Table of Contents

Secure remailer

Secure remailer
founder: ruza
depends on:
interested:
software license: -
hardware license: -

Motivation

We have an contact email where people can send sensitive info. We dont want to transfer such info unsecurely nor have stored anywhere where can be leaked later. This email addres is actually an alias whose membership is changing overtime. Only actual final recipients (ie brmlab council members) should be able to decrypt such email.

recipient changes GPG keys
contact email practically none brmlab GPG
actual recipients changes once a year or so bunch of final recipients keys

Solution

Sender encrypts an email against Brmlab public GPG key. Email is delivered to an brmlab SMTP server, reencrypted by GPG-remailer to an up-to-date list of recipients (that is changed more frequently than contact email) and resent to them. Only actual and specific members can decrypt such message with his/her own private key.

GPG for contact email has been generated: Brmlab GPG key

All email aliases that should be reencrypted are directed to one OS user:

/etc/aliases
confidential: secmail
join:           secmail

Per user delivery using procmail:

~secmail/.forward
|/usr/bin/procmail

Each email alias has an own configuration file for GPG-remailer.

~secmail/.gpg-remailer-secmail
logfile: remailer.log
loglevel: 0
debug: true
nomail: false 
replyto: <rada@brmlab.cz>
member: member01@somewhe.re
member: member02@elsewhe.re
member: member02@nowhe.re
clear-text: rejected       
signature:  absent
recipient: members

Corŕect configuration file is chosen by procmail parsing mechanism. Here we are also generating reject messages if messages seems to be not encrypted.

~secmail/.procmailrc
SHELL=/bin/sh
LOCKFILE=$HOME/.lockfile.lock
LOGFILE=$HOME/procmail.log
LOGABSTRACT=yes
UMASK=007
VERBOSE=yes
SUBJECT=`formail -x Subject:`
TO=`formail -x To: `
FROM=`formail -x From:`
 
# copy of all incoming emails for debugging purposes
:0c
{
        :0Bfw
        * !(-----(BEGIN|END) PGP MESSAGE-----)
        | formail -I "Subject: [unencrypted and not delivered to $TO]$SUBJECT"
 
        :0
        ! ruza@ruza.eu
}
 
# rejects all non-encrypted emails
:0B
        * !(-----(BEGIN|END) PGP MESSAGE-----)
        | ( formail -r -a "X-Brm: Rejected from $TO";\
        echo "This is an auto-generated reply.";\
        echo " ";\
        echo "Your e-mail";\
        echo "To: $TO";\
        echo "Subject:$SUBJECT ";\
        echo " ";\
        echo "was REJECTED and NOT DELIVERED because";\
        echo "this address accepts GnuPG ENCRYPTED emails only.";\
        echo " ";\
        echo "SEND your email AGAIN:";\
        echo " 1) encrypted by GPG/PGP (https://www.gnupg.org/) to $TO or";\
        echo " 2) unencrypted to unsecure@brmlab.cz";\
        echo " ";\
        echo "Or You can ask for help at rada@brmlab.cz";\
        echo ""; ) | /usr/sbin/sendmail -t -oi -f "$TO"
 
# gpg-remailer drops original From, so its added by this filter to Subject
:0 cfw
        | formail -I "Subject: [$FROM] $SUBJECT"
 
# re-encrypt email
:0
        * ^(To|Cc|Bcc):.*secmail@brmlab.cz.*
        | /usr/bin/gpg-remailer /var/lib/secmail/.gpg-remailer-secmail
 
:0
        * ^(To|Cc|Bcc):.*join@brmlab.cz.*
        | /usr/bin/gpg-remailer /var/lib/secmail/.gpg-remailer-secmail
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki