infertux / zeyple Goto Github PK

View Code? Open in Web Editor NEW

142.0 20.0 29.0 179 KB

Postfix filter/hook to automatically encrypt outgoing emails with PGP/GPG

Home Page: https://infertux.com/labs/zeyple/

License: Other

Python 86.24% Shell 13.76%

gpg pgp python postfix privacy encryption email

zeyple's Introduction

ZEYPLE: Zeyple Encrypts Your Precious Log Emails

Zeyple automatically encrypts outgoing emails with GPG:

It catches emails from your Postfix queue
Then encrypts them if it's got the recipient's GPG public key
Finally it puts them back into the queue

     unencrypted email   ||   encrypted email
sender --> Postfix --> Zeyple --> Postfix --> recipient(s)

Why should I care? If you are a sysadmin who receives emails from various monitoring tools like Logwatch, Monit, Fail2ban, Smartd, Cron, whatever - it goes without saying that those emails contain lots of information about your servers. Information that may be intercepted by some malicious hacker sniffing SMTP traffic, your email provider, <insert your (paranoid) reason here>... Why would you take that risk - encrypt them all!

Install & upgrade

See INSTALL.md & UPGRADE.md.

Disable/enable Zeyple

Just comment/uncomment the line content_filter = zeyple in your /etc/postfix/main.cf then postfix reload.

Key management

List of keys: sudo -u zeyple gpg --homedir /var/lib/zeyple/keys --list-keys
Update imported keys: sudo -u zeyple gpg --homedir /var/lib/zeyple/keys --keyserver hkp://keys.gnupg.net --refresh-keys
Import a new key: sudo -u zeyple gpg --homedir /var/lib/zeyple/keys --keyserver hkp://keys.gnupg.net --search [email protected]

Integration with other MTAs

Although tested only with Postfix, Zeyple should integrate nicely with any MTA which provides a filter/hook mechanism. Please let me know if you experiment with this.

Docker

A Docker image is available for development purposes.

Vagrant

A fully-setup test-environment is available to easily test your modifications. Vagrant and a compatible virtualization environment (VirtualBox for example) are required. Visit zeyple-vagrant for download and more information.

Contributing

See CONTRIBUTING.md.

Kudos

Many thanks to Harry Knitter for his feedback to help make Zeyple more robust.

Blog posts & articles

License

AGPLv3+

zeyple's People

Contributors

Stargazers

Watchers

zeyple's Issues

ordinal not in range(128)

Today one send forwarded me a bounce message from generated from zeple.
For the moment I don't have the original message send to zeyple to track the issue down.
The error reported is:

Command died with status 1: "/usr/local/bin/zeyple.py".
Command output: Traceback (most recent call last):
File "/usr/local/bin/zeyple.py", line 386, in zeyple.process_message(message, recipients) File "/usr/local/bin/zeyple.py", line 198, in process_message out_message = self._encrypt_message(in_message, key_id)
File "/usr/local/bin/zeyple.py", line 255, in _encrypt_message payload = payload.encode('ascii') UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 621: ordinal not in range(128)

Sender address is not allowed.

My email provider only accepts mail with with a special sender-argument. Therefore I have a /etc/postfix/sender_canonical file which maps the internal senders to the external sender value.
After installing zeyple, this does not seem to work anymore. I get error messages like this:

Feb 12 16:31:16 matrix postfix/smtp[672]: AB822100873: to=<[email protected]>, relay=mail.gmx.net[212.227.17.190]:587, delay=0.43, delays=0/0.01/0.4/0.03, dsn=5.0.0, status=bounced (host mail.gmx.net[212.227.17.190] said: 550-Requested action not taken: mailbox unavailable 550 Sender address is not allowed. (in reply to MAIL FROM command))

Any ideas how to fix this?

Thank you.

Write Chef recipe to set up Zeyple

Bug with unicode characters

Umlauts in the subject and body seem to crash:

 "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode     return
 codecs.utf_8_decode(input, errors, True) TypeError: don't know how to
 handle UnicodeDecodeError in error callback```

zeyple breaks opendkim

Using DKIM via opendkim on Debian server

DKIM is now failing for messages which are not encrypted by zeyple
If I remove content_filter = zeyple from main.cf DKIM works fine

If I use zeyple even on mail that isn't encrypted DKIM signature fails:

