Tips & Tricks: PGP for ezmlm
Protect ezmlm maillist by PGP signed messages.
This script use mutt 1.4 for processing PGP-signed emails. It accept only emails signed by known to ezmlm-pgp key. It sign accepted emails by own key and continue delivery with ezmlm. Features:
- Accept email only if it signed by known keys.
- If message signed and encrypted ezmlm-pgp will decrypt this message.
- Signature accepted both in PGP/MIME and PLAIN format.
- Encrypted messages accepted only in PGP/MIME format.
- If signature absent/unknown/incorrect - reject email.
- Attach sign check result to message.
- Sign message by maillist's own key.
- Continue delivery with ezmlm.
Installation procedure:
root:~# cd /var/qmail/alias/
root:~# cp /PATH/TO/ezmlm-pgp /PATH/TO/.muttrc-ezmlm ./
root:~# chown alias.nofiles /dev/vc/60 # mutt need this fake console
root:~# ezmlm-make ......................... # setup your maillist
root:~# mkdir .gnupg-mymaillist
root:~# gnupg --homedir .gnupg-mymaillist --gen-key
root:~# cat /var/qmail/alias/.qmail-mymaillist # add first line to this file
|/var/qmail/alias/ezmlm-pgp mymaillist@myhost.com PGPPASS /var/qmail/alias/.gnupg-mymaillist/
|/usr/bin/ezmlm-reject
|/usr/bin/ezmlm-send '/var/ezmlm/mymaillist'
|/usr/bin/ezmlm-warn '/var/ezmlm/mymaillist' || exit 0
When you subscribe user allowed to post you should:
gpg --homedir /var/qmail/alias/.gnupg-mymaillist/ --import HIS.KEY
Download ezmlm-pgp, .muttrc-ezmlm.