#!/bin/bash # # firma v0.2: simple encrypted mailing list aliases # feedback: rhatto@riseup.net luis@riseup.net | GPL # # list configuration is passed thru the config file, # where you put PARAMETER=value (whithout spaces) # # MAIL= path for mail program # GPG= path for gnupg binary # TMP= where you want the temp files # LISTNAME= list email # LISTADMIN= list administrator email addresses (space separated) # GPGDIR= gpg dir for the lists' keyring # PASSWD= passwd for the lists' keyring # eval the config file source $1 # declare GPG variables GPGCOMMAND="$GPG --quiet --homedir $GPGDIR --batch --no-tty --no-use-agent --no-permission-warning" GPGLIST="$GPGCOMMAND --list-keys" GPGDECRYPT="$GPGCOMMAND --passphrase-fd 0 --decrypt" GPGENCRYPT="$GPGCOMMAND --passphrase-fd 0 --always-trust --encrypt --sign --armor --recipient" # declare functions # discard $GPGDECRYPT STDOUT and get its STDERR instead, for signature checking function GPGSTDERR { echo "$PASSWD" | ($GPGDECRYPT --status-fd 2 $TMP.gpg 1> /dev/null) 2>&1 ; } # get list susbscriber addresses function SUBSCRIBERS { $GPGLIST | sed -n "/$LISTNAME/d;/pub/p" | grep -o '<.*>' | sed -e 's/[<>]//g' ; } # create the temporary files and restrict their permissions rm -f $TMP $TMP.gpg touch $TMP; chmod 600 $TMP; touch $TMP.gpg; chmod 600 $TMP.gpg; # todo: use an array while read STDIN; do echo $STDIN >> $TMP done # get the message headers # todo: find a better place for $FROMADD since its not part of the message headers FROM=$(grep -m 1 ^From: $TMP | cut -f 2 -d :) FROMADD=$(echo $FROMADD | if grep -q '<' ; then echo $FROMADD | grep -o '<.*>' | sed -e 's/[<>]//g' ; else echo $FROMADD ; fi) DATE=$(grep -m 1 ^Date: $TMP) SUBJECT=$(grep -m 1 ^Subject: $TMP | cut -f 2 -d :) # get the encrypted message sed -n '/-----BEGIN PGP MESSAGE-----/,/-----END PGP MESSAGE-----/p' $TMP >> $TMP.gpg # if signature is OK, encrypt and send it for each list subscriber # todo: declare a function to decrypt, re-encrypt and send the list messages if (GPGSTDERR | grep -q 'GOODSIG') ; then for EMAIL in $(SUBSCRIBERS); do echo "$PASSWD Message from: $FROM Subject: $SUBJECT $DATE $(GPGSTDERR | grep 'gpg: Signature made') $(GPGSTDERR | grep 'gpg: Good signature from') $(echo "$PASSWD" | $GPGDECRYPT $TMP.gpg 2> /dev/null)" | sed -e 's/=20$//' | $GPGENCRYPT $EMAIL | $MAIL -r $LISTNAME $EMAIL done # else, if signature is BAD, email it back to sender and to list admins elif (GPGSTDERR | grep -q 'BADSIG') ; then echo "$PASSWD Message from: $FROM Subject: [BAD SIGNATURE] $SUBJECT $DATE $(GPGSTDERR | grep 'gpg: Signature made') $(GPGSTDERR | grep 'gpg: BAD signature from') $(echo "$PASSWD" | $GPGDECRYPT $TMP.gpg 2> /dev/null)" | sed -e 's/=20$//' | $GPGENCRYPT $LISTADMIN $FROMADD | $MAIL -r $LISTNAME $LISTADMIN $FROMADD # else, probably either the message was not signed or the sender is not subscribed to the list # email the message back to sender including a note about this # todo: parse STDERR to find out why the signature couldn't be checked and send more specific errors back to sender else echo " Message from: $FROM Subject: [RETURNED MAIL] $SUBJECT $DATE [ It was not possible to process this message. Either or both the message was not encrypted and/or signed, or you are not subscribed to this list. Contact the list administrator if you have any questions. ] -- firma v0.2" | $MAIL -r $LISTNAME $FROMADD fi rm -f $TMP $TMP.gpg