From 8e6e7c2cc58bf8468159310cd824897e46ddfd83 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Mon, 2 Mar 2020 17:11:38 +0100 Subject: [PATCH] config: Introduce an enabled flag for S/MIME This allows setups where there is no S/MIME. In some scenarios using just GPG is fine and S/MIME might even be discouraged. Previously this required to provide a dummy S/MIME key just to make remail happy. With this new flag there is no need for that key if S/MIME is not required for the list. Signed-off-by: Andreas Rammhold Signed-off-by: Thomas Gleixner --- Documentation/examples/conf/remail.yaml | 2 ++ Documentation/man5/remail.config.rst | 5 +++++ remail/config.py | 1 + remail/maillist.py | 16 ++++++++++------ 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/Documentation/examples/conf/remail.yaml b/Documentation/examples/conf/remail.yaml index 4f9f094..05abbc4 100644 --- a/Documentation/examples/conf/remail.yaml +++ b/Documentation/examples/conf/remail.yaml @@ -13,6 +13,8 @@ use_smtp: True # S/MIME smime: + # Enable S/MIME + enabled: True # Verify CA certs. Only disable for troubleshooting verify: True diff --git a/Documentation/man5/remail.config.rst b/Documentation/man5/remail.config.rst index 43a3843..564ecf0 100644 --- a/Documentation/man5/remail.config.rst +++ b/Documentation/man5/remail.config.rst @@ -186,9 +186,14 @@ S/MIME options: .. code-block:: yaml smime: + enabled: True verify: True sign: True + enabled: + Enable S/MIME processing. If this option is set to False then no attempts + are made to process S/MIME mails or keys. + verify: When handling S/MIME encrypted mail then the validity of the senders key diff --git a/remail/config.py b/remail/config.py index d3ce5d5..f8400fe 100644 --- a/remail/config.py +++ b/remail/config.py @@ -189,6 +189,7 @@ class archive_config(object): print('%*s%-40s: %s' % (indent, '', 'plain_list', self.m_list)) smime_defaults = { + 'enabled' : True, 'verify' : True, 'sign' : True, } diff --git a/remail/maillist.py b/remail/maillist.py index 64fdfaf..9a95795 100644 --- a/remail/maillist.py +++ b/remail/maillist.py @@ -35,7 +35,9 @@ class maillist(object): self.enabled = listcfg.enabled self.use_smtp = use_smtp - self.smime = smime_crypt(self.config.smime, self.config.listaccount) + self.smime = None + if self.config.smime.enabled: + self.smime = smime_crypt(self.config.smime, self.config.listaccount) self.gpg = gpg_crypt(self.config.gpg, self.config.listaccount) self.tracking = account_tracking(self.config.tracking, logger) @@ -72,7 +74,7 @@ class maillist(object): Encrypt plain text message for the account ''' msg = msg_from_string(msg_plain.as_string()) - if account.use_smime: + if self.smime and account.use_smime: self.smime.encrypt(msg, account) else: self.gpg.encrypt(msg, account) @@ -143,7 +145,9 @@ class maillist(object): ''' msg_sanitize_incoming(msg) - msg_plain = self.smime.decrypt(msg) + msg_plain = None + if self.smime: + msg_plain = self.smime.decrypt(msg) if not msg_plain: msg_plain = self.gpg.decrypt(msg) return msg_plain @@ -303,10 +307,10 @@ class maillist(object): for account in self.config.subscribers.values(): if not account.enabled: continue - if not account.use_smime: - self.gpg.check_key(account) - else: + if account.use_smime and self.smime: self.smime.check_cert(account) + else: + self.gpg.check_key(account) class maillist_checker(object): '''