From 671a04034c6a436adb052a8e069a2d2b999afefc Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 13 Oct 2006 15:34:08 +0000 Subject: added message delivery randomization fix on config file evaluation admin request replies now come with LIST_REQUEST_ADDRESS instead of LIST_ADDRESS --- firma | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 83 insertions(+), 20 deletions(-) (limited to 'firma') diff --git a/firma b/firma index 1961de3..b6a6a09 100755 --- a/firma +++ b/firma @@ -123,16 +123,12 @@ WARNING: Setting LOG_TO_SYSLOG to '0'." fi fi - if ! grep -q -e "^USER=" $FIRMA_CONFIG_FILE; then + if [ -z "$FIRMA_USER" ]; then FIRMA_USER="nobody" - else - FIRMA_USER="`grep "^USER=" $FIRMA_CONFIG_FILE | sed -e 's/"//g' -e "s/'//g" | cut -d = -f 2`" fi - if ! grep -q -e "^GROUP=" $FIRMA_CONFIG_FILE; then + if [ -z "$FIRMA_GROUP" ]; then FIRMA_GROUP="nobody" - else - FIRMA_GROUP="`grep "^GROUP=" $FIRMA_CONFIG_FILE | sed -e 's/"//g' -e "s/'//g" | cut -d = -f 2`" fi if [ -z "$KEYSERVER" ]; then @@ -186,17 +182,15 @@ WARNING: $LIST_NAME: Removing this address from LIST_ADMIN." LIST_ADMIN="$valid_admins" fi - if grep -q -e "^USER=" $LIST_CONFIG_FILE; then - FIRMA_USER="`grep "^USER=" $LIST_CONFIG_FILE | sed -e 's/"//g' -e "s/'//g" | cut -d = -f 2`" + if [ "$REQUIRE_SIGNATURE" != "yes" ] || [ "$REQUIRE_SIGNATURE" != "no" ]; then + REQUIRE_SIGNATURE="yes" fi - if grep -q -e "^GROUP=" $LIST_CONFIG_FILE; then - FIRMA_GROUP="`grep "^GROUP=" $LIST_CONFIG_FILE | sed -e 's/"//g' -e "s/'//g" | cut -d = -f 2`" + if [ -z "$LIST_REQUEST_ADDRESS" ]; then + LIST_REQUEST_ADDRESS="`echo $LIST_ADDRESS | cut -d @ -f 1`-request@`echo $LIST_ADDRESS | cut -d @ -f 2`" fi - if [ "$REQUIRE_SIGNATURE" != "yes" ] || [ "$REQUIRE_SIGNATURE" != "no" ]; then - REQUIRE_SIGNATURE="yes" - fi + SetDeliveryRandomization return $return_code } @@ -597,6 +591,7 @@ function ReEncryptAndSendListMessage { ReplaceGpgMessage AssembleMessage + DeliveryRandomization # send message echo "$MESSAGE" | $MAIL_AGENT $MAIL_AGENT_ARGS $recipients @@ -612,6 +607,7 @@ function ReEncryptAndSendListMessage { ReplaceGpgMessage AssembleMessage + DeliveryRandomization # send message echo "$MESSAGE" | $MAIL_AGENT $MAIL_AGENT_ARGS $subscriber @@ -1826,9 +1822,9 @@ function MimeWrapMessage { # these are the headers of the message to be sent, so no indentation here MESSAGE_HEADERS="\ -From: $LIST_ADDRESS +From: $LIST_REQUEST_ADDRESS To: ${RECIPIENTS} -Reply-To: $LIST_ADDRESS +Reply-To: $LIST_REQUEST_ADDRESS Subject: ${SUBJECT_PREFIX}${SUBJECT} MIME-Version: 1.0 Content-Type: multipart/encrypted; @@ -1935,15 +1931,15 @@ function SourceFirmaConfig { \t defaults to "nobody"; you can also specify this parameter \t in each mailing list config file if you plan to have one \t user per mailing list" || \ - USER="`EvalConfigParameter $FIRMA_CONFIG_FILE USER`" + FIRMA_USER="`EvalConfigParameter $FIRMA_CONFIG_FILE USER`" [ "$1" == "help" ] && echo -e "\tGROUP= group that runs firma (usually the same as your MTA group); \t defaults to "nobody"; you can also specify this parameter \t in each mailing list config file if you plan to have one \t group per mailing list" || \ - GROUP="`EvalConfigParameter $FIRMA_CONFIG_FILE GROUP`" + FIRMA_GROUP="`EvalConfigParameter $FIRMA_CONFIG_FILE GROUP`" - [ "$1" == "help" ] && echo -e "LOG_TO_SYSLOG= set to "1" to log errors and warnings to syslog, else firma + [ "$1" == "help" ] && echo -e "\tLOG_TO_SYSLOG= set to "1" to log errors and warnings to syslog, else firma \t will print errors to STDERR" || \ LOG_TO_SYSLOG="`EvalConfigParameter $FIRMA_CONFIG_FILE LOG_TO_SYSLOG`" @@ -1980,17 +1976,37 @@ function SourceListConfig { # returns: 0 #------------------------------------------------------------- + local firma_user firma_group keyserver + [ "$1" == "help" ] && echo -e "\nMandatory list config parameters\n" [ "$1" == "help" ] && echo -e "\tLIST_ADDRESS= list's email address" || \ LIST_ADDRESS="`EvalConfigParameter $LIST_CONFIG_FILE LIST_ADDRESS`" + [ "$1" == "help" ] && echo -e "\tLIST_REQUEST_ADDRESS= list's email address for administrative +\t requests (defaults to