROTECTION" == "yes" ]]; then
+ if [[ "$REPLAY_PROTECTION" == "1" ]]; then
ReplayProtectionFlush
sha1="$(echo $GPG_MESSAGE | sha1sum | cut -d " " -f 1)"
if grep -q "^$sha1$" $REPLAY_FILE; then