blob: 5cf85d2995241415b27b591234a4cff3f2fd7c00 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
#!/bin/bash
#
# firma v0.2: simple encrypted mailing list aliases
# feedback: rhatto@riseup.net luis@riseup.net | GPL
#
# list configuration is passed thru the config file,
# where you put PARAMETER=value (whithout spaces)
#
# MAIL= path for mail program
# GPG= path for gnupg binary
# TMP= where you want the temp files
# LISTNAME= list email
# LISTADMIN= list administrator email addresses (space separated)
# GPGDIR= gpg dir for the lists' keyring
# PASSWD= passwd for the lists' keyring
# eval the config file
source $1
# declare GPG variables
GPGCOMMAND="$GPG --quiet --homedir $GPGDIR --batch --no-tty --no-use-agent --no-permission-warning"
GPGLIST="$GPGCOMMAND --list-keys"
GPGDECRYPT="$GPGCOMMAND --passphrase-fd 0 --decrypt"
GPGENCRYPT="$GPGCOMMAND --passphrase-fd 0 --always-trust --encrypt --sign --armor --recipient"
# declare functions
# discard $GPGDECRYPT STDOUT and get its STDERR instead, for signature checking
function GPGSTDERR {
echo "$PASSWD" | ($GPGDECRYPT --status-fd 2 $TMP.gpg 1> /dev/null) 2>&1 ;
}
# get list susbscriber addresses
function SUBSCRIBERS {
$GPGLIST | sed -n "/$LISTNAME/d;/pub/p" | grep -o '<.*>' | sed -e 's/[<>]//g' ;
}
# create the temporary files and restrict their permissions
rm -f $TMP $TMP.gpg
touch $TMP; chmod 600 $TMP;
touch $TMP.gpg; chmod 600 $TMP.gpg;
# todo: use an array
while read STDIN; do
echo $STDIN >> $TMP
done
# get the message headers
# todo: find a better place for $FROMADD since its not part of the message headers
FROM=$(grep -m 1 ^From: $TMP | cut -f 2 -d :)
FROMADD=$(echo $FROMADD | if grep -q '<' ; then echo $FROMADD | grep -o '<.*>' | sed -e 's/[<>]//g' ; else echo $FROMADD ; fi)
DATE=$(grep -m 1 ^Date: $TMP)
SUBJECT=$(grep -m 1 ^Subject: $TMP | cut -f 2 -d :)
# get the encrypted message
sed -n '/-----BEGIN PGP MESSAGE-----/,/-----END PGP MESSAGE-----/p' $TMP >> $TMP.gpg
# if signature is OK, encrypt and send it for each list subscriber
# todo: declare a function to decrypt, re-encrypt and send the list messages
if (GPGSTDERR | grep -q 'GOODSIG') ; then
for EMAIL in $(SUBSCRIBERS); do
echo "$PASSWD
Message from: $FROM
Subject: $SUBJECT
$DATE
$(GPGSTDERR | grep 'gpg: Signature made')
$(GPGSTDERR | grep 'gpg: Good signature from')
$(echo "$PASSWD" | $GPGDECRYPT $TMP.gpg 2> /dev/null)" | sed -e 's/=20$//' | $GPGENCRYPT $EMAIL | $MAIL -r $LISTNAME $EMAIL
done
# else, if signature is BAD, email it back to sender and to list admins
elif (GPGSTDERR | grep -q 'BADSIG') ; then
echo "$PASSWD
Message from: $FROM
Subject: [BAD SIGNATURE] $SUBJECT
$DATE
$(GPGSTDERR | grep 'gpg: Signature made')
$(GPGSTDERR | grep 'gpg: BAD signature from')
$(echo "$PASSWD" | $GPGDECRYPT $TMP.gpg 2> /dev/null)" | sed -e 's/=20$//' | $GPGENCRYPT $LISTADMIN $FROMADD | $MAIL -r $LISTNAME $LISTADMIN $FROMADD
# else, probably either the message was not signed or the sender is not subscribed to the list
# email the message back to sender including a note about this
# todo: parse STDERR to find out why the signature couldn't be checked and send more specific errors back to sender
else
echo "
Message from: $FROM
Subject: [RETURNED MAIL] $SUBJECT
$DATE
[ It was not possible to process this message. Either or both
the message was not encrypted and/or signed, or you are not
subscribed to this list. Contact the list administrator if
you have any questions. ]
--
firma v0.2" | $MAIL -r $LISTNAME $FROMADD
fi
rm -f $TMP $TMP.gpg
|