listname-request@domain" || \ + LIST_REQUEST_ADDRESS="`EvalConfigParameter $LIST_CONFIG_FILE LIST_REQUEST_ADDRESS`" + [ "$1" == "help" ] && echo -e "\tLIST_ADMIN= list's administrators email addresses (space separated)" || \ LIST_ADMIN="`EvalConfigParameter $LIST_CONFIG_FILE LIST_ADMIN`" [ "$1" == "help" ] && echo -e "\tLIST_HOMEDIR= list's GnuPG homedir, where the list's keyrings are located" || \ LIST_HOMEDIR="`EvalConfigParameter $LIST_CONFIG_FILE LIST_HOMEDIR`" + [ "$1" == "help" ] && echo -e "\tUSER= user that runs firma (usually the same as your MTA user); +\t defaults to "nobody"; you can also specify this parameter +\t in each mailing list config file if you plan to have one +\t user per mailing list" || \ + firma_user="`EvalConfigParameter $FIRMA_CONFIG_FILE USER`" + [ ! -z "$firma_user" ] && FIRMA_USER="$firma_user" + + [ "$1" == "help" ] && echo -e "\tGROUP= group that runs firma (usually the same as your MTA group); +\t defaults to "nobody"; you can also specify this parameter +\t in each mailing list config file if you plan to have one +\t group per mailing list" || \ + firma_group="`EvalConfigParameter $FIRMA_CONFIG_FILE GROUP`" + [ ! -z "$firma_group" ] && FIRMA_GROUP="$firma_group" + [ "$1" == "help" ] && echo -e "\tPASSPHRASE= passphrase for the list's private keyring\n \tNOTE: The passphrase _has_ to be enclosed in single quotes and _cannot_ \tcontain any additional single quote as part of itself. It has to be at least @@ -2020,13 +2036,22 @@ function SourceListConfig { [ "$1" == "help" ] && echo -e "\tKEYSERVER= default keyserver to import/export keys \t (defaults to keyserver.noreply.org)" || \ - KEYSERVER="`EvalConfigParameter $LIST_CONFIG_FILE KEYSERVER`" + keyserver="`EvalConfigParameter $LIST_CONFIG_FILE KEYSERVER`" + [ ! -z "$keyserver" ] && KEYSERVER="$keyserver" [ "$1" == "help" ] && echo -e "\tREQUIRE_SIGNATURE= wheter messages sent to the list should be (yes) or dont \t need to be signed to be processed (no); defaults to yes; \t this doesnt affect the way email administration works, \t when signature is mandatory" || \ REQUIRE_SIGNATURE="`EvalConfigParameter $LIST_CONFIG_FILE REQUIRE_SIGNATURE`" + + [ "$1" == "help" ] && echo -e "\tDELIVERY_RANDOMIZATION= if non-zero, set a random delay between 0 and N seconds +\t between each messsage delivery; if you run firma with a TLS-enabled MTA and mostly of the +\t list messages are sent to others TLS-enabled MTAs, then this option will make harder to a +\t sniffer detect the traffic of you mailing list, specially if your MTA already sends a lot +\t of messages or if you're going to have a lot of encrypted mailing lists, all randomizing +\t its delivery." || \ + DELIVERY_RANDOMIZATION="`EvalConfigParameter $LIST_CONFIG_FILE DELIVERY_RANDOMIZATION`" } @@ -2049,6 +2074,42 @@ function ConfigHelp { SourceListConfig help } + +function SetDeliveryRandomization { + #------------------------------------------------------------- + # setup delivery randomization + # + # parameter(s): none + # depends on function(s): none + # returns: 0 + #------------------------------------------------------------- + + if [ "$DELIVERY_RANDOMIZATION" != "0" ] || [ ! -z "$DELIVERY_RANDOMIZATION" ]; then + # remove non-digits + DELIVERY_RANDOMIZATION="`echo $DELIVERY_RANDOMIZATION | sed -e 's/[^0-9]//g'`" + else + DELIVERY_RANDOMIZATION="0" + fi +} + +function DeliveryRandomization { + #------------------------------------------------------------- + # sleep according $DELIVERY_RANDOMIZATION + # + # parameter(s): none + # depends on function(s): none + # returns: 0 + #------------------------------------------------------------- + + local n + + if [ "$DELIVERY_RANDOMIZATION" != "0" ]; then + n="$RANDOM" + let "n %= $DELIVERY_RANDOMIZATION" + sleep $n + fi +} + #------------------------------------------------------------- # main() #------------------------------------------------------------- @@ -2132,7 +2193,9 @@ FUNCTIONS=" SourceFirmaConfig SourceListConfig ConfigHelp - AdminHelp" + AdminHelp + SetDeliveryRandomization + DeliveryRandomization" for VAR in $GLOBAL_VARS; do declare $VAR -- cgit v1.2.3