2020-05-10 16:10:47,164 14072 INFO Zeyple ready to encrypt outgoing emails
2020-05-10 16:10:47,165 14072 INFO Processing outgoing message <[email protected]>
2020-05-10 16:10:47,165 14072 INFO Recipient:xxx@xxxx
2020-05-10 16:10:47,165 14072 INFO Trying to encrypt for xxx@xxxx
2020-05-10 16:10:47,189 14072 INFO Key ID: None
2020-05-10 16:10:47,189 14072 WARNING No keys found, message will be sent unencrypted
2020-05-10 16:10:47,189 14072 INFO Sending message <20200xxxx7.0FF85FF36D@xxx>
2020-05-10 16:10:47,229 14072 INFO Message <20200xxxx7.0FF85FF36D@xxxx> sent

Debian package fails to configure if pip is not insatlled

If a Debian package is created including fpm/after-install.sh the configuration of the package
fails with this error message if pip is not insatlled:

/var/lib/dpkg/info/tng-zeyple.postinst: 46: /var/lib/dpkg/info/tng-zeyple.postinst: pip: not found
/var/lib/dpkg/info/tng-zeyple.postinst: 46: /var/lib/dpkg/info/tng-zeyple.postinst: pip: not found

IMHO the change to this file introduced in commit 52ff087
is strange: Dependencies should be handled in fpm/create and not in a post install script.

Duplicates when using CC

echo `date` | mutt -s test8 -b [email protected] -c [email protected] [email protected]

The cc- and bcc-addresses do not receive any mail, however the rewritten address ([email protected] -> [email protected]) gets the mail twice.

This only happens if one or more "cc" addresses are present. If there are multiple addresses in "To" the mails are not duplicated.

Need to reproduce.

Look up final recipient via aliases

I have zyple installed and it's working perfectly except I have hit a bit of a snag. All of my scripts are setup to send email to the root user. I then control the final destination for the email by using /etc/aliases. So, I have a line in /etc/aliases that looks like this:

# Person who should get root's mail
root:           [email protected]

Then, when I send email there is a line in my /var/log/mail.log like this:

Oct  2 10:28:00 host1 postfix/smtp[11878]: 7221DK241B: to=<[email protected]>, orig_to=<root@host1>, status=sent (250 Great success)

When I setup zeyple I imported the public key for [email protected]. But, in /var/log/zeyple.log I see the following when I send an email to root:

2018-10-02 10:27:59,430 11859 INFO Processing outgoing message <20181002172759.7221DK241B@host1>
2018-10-02 10:27:59,430 11859 INFO Recipient: root@host1
2018-10-02 10:27:59,431 11859 INFO Trying to encrypt for root@host1
2018-10-02 10:27:59,463 11859 INFO Key ID: None
2018-10-02 10:27:59,463 11859 WARNING No keys found, message will be sent unencrypted

Sorry if this is a basic question, my postfix skills are pretty basic. Is there some setting I need to tweak so zeyple sees the final recipient and not the orig_to, or would this be a feature request for zeyple to use /etc/aliases to determine which key to lookup?

Sign releases

This is good advice for system administrators

The advice rightfully say that you shouldn't download random things from the internet.

I think tags should be signed. This will improve security for system administrators directly using your code, and future debian packagers.

postfix - Relay access denied

I'm not sure if this is a zeyple issue or postfix configuration problem but
without "content_filter = zeyple" sending unencrypted mails works fine.

I followed install instructions from https://github.com/infertux/zeyple/blob/master/INSTALL.md

As soon in set

content_filter = zeyple

in /etc/postfix/main.cf i get a "Relay access denied".

$ date | mail -s testmail [email protected]

<[email protected]>: Command died with status 1: "/usr/local/bin/zeyple.py".
    Command output: Traceback (most recent call last):   File
    "/usr/local/bin/zeyple.py", line 274, in <module>
    zeyple.process_message(message, recipients)   File
    "/usr/local/bin/zeyple.py", line 126, in process_message
    self._send_message(out_message, recipient)   File
    "/usr/local/bin/zeyple.py", line 260, in _send_message
    smtp.sendmail(message['From'], recipient, message.as_string())   File
    "/usr/lib/python2.7/smtplib.py", line 747, in sendmail     raise
    SMTPRecipientsRefused(senderrs) smtplib.SMTPRecipientsRefused:
    {'[email protected]': (454, '4.7.1 <[email protected]>: Relay access
    denied')}

$ cat /var/log/zeyple.log

2017-07-01 11:43:17,019 29616 INFO Zeyple ready to encrypt outgoing emails
2017-07-01 11:43:17,020 29616 INFO Processing outgoing message <20170701094316.EED64817E4@<hostname>.dedicated.hosteurope.de>
2017-07-01 11:43:17,020 29616 INFO Recipient: [email protected]
2017-07-01 11:43:17,020 29616 INFO Trying to encrypt for [email protected]
2017-07-01 11:43:17,034 29616 INFO Key ID: <some-key>
2017-07-01 11:43:17,054 29616 INFO Sending message <20170701094316.EED64817E4@<hostname>.dedicated.hosteurope.de>

$ postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = zeyple
inet_interfaces = loopback-only
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = <hostname>.dedicated.hosteurope.de, localhost.dedicated.hosteurope.de, , localhost
myhostname = <hostname>.dedicated.hosteurope.de
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Script died with status 1

Hi,
first of all thanks for the useful plugin! Unfortunately I get the following error in the logs while trying to send an encrypted mail (using the sendmail command):

Command died with status 1: "/usr/local/bin/zeyple.py". Command output: Traceback (most recent call last): File "/usr/local/bin/zeyple.py", line 285, in <module> zeyple.process_message(message, recipients) File "/usr/local/bin/zeyple.py", line 123, in process_message self._send_message(out_message, recipient) File "/usr/local/bin/zeyple.py", line 269, in _send_message self.config.get('relay', 'port')) File "/usr/lib/python2.7/smtplib.py", line 256, in __init__ (code, msg) = self.connect(host, port) File "/usr/lib/python2.7/smtplib.py", line 316, in connect self.sock = self._get_socket(host, port, self.timeout) File "/usr/lib/python2.7/smtplib.py", line 291, in _get_socket return socket.create_connection((host, port), timeout) File "/usr/lib/python2.7/socket.py", line 557, in create_connection for res in getaddrinfo(host, port, 0, SOCK_STREAM): socket.error: getaddrinfo() argument 2 must be integer or string

Can somebody help me?

OS: Ubuntu 16.04
Python 2.7.12

Thanks and regards!

Replace python-gpgme with python-gpg

python-gpgme has been abandoned in Ubuntu 18.04 (and Debian I guess). It should be replaced with python-gpg

The interface is broadly similar but has some differences. https://github.com/pazz/alot/pull/906/files is an example of a project being ported from python-gpgme to python-gpg.

Don't add `X-Zeyple` header by default

It is only used for tests and doesn't add anything useful.

Don't bounce email when an exception occurs

When Zeyple crashes for whatever reason, the email bounces back to the recipient as an unencrypted attachment. We might need to add some config option to avoid that?

Try out Sustain

https://github.com/joshuavial/sustain

Add wrapper to manage GPG keys

Something similar to http://man.he.net/man8/apt-key instead of https://github.com/infertux/zeyple#key-management.

The script/binary could be named zeyple-key or simply zeyple.

Senmail support?

The zyple.py script has support for smtp.sendmail.
How to configure relay via standard unix sendmail command in config file /etc/zeyple.conf
instead of host and port?

Thanks

Suggestions / small fix

Hi!

Thanks for the great tool, really love this one!

In zeyple.py config path /etc/ is set. In the setup_zeyple.sh /etc/zeyple/ is used for the sample conf. To keep all in place I suggest changing /etc/ in zeyple.py to /etc/zeyple/ . Else it won´t find its config file.

Bash script: keys saved to /etc/zeyple/keys
In example zeyple.conf path is wrong /var/lib/...

Suggestions:

Touch /etc/postfix/recipient_canonical since it´s not available per default (at least in arch repo).
Next you could change "adduser ...." to "useradd -r zeyple". Same result and adduser doesn´t always work while useradd does.
Last thing is /var/log/zeyple.log. Touching this too would be great since else error occures and mail won´t be send.

Hint for Debian: if it doesn´t fetch your gpg key (protocoll not supported error) mod probing ipv6 once does it: sudo modprobe ipv6

Hint for Arch: For errors like gpgme not found install python-pygpgme package.

Guess that´s all for now :-)

Support for vagrant

I made a build-script for vagrant to be able to setup a test environment with only one command.
You can find it on this branch: https://github.com/Nithanim/zeyple/tree/vagrant I am still getting the hang of cross-repository-interaction and I don't want to merge my branch directly into master. How would I issue a pull request in the best way?

Handle attachements (multipart) using PGP/MIME

New release

Hi, could you please create a new release? There have been quite a few useful commits since the last one.

sign outgoing Mails

Hi,

first of all, thanks for the script, it's working great :)

Would it be possible to not only crypt outgoing mails but also sign them? I tried by myself to implement that feature, but unfortunately I've no clue about python.

Use setuptools for easy install?

Honour "quoted-printable" encoding

Problem overview

Some mail clients encodes the content as "quoted-printable". This makes sure umlauts like ä, ö, é, ... (8-bit data) will be transmitted over a 7-bit data path [1].

