letoams / openpgpkey-milter Goto Github PK

I just managed to get this to work, after changing RRtype to 61 and removing base64 decoding of the keys.

My question, is this considered to be experimental only and forever, or will there be an update that can deal with multipart messages (especially, pgp signed messages delivered from an email client) and maybe dlv (I still need to use dlv.isc.org trust anchor...)?

I understand that real end-to-end encryption requires client side encryption, but I think this milter is interesting if the mail server is trusted (e.g. for companies).

Hi
I wondor of a simple configuration may be possible, two options come to mind

• a list of domains or recipients to skip encryption for (so I can prevent the encryption of all local system mails to me) and
• a flag to enforce / not enforce DNSSEC for the dns entry

Would that be possible?

Besides that, it works great. I love it.

Hi,

First I want to say that I am by no means a packaging expert and just created my own Debian package by running debuild -us -uc inside the debian subdirectory of this repository. I installed the resulting package on my Raspbian installation and I noticed it was already running on localhost:8890, but after configuring postfix to use this inet socket (before DKIM) I noticed that only PGP signed or encrypted mails were passed, as indicated by the added X-openpgpkey: Message passed unmodified headers to my mails.

Plain messages were not encrypted and resulted in errors in my /var/log/mail.log:
Jul 9 15:51:55 heimdallur postfix/cleanup[11837]: D5AB81F37A: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 4.3.0 pymilter: untrapped exception in pythonfilter; from=<[email protected]> to=<[email protected]>

After inspection I noticed that openpgpkey-milter was missing the python-setproctitle dependency and was also missing its /var/spool/openpgpkey-milter spool directory. After I installed the dependency and created its spool directory mails were finally encrypted properly as shown below.
Jul 9 16:04:33 heimdallur openpgpkey-milter: Received DNSSEC secured OPENPGPKEY for [email protected]: Key-ID:394C398C531EFAB0 Fingerprint:2A9DF1D597A0539033C9B3EB394C398C531EFAB0 Jul 9 16:04:33 heimdallur openpgpkey-milter: Will encrypt message to fingerprints:2A9DF1D597A0539033C9B3EB394C398C531EFAB0

Could the dependency be added to the debian/control file, and the /var/spool/openpgpkey-milter be created after installation? That would really help. :-)

Would be nice if this tool supports WKD.
It is not always possible to set an OPENPGPKEY DNS record, and WKD is at least in my opinion much more easier to deploy.

https://wiki.gnupg.org/WKD
https://wiki.gnupg.org/WKDHosting

If you receive a S/MIME encryptet message (SMIMEA) no PGP encryption should be used. I added the following lines after the "# ### TODO ADD SUPPORT FOR MIME / ATTACHMENTS ####" block

        # Protect against super-encryption
        if "application/octet-stream" in msg["Content-Type"] and \
            ".p7m" in msg["Content-Type"] or \
            "application/x-pkcs7-mime" in msg["Content-Type"] or \
            "application/pkcs7-mime" in msg["Content-Type"]:
            syslog('%s: Message already encrypted with S/MIME - letting it ')
            return Milter.CONTINUE

In my case it works and I can combine openpgpkey-milter with smilla