From d2472e04d4bc46bcf131846661b509a753148309 Mon Sep 17 00:00:00 2001 From: luis Date: Thu, 1 Feb 2007 15:13:18 +0000 Subject: firma: REQUIRE_SIGNATURE e REPLAY_PROTECTION are now set/unset using 1/0, no longer yes/no README, GUIDELINES: Small fixes --- GUIDELINES | 6 +++--- README | 35 +++++++++++++++++------------------ firma | 38 +++++++++++++++++++------------------- 3 files changed, 39 insertions(+), 40 deletions(-) diff --git a/GUIDELINES b/GUIDELINES index 4c7e6f7..fa9568e 100755 --- a/GUIDELINES +++ b/GUIDELINES @@ -16,9 +16,9 @@ In the future this procedure will be automatic. - Put all new global variables in the GLOBAL_VARS variable. - - If you are using an unix command, check if its already - listed in the commands list. If it's not, please add it - at the bottom of this file. + - If you are using an unix command, check if it's already + listed in the commands list bellow. If it's not, please + add it. 2 - Variables usage ------------------- diff --git a/README b/README index e6d6a7d..a136347 100755 --- a/README +++ b/README @@ -129,17 +129,16 @@ Development Guidelines Setup ----- - Note for Debian users: you'll need the packages "metamail" and "expect" to - run firma. + Note for Debian users: you'll need the "expect" package to run firma. Firma installation is quite simple: 1 - Create a folder to store lists; by default firma use /usr/local/etc/lists but you can use anything, just edit firma and change FIRMA_LIST_PATH variable. - + 2 - Copy firma script to whatever you like, e.g. /usr/local/bin and check that - it has no write permission + it has no write permission 3 - Create a list-wide config file (default is /usr/local/etc/firma.conf) with the common definitions for all lists, @@ -150,7 +149,7 @@ Setup LISTS_DIR= path to the mailing lists directory All those variables can be overwritten at each list's own config file; - firma.conf should be chmoded as 600, chowned nobody.nobdy or whatever + firma.conf should be chmoded as 600, chowned nobody.nobody or whatever user your MTA runs. If you run postfix, the user is specified by the main.cf parameter "default_privs". @@ -167,17 +166,17 @@ Setup user per mailing list GROUP= group that runs firma (usually the same as your MTA group); - defaults to "nogroup"; you can also specify this parameter + defaults to "nobody"; you can also specify this parameter in each mailing list config file if you plan to have one group per mailing list - LOG_TO_SYSLOG= set to "1" to log errors and warnings to syslog, else firma + LOG_TO_SYSLOG= set to '1' to log errors and warnings to syslog, else firma will print errors to STDERR LOGGER_BINARY= if logging to syslog, set the path to logger's binary SYSLOG_PRIORITY= if logging to syslog, set a priority for the error messages - (defaults to "user.err") + (defaults to 'user.err') USE_GPG_HIDDEN_RECIPIENT_OPTION= set to '1' to use GnuPG's --hidden-recipient option, available from version 1.4.0 onwards @@ -230,9 +229,9 @@ Setup KEYSERVER= default keyserver to import/export keys (defaults to keyserver.noreply.org) - REQUIRE_SIGNATURE= wheter messages sent to the list should be (yes) or dont - need to be signed to be processed (no); defaults to yes; - this doesnt affect the way email administration works, + REQUIRE_SIGNATURE= whether messages sent to the list should be (1) or don't + need to be (0) signed to be processed; defaults to '1'; + this doesn't affect the way email administration works, when signature is mandatory For a list of all config parameters, type @@ -270,7 +269,7 @@ Setup unsubscribe all keys with email-address IDs (currently not implemented) - use email-address + use email-address uses the given address for message delivery instead of the primary address of a subscribed key @@ -293,13 +292,13 @@ Tips - Use ramdisk to FIRMA_LIST_PATH so all keys and passwords vanishes if the server friezes - Use a big PASSPHRASE, 25+ chars with alpha-numeric and special ascii keys -Design and features +Design and features (OUTDATED) ------------------- Firma is simple but its simplicity doesn't reflect in lack of design. - Uses a gpg keyring to store both the keys and the subscribers options - + - Command line is simple to avoid admin tasks resting in some .bash_history - Non-pgp blocks in a message are discarded since we don't want to deal with @@ -309,16 +308,16 @@ Design and features the message - Firma doesn't use any disk write when processing a message; no temp files - that may rest in the system; everything goes in memory (but take care, - sometimes it will use the swap and then is best to make it encrypted) + that may rest in the system; everything goes in memory (but take care, + sometimes it will use the swap and then is best to make it encrypted) - By default it doesn't archive messages in the server - By default it removes the Subject header and put it inside the encrypted message, as Subject are outside the PGP/MIME context - - Messages appear to be sent To: Undisclosed Recipients - + - Messages appear to be sent To: Undisclosed Recipients + Major features are: - Keyring support diff --git a/firma b/firma index 9f2705d..427eebd 100755 --- a/firma +++ b/firma @@ -188,17 +188,17 @@ WARNING: $LIST_NAME: Removing this address from LIST_ADMIN." done LIST_ADMIN="$valid_admins" - if [[ "$REQUIRE_SIGNATURE" != "yes" && "$REQUIRE_SIGNATURE" != "no" ]]; then - REQUIRE_SIGNATURE="yes" + if [[ "$REQUIRE_SIGNATURE" != "0" ]]; then + REQUIRE_SIGNATURE="1" fi if [[ -z "$LIST_REQUEST_ADDRESS" ]]; then LIST_REQUEST_ADDRESS="$(echo $LIST_ADDRESS | cut -d @ -f 1)-request@$(echo $LIST_ADDRESS | cut -d @ -f 2)" fi - if [[ "$REPLAY_PROTECTION" == "yes" ]]; then + if [[ "$REPLAY_PROTECTION" == "1" ]]; then if [[ -z "$REPLAY_COUNT" ]]; then - REPLAY_COUNT="10" + REPLAY_COUNT="150" fi if [[ -z "$REPLAY_FILE" ]]; then REPLAY_FILE="$REPLAY_DEFAULT_FILE" @@ -749,7 +749,7 @@ function ProcessMessage { # else, if the message was correctly encrypted but its signature is invalid, #+send a warning about this to the list administrator(s) and to sender - elif [[ "$ENCRYPTED_TO_LIST" == "1" && "$BAD_SIGNATURE" == "1" && "$REQUIRE_SIGNATURE" == "yes" ]]; then + elif [[ "$ENCRYPTED_TO_LIST" == "1" && "$BAD_SIGNATURE" == "1" && "$REQUIRE_SIGNATURE" == "1" ]]; then GetSenderAddress @@ -761,17 +761,17 @@ function ProcessMessage { else # if bounce processing is enabled, continue - if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != 1 ]]; then + if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != "1" ]]; then GetSenderAddress if [[ -n "$SENDER_ADDRESS" ]]; then # if the message was encrypted with the list's public key - if [[ $ENCRYPTED_TO_LIST == 1 ]]; then + if [[ $ENCRYPTED_TO_LIST == "1" ]]; then # then, if signature can't be checked, then probably the sender is not subscribed to the list # send a bounce, if possible - if [[ "$SIGNATURE_CHECKING_FAILED" == "1" && "$REQUIRE_SIGNATURE" == "yes" ]]; then + if [[ "$SIGNATURE_CHECKING_FAILED" == "1" && "$REQUIRE_SIGNATURE" == "1" ]]; then # this is the body of the message to be sent, so no indentation here MESSAGE_BODY="\ @@ -782,7 +782,7 @@ function ProcessMessage { # or, if message can be decrypted but its signature can't be checked, then message wasn't signed # send a bounce, if possible - elif [[ $MESSAGE_DECRYPTION_OKAY == 1 ]]; then + elif [[ $MESSAGE_DECRYPTION_OKAY == "1" ]]; then # this is the body of the message to be sent, so no indentation here MESSAGE_BODY="\ @@ -791,7 +791,7 @@ function ProcessMessage { questions." ComposeAndSendBounceMessage - elif [[ "$SIGNATURE_MADE_BY_SENDER" != "1" && "$REQUIRE_SIGNATURE" == "yes" ]]; then + elif [[ "$SIGNATURE_MADE_BY_SENDER" != "1" && "$REQUIRE_SIGNATURE" == "1" ]]; then # this is the body of the message to be sent, so no indentation here MESSAGE_BODY="\ @@ -1846,7 +1846,7 @@ function AllowMessageProcessing { local -i return_code=0 if [[ "$MODE" == "admin-non-interactive" ]]; then - REQUIRE_SIGNATURE="yes" + REQUIRE_SIGNATURE="1" fi if [[ "$ENCRYPTED_TO_LIST" == "1" ]]; then @@ -2099,8 +2099,8 @@ function SourceListConfig { keyserver="$(EvalConfigParameter $LIST_CONFIG_FILE KEYSERVER)" [[ -n "$keyserver" ]] && KEYSERVER="$keyserver" - [[ "$1" == "help" ]] && echo -e "\tREQUIRE_SIGNATURE= wheter messages sent to the list should be (yes) or dont -\t need to be signed to be processed (no); defaults to yes; + [[ "$1" == "help" ]] && echo -e "\tREQUIRE_SIGNATURE= whether messages sent to the list should be (1) or dont +\t need to be (0) signed to be processed; defaults to '1'; \t this doesnt affect the way email administration works, \t when signature is mandatory." || \ REQUIRE_SIGNATURE="$(EvalConfigParameter $LIST_CONFIG_FILE REQUIRE_SIGNATURE)" @@ -2115,7 +2115,7 @@ function SourceListConfig { \t all randomizing its delivery." || \ DELIVERY_RANDOMIZATION="$(EvalConfigParameter $LIST_CONFIG_FILE DELIVERY_RANDOMIZATION)" - [[ "$1" == "help" ]] && echo -e "\tREPLAY_PROTECTION= when set to \"yes\", stores sha1sums + [[ "$1" == "help" ]] && echo -e "\tREPLAY_PROTECTION= when set to '1', stores sha1sums \t of the last REPLAY_COUNT received messages; then, \t if some message with an already stored sha1sum, then \t its bounced back to the sender and considered as an attempt @@ -2123,12 +2123,12 @@ function SourceListConfig { REPLAY_PROTECTION="$(EvalConfigParameter $LIST_CONFIG_FILE REPLAY_PROTECTION)" [[ "$1" == "help" ]] && echo -e "\tREPLAY_COUNT= number of messages to store sha1sums; -\t defaults to 10 and only used when -\t REPLAY_PROTECTION is set to \"yes\"." || \ +\t defaults to 150 and only used when +\t REPLAY_PROTECTION is set to '1'." || \ REPLAY_COUNT="$(EvalConfigParameter $LIST_CONFIG_FILE REPLAY_COUNT)" [[ "$1" == "help" ]] && echo -e "\tREPLAY_FILE= file to store sha1sums of messages; -\t only used when REPLAY_PROTECTION is set to \"yes\"; +\t only used when REPLAY_PROTECTION is set to '1'; \t defaults to $REPLAY_DEFAULT_FILE." || \ REPLAY_FILE="$(EvalConfigParameter $LIST_CONFIG_FILE REPLAY_FILE)" } @@ -2200,7 +2200,7 @@ function ReplayProtectionFlush { # returns: 0 #------------------------------------------------------------- - if [[ "$REPLAY_PROTECTION" == "yes" ]]; then + if [[ "$REPLAY_PROTECTION" == "1" ]]; then if [[ -f "$REPLAY_FILE" ]]; then if [[ "$(wc -l $REPLAY_FILE | cut -d " " -f 1)" -gt "$REPLAY_COUNT" ]]; then sed -i -e '1d' $REPLAY_FILE @@ -2229,7 +2229,7 @@ function ReplayProtectionCheck { local sha1 - if [[ "$REPLAY_PROTECTION" == "yes" ]]; then + if [[ "$REPLAY_PROTECTION" == "1" ]]; then ReplayProtectionFlush sha1="$(echo $GPG_MESSAGE | sha1sum | cut -d " " -f 1)" if grep -q "^$sha1$" $REPLAY_FILE; then -- cgit v1.2.3