The sending client therefore will change an "ä" for example, into an "=E4". The receiving client should read the following header and if set to quoted-printable, it should decode such chars back into 8-bit data.
Content-Transfer-Encoding: quoted-printable

Zeyple encrypts the encoded data "=E4", and removes the important header:

zeyple/zeyple/zeyple.py

Line 120 in 79e21e8

del out_message["Content-Transfer-Encoding"]

If you receive such an email, you only see encoded data (like "=E4" instead of "ä").

Reproduce

You can reproduce this behaviour with the "mail" tool (installed by running yum install -y mailx on CentOS 7).

Without encryption

Make sure you have removed the receiver's PGP public key and run:
echo "ä" | mail -S encoding=quoted-printable -s test -r [email protected] [email protected]

Result

Mail client show the char "ä" correctly. The raw mail looks like:

[... omitted ...]
Content-Transfer-Encoding: quoted-printable
[... omitted ...]

=E4

Expected result

This is the expected result.

With encryption

Make sure you have installed the receiver's PGP public key and run:
echo "ä" | mail -S encoding=quoted-printable -s test -r [email protected] [email protected]

Result

Mail client shows the char "ä" incorrectly as "=E4".

Content-Transfer-Encoding in the mail header isn't set. But it actually doesn't have to be set, because the payload is encrypted anyways and I think, setting this header is useless for encrypted data.

Expected result

Expected is, that the mail client shows "ä" instead of the encoded "=E4".

Suggested solution

Zeyple actually should act like a mail client. It should interpret its receiving mail like a mail client. Therefore, zeyple should honour the Content-Transfer-Encoding header. If it is set to quoted-printable, zeyple should decode the payload before it encrypts the payload. This could be done using the quopri module [2]. Afterwards, the header can be removed.

Maybe I'll file a pull request with a code suggestion later.

[1] https://en.wikipedia.org/wiki/Quoted-printable
[2] https://docs.python.org/2/library/quopri.html

Debian 10 : python-gpgme is obsolete

Hi,

python-gpgme is no longer supported by upstream for about four years and has a successor (python-pgp and python3-gpg).

pygpgme (PyGPGME on PyPi) was started by James Henstridge. Beside Python2 it supports Python 3 since v0.3 (March 2012). The wrapping is done using python's C interface directly without using a generator tool like SWIG. This project has not been updated since 2013 and should probably be considered obsolete.

Source : https://wiki.python.org/moin/GnuPrivacyGuard

I'm going to upgrade https://github.com/hardware/mailserver to Debian 10 "Buster", but python-gpgme does not exist anymore in Debian official repos.

I can look to upgrade Zeyple but I'm not familiar with Zeyple codebase.

Best Regards.

Support manual key import?

Sorry if this is already covered, but I didn't see any documentation on how to manually import a key for a recipient (without using a key server). Maybe this will be covered in #30?

Anyway, thanks for sharing this great software. :)

End to End Encryption for using K-9 Mail/Open Keychain

I made a simple bodged example of how I made a "encrypt, sign and forward everything to 1 email" setup for reading on K-9 Mail/Open Keychain which didn't like zeyple's attachment style of encryption. I used "os.popen" instead of the gpg module (which seems lacking). (Using curl with Gmail also requires allowing less secure transfers for the account which isn't ideal).

Perhaps this will be helpful in making a more robust solution as I'm not really familiar with python.

/usr/local/bin/zeyple.py

#!/usr/bin/env python                                                                               
# -*- coding: utf-8 -*-                                                                             
import sys                                                                                          
import os
                                                                          
try:                                                                                                    
     from configparser import SafeConfigParser  # Python 3
except ImportError:
     from ConfigParser import SafeConfigParser  # Python 2
                                                                                                           
# Boiler plate to avoid dependency on six                                                           
# BBB: Python 2.7 support                                                                           
PY3K = sys.version_info > (3, 0)

#if __name__ == '__main__':                                                                         
if True:                                                                                                
    recipients = sys.argv[1:]
    # BBB: Python 2.7 support
    binary_stdin = sys.stdin.buffer if PY3K else sys.stdin
                                              
    message = binary_stdin.read()

    f = open("/home/zeyple/.gnupg/message.enc", "w")

    text = message                                                                                      
    posa = text.find("Subject: ")
    subject = text[posa:].split("\n",1)                                                                 
    subject = subject[0]

    text = text.partition("\n\n")          
                                                             
    f.write( text[2] )                                                                                 
    f.close()                                                                                           

    os.popen("gpg --homedir /home/zeyple/.gnupg --batch --yes  --passphrase=CERTPASSGOESHERE --pinentry-mode loopback --always-trust -ea --sign -u \"John Smith <[email protected]>\" -r \"John Smith <[email protected]>\" -o - /home/zeyple/.gnupg/message.enc > /home/zeyple/.gnupg/message2.enc")

 #Needed for curl
    os.popen('sed -i -E \":a;N;$!ba;s/\r{0,1}\n/\\n/g\" /home/zeyple/.gnupg/message2.enc')

    f = open("/home/zeyple/.gnupg/message2.enc", "r")

    text = f.read()                                                                                    
    text = text.partition("-----")
    body = text[2]                                                                                      

    f.close()

    os.popen("echo \"" + subject + " \n\n-----" + body + "\" | /usr/bin/cur l--retry 5 --url smtps://smtp.gmail.com:465 --mail-from [email protected] --mail-rcpt [email protected] --user [email protected]:fakeemailpassword --ssl-reqd --insecure --silent --ciphers ECDHE-RSA-AES128-GCM-SHA256 -T -")

    os.remove('/home/zeyple/.gnupg/message.enc')                                                        
    os.remove('/home/zeyple/.gnupg/message2.enc')

special charachets are not shown correclty in Outlook 2013 or Thunderbird

In the German language we've the special characters ü,ö,ß which were not readable after an encrpytion with zeplye in version 1.1.0.
I've seen that this version contains already a fix for Thunderbird (del out_message["Content-Transfer-Encoding"]).
Nevertheless I had charachter issues with Outlook 2013, roundcube as webmail and Thunderbird for testing.

Below I've attached a proposal (patch related to v.1.1.0) which fixed the issue in my environment.

BR Christian

zeyple_charset.txt

Possible issue on character encoding with php-mailer

After deploying zeyple, it seems mails encoded in UTF-8 sent with at least PHP mailer are not properly encoded.
For example, in plain I get this:

Return-Path: <[email protected]>
Delivered-To: <[email protected]>
Received: from mail.mirtouf.fr
	by mail.mirtouf.fr (Dovecot) with LMTP id v705CcMfwlm/TAAAh7BUjQ
	for <[email protected]>; Wed, 20 Sep 2017 09:58:59 +0200
Received: from mail.mirtouf.fr (localhost [127.0.0.1])
	by mail.mirtouf.fr (Postfix) with ESMTP id EFD1841877;
	Wed, 20 Sep 2017 09:58:58 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.1 mail.mirtouf.fr EFD1841877
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mirtouf.fr; s=mail;
	t=1505894339; bh=thKiSLWg84LozQghGCrVVdYLyDZahDb/qvbe0IRDCTM=;
	h=To:Subject:Date:From:From;
	z=To:[email protected]|Subject:=20=3D?UTF-8?Q?[mirtouf,_le_web_
	 0.1]_Votre_site_a_=3DC3=3DA9t=3DC3=3DA9_mis_=3DC3=3DA0_jou?=3D=20=
	 20=3D?UTF-8?Q?r_vers_WordPress_4.8.2?=3D|Date:=20Wed,=2020=20Sep=2
	 02017=2007:58:56=20+0000|From:=20WordPress=20<[email protected]
	 >;
	b=U3QupqxEyXbn3ASYmOLJvqh23KQZ5/CdSkKTfxietV9BANAO1fkPCrdw5zSFu/U3f
	 5WfdQ9/UzlmJXwpzsxR2HC8w0npaIjTfUUN2lOTv+rfFCNisqrSFuSHGm6qvCIgigk
	 D/iV2LUry6IPtVm8Ihc4po4af6srWroYg4zsaMVg=
Received-SPF: Pass (mail.mirtouf.fr: domain of jupiter.mirtouf.fr designates 62.210.7.183 as permitted sender) client-ip=62.210.7.183; envelope-from="[email protected]"; helo=jupiter.mirtouf.fr; receiver=mail.mirtouf.fr; mechanism=a; identity=mailfrom
Authentication-Results: mail; dmarc=fail header.from=mirtouf.fr
Received: from jupiter.mirtouf.fr (mirtouf.fr [62.210.7.183])
	by mail.mirtouf.fr (Postfix) with ESMTP id 8BA1740B1F
	for <[email protected]>; Wed, 20 Sep 2017 09:58:53 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.1 mail.mirtouf.fr 8BA1740B1F
Authentication-Results: mail.mirtouf.fr; dkim=none reason="no signature";
	dkim-atps=neutral
Received: by jupiter.mirtouf.fr (Postfix, from userid 33)
	id 8D976F20123; Wed, 20 Sep 2017 09:58:56 +0200 (CEST)
To: [email protected]
Subject: =?UTF-8?Q?[mirtouf,_le_web_0.1]_Votre_site_a_=C3=A9t=C3=A9_mis_=C3=A0_jou?=  =?UTF-8?Q?r_vers_WordPress_4.8.2?=
X-PHP-Originating-Script: 33:class-phpmailer.php
Date: Wed, 20 Sep 2017 07:58:56 +0000
From: WordPress <[email protected]>
Message-ID: <[email protected]>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-AV-Checked: ClamAV using ClamSMTP

displaying:

Salutations ! Votre site à l’adresse https://www.mirtouf.fr a été automatiquement mis à jour vers WordPress 4.8.2.

