Konstantin reported that outgoing mail from a mailing list is signed with
the default private key found in the private keyring.
That's caused by just handing boolen True into the 'sign' argument of
gpg_encrypt() while the documentation clearly says:
sign (defaults to None)
Either the Boolean value True, or the fingerprint of a key which is
used to sign the encrypted data. If True is specified, the default key
is used for signing. When not specified, the data is not signed.
Hand the list account fingerprint in if signing is enabled in the
configuration.
Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Reviewed-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
This removes the (undocumented) dependency on PyYAML and just uses
ruamel.yaml that is already a dependency.
Signed-off-by: Andreas Rammhold <andreas@rammhold.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Per-list config dictionaries were always instantiated with default gpg
configuration because global gpg/smime settings were being ignored. This
change makes sure that smime and gpg options set on the global level are
inherited by list-specific configurations.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
According to RFC2919, List-Id header should be in the form of a hostname
value enclosed inside angle brackets. This change does two things:
1. Fixes the default to be the list address with "@" replaced by a "."
2. Allows setting custom list-id values inside remail.yaml
3. Documents the "listid" optional setting in the manpage
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://tools.ietf.org/html/rfc2919
Store the frozen mails in maildir.frozen/new and not in the base
directory. Move the log message to the actual frozen handling function and
provide the correct file pathes in the log.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
The Outlook GPG plugin works in interesting two variants:
1) msg.asc or msc.gpg provided as a plain attachement
without PGP envelope
2) GpgOL_MIME_structure.txt contains a fully enveloped
PGP payload with the proper headers.
Of course everything can be base64 encoded and the number of payload
sections is variable as well.
Implement the handling for #2 so it can coexist with the existing
workaround for #1.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Remove CR/LF leftovers which might be in incoming headers before setting
them. Happens when handling the weird GPG Outlook attachments.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
We want to be able to support ECC subkeys, which limits us to gnupg
versions 2.2 and above. CentOS-7 ships with gnupg-2.0, which cannot be
easily upgraded to 2.2 due to a slew of potential problems, so we
install the newer version into /opt/gnupg22 and must call it as
/opt/gnupg22/bin/gpg.
Allow specifying gpg binary path to use instead of the default "gpg" in
$PATH.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Add a handle pipe function to the remailer and a pipe script for handling
mail in a MTA delivery path.
Requested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>