mirror of
https://kernel.googlesource.com/pub/scm/linux/kernel/git/tglx/remail.git
synced 2024-11-08 13:42:36 +01:00
60f6698e52
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
58 lines
1.9 KiB
ReStructuredText
58 lines
1.9 KiB
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
.. _remail_installation:
|
|
|
|
remail installation guide
|
|
=========================
|
|
|
|
General
|
|
-------
|
|
|
|
The recommended installation procedure is via the package management system
|
|
of your distribution. Manual installation is surely possible and the
|
|
various bits and pieces including their default or recommended locations on
|
|
the target are documented in the packaging files.
|
|
|
|
By default the daemon is disabled as it requires configuration.
|
|
|
|
|
|
Protecting the system
|
|
---------------------
|
|
|
|
Run the list daemon on a machine which is not publicly accessible and
|
|
ensure that no untrusted users can access it. It can be run in a VM with
|
|
the sole purpose of running the encrypted mailing list. As the private keys
|
|
of the list are stored on that machine the setup requires deep
|
|
understanding of IT security. It's outside the scope of this documentation
|
|
to provide guidance on this.
|
|
|
|
|
|
Dependencies
|
|
------------
|
|
|
|
remail requires Python 3 and depends on the following python packages:
|
|
|
|
- python3-M2Crypto
|
|
- python3-gnupg
|
|
- python3-yaml
|
|
|
|
Note, that on Debian 10 python3-M2Crypto is not available, but can be
|
|
installed as a Debian package from the testing repository.
|
|
|
|
Further the systems needs to have:
|
|
|
|
- A mail transport agent which handles the transport of the mails to an
|
|
outgoing SMTP server.
|
|
|
|
- A mail retriever agent or some other mechanism which can fetch or
|
|
handle incoming mail and deliver it to remails maildir.
|
|
|
|
The initial deployment of the list daemon which was used to handle
|
|
development of mitigations for embargoed hardware security vulnerabilities
|
|
uses postfix and getmail, but that's only one of various possibilites.
|
|
|
|
As the choice of tools depends on the setup and the situation under which
|
|
the system is deployed, there is no documentation provided here. It's a
|
|
prerequisite that an administrator who wants to deploy remail is familiar
|
|
with these kind of tools.
|
|
|