Vous n’avez rien de plus à faire. Pour en savoir plus sur la version 4.8.2, lisez l’écran À Propos de WordPress : 
https://www.mirtouf.fr/wordpress/wp-admin/about.php

Si vous rencontrez des problèmes ou avez besoin d’assistance, les volontaires du forum d’entraide de wpfr.net devraient pouvoir vous aider.
https://wpfr.net/support/

Certains de vos thèmes et extensions ont également des mises à jour disponibles. Veuillez les mettre à jour dès maintenant :
https://www.mirtouf.fr/wordpress/wp-admin/

L’équipe WordPress

and with zeyple deployed:

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from mail.mirtouf.fr
	by localhost (Dovecot) with LMTP id rZlSLUiP+FnNWQAA0J78UA
	for <[email protected]>; Tue, 31 Oct 2017 15:57:12 +0100
Received: from mail.mirtouf.fr (localhost [127.0.0.1])
	by mail.mirtouf.fr (Postfix) with ESMTP id A8069281576
	for <[email protected]>; Tue, 31 Oct 2017 15:57:12 +0100 (CET)
Received: from scw-6eda6c.cloud.online.net (mirtouf.fr [51.15.219.206])
 by mail.mirtouf.fr (Postfix) with ESMTP id DC4C4280781
 for <[email protected]>; Tue, 31 Oct 2017 15:57:10 +0100 (CET)
Received: by scw-6eda6c.cloud.online.net (Postfix, from userid 33)
 id F152762870; Tue, 31 Oct 2017 15:57:09 +0100 (CET)
To: [email protected]
Subject: =?UTF-8?Q?[mirtouf,
 _le_web_0.1]_Votre_site_a_=C3=A9t=C3=A9_mis_=C3=A0_jou?=
 =?UTF-8?Q?r_vers_WordPress_4.8.3?=
X-PHP-Originating-Script: 33:class-phpmailer.php
Date: Tue, 31 Oct 2017 14:57:09 +0000
From: WordPress <[email protected]>
Message-ID: <[email protected]>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
X-Spam-Status: No, score=-10.91
X-Rspamd-Server: mail
Authentication-Results: mail.mirtouf.fr;
 dmarc=fail reason="SPF not aligned (strict), No valid
 DKIM" header.from=mirtouf.fr policy=quarantine;
 spf=pass [email protected]
X-Rspamd-Queue-Id: DC4C4280781
X-Spamd-Result: default: False [-10.91 / 8.00] HAS_WP_URI(0.00)[]
 R_DKIM_NA(0.00)[]
 HFILTER_HELO_NORES_A_OR_MX(0.30)[scw-6eda6c.cloud.online.net]
 TO_DN_NONE(0.00)[] TO_DOM_EQ_FROM_DOM(0.00)[]
 LOCAL_WL_IP(-10.00)[51.15.219.206] MIME_GOOD(-0.10)[text/plain]
 HFILTER_HELO_IP_A(1.00)[scw-6eda6c.cloud.online.net]
 R_SPF_ALLOW(-0.20)[+a] RCVD_NO_TLS_LAST(0.00)[]
 FROM_NEQ_ENVFROM(0.00)[[email protected],[email protected]]
 RCPT_COUNT_ONE(0.00)[1] MID_RHS_WWW(0.50)[]
 ENVFROM_SERVICE_ACCT(1.00)[] RCVD_COUNT_TWO(0.00)[2]
 MX_GOOD(-0.50)[mail.mirtouf.fr] FORGED_SENDER(0.30)[]
 ARC_NA(0.00)[] HAS_PHPMAILER_SIG(0.00)[] HAS_X_POS(0.00)[]
 ASN(0.00)[asn:12876, ipnet:51.15.0.0/16, country:FR]
 DMARC_POLICY_QUARANTINE(1.50)[mirtouf.fr : SPF not aligned (strict),
 No valid DKIM, quarantine]
 IP_SCORE(-4.71)[ip: (-9.89), ipnet: 51.15.0.0/16(-7.76), asn: 12876(-4.91),
 country: FR(-0.98)] FROM_HAS_DN(0.00)[]
 TO_MATCH_ENVRCPT_ALL(0.00)[]
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
 boundary="===============1367605545734072094=="

