From 654bf9789e50a08805077604157c2bb06adb2fd9 Mon Sep 17 00:00:00 2001 From: rhatto Date: Mon, 8 Aug 2005 02:57:11 +0000 Subject: added more info --- README | 61 ++++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 36 insertions(+), 25 deletions(-) (limited to 'README') diff --git a/README b/README index 85c7d35..1ba80f4 100755 --- a/README +++ b/README @@ -66,13 +66,17 @@ Why Bash - Bash is found in almost all unix-like systems - Small dependencies: firma needs just tools like sed, awk, grep, cut and - gpg itself + gpg itself. Look at the file "GUIDELINES" to see a complete list of all + unix commands needed to run firma. - You can easily put all the tools, scripts and config files in a read-only media to protect againt cracks such as rootkits. - Keeping your encripted list manager out from a huge and sometimes bugged - mail software ... + mail software prevents insecure use of your mailing list by an excess of + unwanted functions and routines. + + - Firma has a total KISS design, and bash helps to keep it simple. Setup ----- @@ -80,47 +84,52 @@ Setup Firma installation is quite simple: 1 - create a folder to store lists; by default firma use /usr/local/etc/lists - but you can use anything, just edit firma and change FIRMA_LIST_PATH - variable. + but you can use anything, just edit firma and change FIRMA_LIST_PATH + variable. 2 - copy firma script to whatever you like, eg. /usr/local/bin and check that - it has no write permission + it has no write permission 3 - then create your lists with the command - firma -c your-list + firma -c your-list - this will ask some questions and create a gpg keyring and a config file - with the following variables: + this will ask some questions and create a gpg keyring and a config file + with the following variables: - MAIL= path for mail program (eg, /usr/bin/nail) - GPG= path for gnupg binary (eg, /usr/bin/gpg) - LISTNAME= list email (eg, firma@domain.tld) - LISTADMIN= list administrator email addresses (space separated) - GPGDIR= gpg dir for the lists' keyring - PASSWD= passwd for the lists' keyring + MAIL= path for sendmail or any smtp wrapper (eg, /usr/lib/sendmail) + MAIL_ARGS= command line arguments to the smtp wrapper + GPG= path for gnupg binary (eg, /usr/bin/gpg) + LISTNAME= list email (eg, firma@domain.tld) + LISTADMIN= list administrator email addresses (space separated) + GPGDIR= gpg dir for the lists' keyring + PASSWD= passwd for the lists' keyring - the owner of the config file and keyring is nobody.nobody and its - permissions are 600. + then a gpg keypair and a config file are created. the owner of the config + file and keyring should be nobody.nobody (or the user your MTA run as) and its + permissions must be 600. 4 - create an alias to the list at your MTA; on sendmail or postfix, - add this to your aliases file: + add this to your aliases file: - your-list: "| /usr/local/bin/firma -p your-list" - your-list-request: "| /usr/local/bin/firma -r your-list" + your-list: "| /usr/local/bin/firma -p your-list" + your-list-request: "| /usr/local/bin/firma -r your-list" - and then run the command + and then run the command - newaliases + newaliases 5 - to subscribe the users and the list admins on the list, use ... + 6 - send encrypted AND signed messages to your-list@yourmachine and look + what happens :) + Tips ---- - Use an encrypted swap memory - - Use a read-only media to store ... - - Use ramdisk to the ... + - Use a read-only media to store firma and its needed apps + - Use ramdisk to FIRMA_LIST_PATH so all keys and passwords vanishes if the server frozes - Use a big PASSWD, 25+ chars with alpha-numeric and special ascii keys Design and features @@ -145,10 +154,12 @@ Design and features - by default it doesn't archive messages in the server - by default it remove the Subject header and put it inside the encrypted - message, as Subject are outside the PGP/MIME context + message, as Subject are outside the PGP/MIME context + + - messages appear to be sent To: Undisclosed Recipients Major features are: - keyring support - - administration through email + - administration through email or command-line -- cgit v1.2.3