From 46f6145ac55ff06521b8537d31d2daf34e3e73ba Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Thu, 29 Oct 2020 19:26:56 +0100 Subject: [PATCH] remail: Allow optional transport based security Add an "encryption" option 'use_transport' which does not bother with encryption and just relies on transport security. For admins this makes sense as none of the admin messages is really confidential. This is also a valid option for a subscriber and makes some sense in scenarios where the mail provider manages the subscriber key (sic!) and does server side decryption. Think twice before using this. Requested-by: Konstantin Ryabitsev Signed-off-by: Thomas Gleixner Tested-by: Konstantin Ryabitsev Reviewed-by: Konstantin Ryabitsev --- .../examples/conf/lists/list1/list.yaml | 4 +++- .../examples/conf/lists/list2/list.yaml | 4 +++- Documentation/examples/conf/remail.yaml | 8 ++++++-- Documentation/man5/remail.config.rst | 16 ++++++++++++++++ remail/config.py | 14 ++++++++++---- remail/maillist.py | 17 +++++++++++------ 6 files changed, 49 insertions(+), 14 deletions(-) diff --git a/Documentation/examples/conf/lists/list1/list.yaml b/Documentation/examples/conf/lists/list1/list.yaml index f9c0907..68fd09d 100644 --- a/Documentation/examples/conf/lists/list1/list.yaml +++ b/Documentation/examples/conf/lists/list1/list.yaml @@ -10,7 +10,9 @@ subscribers: # name: Real name of the subscriber # enabled: Subscriber is enabled (if omitted defaults to False) # use_smime: True/False (Use S/MIME for encryption. If omitted defaults to False) - # fingerprint: GPG fingerprint (Not required when use_smime == True) + # use_transport: True/False (SMTP transport layer encryption only. If omitted defaults to False. + # Conflicts with use_smime == True) + # fingerprint: GPG fingerprint (Not required when use_smime == True or use_transport == True) # gpg_plain: Plain text inline GPG encryption (If omitted defaults to False) # aliases: List of alias addresses which are valid for posting (moderated list) # diff --git a/Documentation/examples/conf/lists/list2/list.yaml b/Documentation/examples/conf/lists/list2/list.yaml index ac15ae9..f782a24 100644 --- a/Documentation/examples/conf/lists/list2/list.yaml +++ b/Documentation/examples/conf/lists/list2/list.yaml @@ -10,7 +10,9 @@ subscribers: # name: Real name of the subscriber # enabled: Subscriber is enabled (if omitted defaults to False) # use_smime: True/False (Use S/MIME for encryption. If omitted defaults to False) - # fingerprint: GPG fingerprint (Not required when use_smime == True) + # use_transport: True/False (SMTP transport layer encryption only. If omitted defaults to False. + # Conflicts with use_smime == True) + # fingerprint: GPG fingerprint (Not required when use_smime == True or use_transport == True) # gpg_plain: Plain text inline GPG encryption (If omitted defaults to False) # aliases: List of alias addresses which are valid for posting (moderated list) # diff --git a/Documentation/examples/conf/remail.yaml b/Documentation/examples/conf/remail.yaml index 05abbc4..bee8cb6 100644 --- a/Documentation/examples/conf/remail.yaml +++ b/Documentation/examples/conf/remail.yaml @@ -61,7 +61,9 @@ lists: # name: Real name of the subscriber # enabled: Subscriber is enabled (if omitted defaults to False) # use_smime: True/False (Use S/MIME for encryption. If omitted defaults to False) - # fingerprint: GPG fingerprint (Not required when use_smime == True) + # use_transport: True/False (SMTP transport layer encryption only. If omitted defaults to False. + # Conflicts with use_smime == True) + # fingerprint: GPG fingerprint (Not required when use_smime == True or use_transport == True) # gpg_plain: Plain text inline GPG encryption (If omitted defaults to False) admin1@admin.domain: name: Admin one @@ -106,7 +108,9 @@ lists: # name: Real name of the subscriber # enabled: Subscriber is enabled (if omitted defaults to False) # use_smime: True/False (Use S/MIME for encryption. If omitted defaults to