This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--===============1367605545734072094==
Content-Type: application/pgp-encrypted
MIME-Version: 1.0
Content-Description: PGP/MIME version identification

Version: 1

--===============1367605545734072094==
Content-Type: application/octet-stream; name="encrypted.asc"
MIME-Version: 1.0
Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc"

-----BEGIN PGP MESSAGE-----

hQIMA3tGWStApHijAQ//YMsVRR4cD5+CKELMl3Q+HcSfImww6Jcs526Zil5Z7Ecy
VsigWxwb9iXgVjzoo6LdJ2+uLc7QlIBCIyi8RUQ35yzTlbx6Oqpx0EGWyHIfkc+B
kgIj0Q6/E+BfZt59wo2RVbsTYFmZ9LWqkUoNowDXUgdyNqfKyIlu85O7p+FWoPr/
tATNgFKa0/gnysOoezOmkp96AlLznBAcxiHT2bfWK8cLmHdqhaODYjVvikJYDOPQ
ueRYLWdEzF1z1nDsDCY1krw5UrO8YM0xdjycJjevypmTqrkoELmb/5/b5NE69eOH
7ZEN1EIQ+npBYRiwZqzarQTONe/613YNu2ElHZ4x4ASkH9Ru4trK9OCSZgwX0AYZ
S7SfTCgpDHML0/lePjODa/HwlZZAP+Bo5Bkk0Dn9AP8jtZ+TddRNZ7gl1Zjg5Bun
m7uVLYK7tIw25EhfQK95MAYIG11KpUiB8+cwPTsB4aPtceA24b5cBKC/kvIeFepF
3lL47CfQbfnG3Bj6pAcFFNqqrYLoHyg6L6L3ss+qkBULCzFLlyt5CaQDRPT0y5Wd
QcsngIT10jnRTQ9wM8ZLbdv8f0TG9peFbJYbs7/3wIihWhU7/vROcRpLjM8B0FVM
uGLlzZBS95KVZ0EarxLVAVqT6FdMAWh3HfU3MhuTdYbeHH1YoHchR5kbpaF3hMXS
6QF92iB+EdA2MtNXth7cLcVGDCu8KRIRqNJEbq/KaC9gwnaaQZhGdFEIIXDNvbUb
9VeWcq5VmBHbTzBa+vmWxtj49Q/tDoN7Yc8FBYBMJqrcBcBwiwEB9UuSuN+ePa90
HuJeCf2e7yIhrjefPPjg8rmjj68jkoDykOajQRqKMwJhaJlDXK3XQJAFDm7FoxQq
LvhJ5J6BgBad69jSYP08gFDKWt2SBN6UszYsu7Jg0BQg3xd/+vStd0NQetWrcPco
57x3pQW34hK6wRIuQS751zIlvz8L5vWbYNcFbIrE/x7xRKFuKbAXlXbPhZakWjb2
QbaVUN3ZOVMhwE3HE3Yn/kX5aNiEcTr1kR52TPnrfaXgX1oR/Oa6Q1G2LBXp/jin
d7Vcj7U6pxepQgT77p2ogYaniMTh4iwvAuebe7L8ck0lbJsbmTH+6LI2eyzR60f+
qzWsc94RQQce4RkzDui0pGcyaIBQ15EeRJJ2ZyKgMu2s3wPqdaq1mh/Pdbu9QBi0
MXxZJi1NpHeZgcbqv3OgpiEzUBrtawzWgNuGjol/+pIjbi08r+c0T3PLkHGRVfBz
Ingkvq8/55yIcjZl8LH2YAZ/YP999j/xcYpYKLX8iTiKjnMEbPIj9Pu1yJj0eLjT
0w8RbkS4Km75WvAVUO/QXbS6BUS+tCgdHUpeuXs7maqDZMQ2L5heoDXu9Hl8vBHi
35SnL+GrWoGQMTw0gd+hrIUZbvlRNAUV/5vhxetOjiaMw8/2YHGbDpkIUNaXi+Bn
DBBooyHV7xztHmB87X5mIguzSK/Q4Ep39V03kgQRFj5DiMTEZvg=
=BzU2
-----END PGP MESSAGE-----

--===============1367605545734072094==--

which results in:

SalutationsÂ ! Votre site Ã  lâ€™adresse https://www.mirtouf.fr a Ã©tÃ© automatiquement mis Ã  jour vers WordPress 4.8.3.

Vous nâ€™avez rien de plus Ã  faire. Pour en savoir plus sur la version 4.8.3, lisez lâ€™Ã©cran Ã€ Propos de WordPress : 
https://www.mirtouf.fr/wordpress/wp-admin/about.php

Si vous rencontrez des problÃ¨mes ou avez besoin dâ€™assistance, les volontaires du forum dâ€™entraide de wpfr.net devraient pouvoir vous aider.
https://wpfr.net/support/

Certains de vos thÃ¨mes et extensions ont Ã©galement des mises Ã  jour disponibles. Veuillez les mettre Ã  jour dÃ¨s maintenant :
https://www.mirtouf.fr/wordpress/wp-admin/

Lâ€™Ã©quipe WordPress

Of course using GPG alongside Thunderbird and Enigmail does not give me this issue.

Do you have any hints to debug this ? I found no errors in zeyple.log

Thunderbird trouble to decrypt php sent messages.

I have a cms installed on on my webserver that (most likley) uses the php-mailer to send emails. However, thunderbird refuses to decrypt them properly and somehow hangs (hard to describe, it won't decrypt any more emails) instead.
I am not sure how or where to get more debug information but this files may help you.

I am using 86a3c27.

Protect headers by using autocrypt memoryhole

Following up from #46.

It is beneficial to protect header information (subject, message id, etc) which are not normally encrypted by PGP. The memoryhole project part of autocrypt tries to provide a standardized way to do that, see https://github.com/autocrypt/memoryhole.

There is also a WIP Python library for the project which could be of use here: https://0xacab.org/leap/pymemoryhole

HTML mail evaluates as non-multipart

I have a HTML mail that causes is_multipart() to return False. Looking at the zeyple code it is then converted to a text/plain multipart and encrypted afterwards. After decrypting the mail my client happily shows me the HTML as text.

<...snip...headers>
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!doctype html>
<...snip...more HTML>

Make a .deb package to automate the long installation

The current installation process is really tedious.

support PGP/MIME

As some of our messages are HTML mails and users really don't want to see the tags, we should probably implement PGP/MIME which should be able to handle this.

Might have a look here: https://github.com/zenhack/python-gpgmime

Support both IPv4/6

See #35

Add support for Python 3.4

https://travis-ci.org/infertux/zeyple/jobs/68632995

"'ascii' codec can't decode byte 0xc2"

Today I waited eagerly for a mail but I had to discover that it was zeyple that had trouble dealing with it:

Dec  4 19:56:49 vps108 postfix/qmgr[3471]: CB2D344125: from=<pm_bounces@###########>, size=17285, nrcpt=1 (queue active)
Dec  4 19:56:50 vps108 postfix/pipe[19895]: CB2D344125: to=<############@#####.##>, orig_to=<#############@nithanim.me>, relay=zeyple, delay=2.3, delays=0.79/0.01/0/1.5, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/local/b
in/zeyple.py". Command output: Traceback (most recent call last):   File "/usr/local/bin/zeyple.py", line 264, in <module>     zeyple.process_message(message, recipients)   File "/usr/local/bin/zeyple.py", line 105, in process_message
  out_message = self._encrypt_message(in_message, key_id)   File "/usr/local/bin/zeyple.py", line 156, in _encrypt_message     payload = payload.encode('ascii') UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 14112:
ordinal not in range(128) )

Since I don't have the original mail I cannot provide you with any more details (at least as far as I know). It would be really helpful if the mail would not have bounced and would have sent it unencrypted to me instead. ref /issues/20

Improve error message about expired key

Right now when a local key expires, Zeyple fails with the following message which isn't super explicit.

Command died with status 1:
    "/usr/sbin/zeyple". Command output: Traceback (most recent call last):
    File "/usr/sbin/zeyple", line 264, in <module>
    zeyple.process_message(message, recipients)   File "/usr/sbin/zeyple", line
    105, in process_message     out_message = self._encrypt_message(in_message,
    key_id)   File "/usr/sbin/zeyple", line 185, in _encrypt_message
    encrypted_payload = self._encrypt_payload(payload, [key_id])   File
    "/usr/sbin/zeyple", line 219, in _encrypt_payload     plaintext,
    ciphertext) gpgme.GpgmeError: (0, 1, u'General error')

It'd be nice to override it with something more helpful than General error.

infertux / zeyple Goto Github PK

zeyple's Introduction

ZEYPLE: Zeyple Encrypts Your Precious Log Emails

Install & upgrade

Disable/enable Zeyple

Key management

Integration with other MTAs

Docker

Vagrant

Contributing

Kudos

Blog posts & articles

License

zeyple's People

Contributors

Stargazers

Watchers

Forkers

zeyple's Issues

Problem overview

Reproduce

Without encryption

Result

Expected result

With encryption

Result

Expected result

Suggested solution

Recommend Projects

Recommend Topics

Recommend Org