False) - # fingerprint: GPG fingerprint (Not required when use_smime == True) + # use_transport: True/False (SMTP transport layer encryption only. If omitted defaults to False. + # Conflicts with use_smime == True) + # fingerprint: GPG fingerprint (Not required when use_smime == True or use_transport == True) # gpg_plain: Plain text inline GPG encryption (If omitted defaults to False) admin2@admin2.domain: name: Admin2 diff --git a/Documentation/man5/remail.config.rst b/Documentation/man5/remail.config.rst index a7035b6..0c4d199 100644 --- a/Documentation/man5/remail.config.rst +++ b/Documentation/man5/remail.config.rst @@ -384,6 +384,7 @@ The list administrators section: fingerprint: 40CHARACTERFINGERPRINT enabled: True use_smime: False + use_transport: False gpg_plain: False admin2@other.domain: @@ -405,6 +406,21 @@ The list administrators section: Send S/MIME encrypted mail to the admin if True. Otherwise use PGP. Optional, defaults to False. + use_transport: + + Do not bother with encryption and send plain text messages, i.e. rely + on the SMTP transport layer encryption. None of the admin messages are + really confidential. + + This may also be a valid option for some subscribers, for example in + scenarios where the mail provider manages the subscriber key (sic!) + and does server side decryption anyway, or when mail is delivered to + an inbox stored on the same infrastructure as remail itself. + Not recommended for most cases. + + Optional, defaults to False. Note, this is mutually exclusive with + the 'use_smime' option. + gpg_plain: If False send mail in the application/pgp-encrypted format. If True diff --git a/remail/config.py b/remail/config.py index a01aa78..9201215 100644 --- a/remail/config.py +++ b/remail/config.py @@ -40,10 +40,11 @@ def show_attrs(obj, attrdict, indent): print('%*s%-40s: %s' %(indent, '', attr, getattr(obj, attr))) account_defaults = { - 'enabled' : False, - 'fingerprint' : None, - 'use_smime' : False, - 'gpg_plain' : False, + 'enabled' : False, + 'fingerprint' : None, + 'use_smime' : False, + 'use_transport' : False, + 'gpg_plain' : False, } class account_config(object): @@ -58,6 +59,11 @@ class account_config(object): self.name = get_mandatory('name', cfgdict, base) set_defaults(self, account_defaults, cfgdict) + # Valdiate transport options to be coherent + if self.use_smime and self.use_transport: + txt = 'use_smime and use_transport cannot both be set for %s' % addr + raise RemailListConfigException(txt) + # Get the optional aliases to allow sending from # different accounts when the list is moderated aliases = cfgdict.get('aliases') diff --git a/remail/maillist.py b/remail/maillist.py index 1df7c31..faf658e 100644 --- a/remail/maillist.py +++ b/remail/maillist.py @@ -71,12 +71,17 @@ class maillist(object): def encrypt(self, msg_plain, account): ''' - Encrypt plain text message for the account + Encrypt plain text message for the account or return the plain text + message when the account has the 'use_transport' option set. The + latter is used for delivery to admin accounts on the machine or the + protected network and for transport based security to mail providers + like gmail which manage the recipients S/MIME key and do server + side decryption anyway (shudder). ''' msg = msg_from_string(msg_plain.as_string()) if self.smime and account.use_smime: self.smime.encrypt(msg, account) - else: + elif not account.use_transport: self.gpg.encrypt(msg, account) return msg @@ -317,7 +322,7 @@ class maillist(object): continue if account.use_smime and self.smime: self.smime.check_cert(account) - else: + elif not account.use_transport: self.gpg.check_key(account) class maillist_checker(object): @@ -368,9 +373,9 @@ class maillist_checker(object): if not account.enabled: continue try: - if not account.use_smime: - gpg.check_key(account) - else: + if account.use_smime: smime.check_cert(account) + elif not account.use_transport: + gpg.check_key(account) except Exception as ex: self.logger.log(str(ex) + '\n')