[Remail] RFC: "transport" encryption type
Konstantin Ryabitsev
konstantin at linuxfoundation.org
Thu Oct 29 22:01:03 CET 2020
On Thu, Oct 29, 2020 at 07:38:50PM +0100, Thomas Gleixner wrote:
> On Thu, Oct 29 2020 at 17:39, Thomas Gleixner wrote:
> > On Thu, Oct 29 2020 at 09:11, Konstantin Ryabitsev wrote:
> > Both use cases make sense and it should be straight forward to
> > implement.
>
> Indeed it was. See the completely untested below.
The version below has been lightly edited and tested.
LGTM.
-K
-- >8 --
>From be1b90dcfd2a5af7f2e351ea0a390671d1c272c2 Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx at linutronix.de>
Date: Thu, 29 Oct 2020 19:26:56 +0100
Subject: [PATCH] remail: Allow optional transport based security
Add an "encryption" option 'use_transport' which does not bother with
encryption and just relies on transport security.
For admins this makes sense as none of the admin messages is really
confidential.
This is also a valid option for a subscriber and makes some sense in
scenarios where the mail provider manages the subscriber key (sic!)
and does server side decryption. Think twice before using this.
Requested-by: Konstantin Ryabitsev <konstantin at linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Reviewed-by: Konstantin Ryabitsev <konstantin at linuxfoundation.org>
Tested-by: Konstantin Ryabitsev <konstantin at linuxfoundation.org>
---
.../examples/conf/lists/list1/list.yaml | 4 +++-
.../examples/conf/lists/list2/list.yaml | 4 +++-
Documentation/examples/conf/remail.yaml | 8 ++++++--
Documentation/man5/remail.config.rst | 16 ++++++++++++++++
remail/config.py | 14 ++++++++++----
remail/maillist.py | 17 +++++++++++------
6 files changed, 49 insertions(+), 14 deletions(-)
diff --git a/Documentation/examples/conf/lists/list1/list.yaml b/Documentation/examples/conf/lists/list1/list.yaml
index f9c0907..68fd09d 100644
--- a/Documentation/examples/conf/lists/list1/list.yaml
+++ b/Documentation/examples/conf/lists/list1/list.yaml
@@ -10,7 +10,9 @@ subscribers:
# name: Real name of the subscriber
# enabled: Subscriber is enabled (if omitted defaults to False)
# use_smime: True/False (Use S/MIME for encryption. If omitted defaults to False)
- # fingerprint: GPG fingerprint (Not required when use_smime == True)
+ # use_transport: True/False (SMTP transport layer encryption only. If omitted defaults to False.
+ # Conflicts with use_smime == True)
+ # fingerprint: GPG fingerprint (Not required when use_smime == True or use_transport == True)
# gpg_plain: Plain text inline GPG encryption (If omitted defaults to False)
# aliases: List of alias addresses which are valid for posting (moderated list)
#
diff --git a/Documentation/examples/conf/lists/list2/list.yaml b/Documentation/examples/conf/lists/list2/list.yaml
index ac15ae9..f782a24 100644
--- a/Documentation/examples/conf/lists/list2/list.yaml
+++ b/Documentation/examples/conf/lists/list2/list.yaml
@@ -10,7 +10,9 @@ subscribers:
# name: Real name of the subscriber
# enabled: Subscriber is enabled (if omitted defaults to False)
# use_smime: True/False (Use S/MIME for encryption. If omitted defaults to False)
- # fingerprint: GPG fingerprint (Not required when use_smime == True)
+ # use_transport: True/False (SMTP transport layer encryption only. If omitted defaults to False.
+ # Conflicts with use_smime == True)
+ # fingerprint: GPG fingerprint (Not required when use_smime == True or use_transport == True)
# gpg_plain: Plain text inline GPG encryption (If omitted defaults to False)
# aliases: List of alias addresses which are valid for posting (moderated list)
#
diff --git a/Documentation/examples/conf/remail.yaml b/Documentation/examples/conf/remail.yaml
index 05abbc4..bee8cb6 100644
--- a/Documentation/examples/conf/remail.yaml
+++ b/Documentation/examples/conf/remail.yaml
@@ -61,7 +61,9 @@ lists:
# name: Real name of the subscriber
# enabled: Subscriber is enabled (if omitted defaults to False)
# use_smime: True/False (Use S/MIME for encryption. If omitted defaults to False)
- # fingerprint: GPG fingerprint (Not required when use_smime == True)
+ # use_transport: True/False (SMTP transport layer encryption only. If omitted defaults to False.
+ # Conflicts with use_smime == True)
+ # fingerprint: GPG fingerprint (Not required when use_smime == True or use_transport == True)
# gpg_plain: Plain text inline GPG encryption (If omitted defaults to False)
admin1 at admin.domain:
name: Admin one
@@ -106,7 +108,9 @@ lists:
# name: Real name of the subscriber
# enabled: Subscriber is enabled (if omitted defaults to False)
# use_smime: True/False (Use S/MIME for encryption. If omitted defaults to False)
- # fingerprint: GPG fingerprint (Not required when use_smime == True)
+ # use_transport: True/False (SMTP transport layer encryption only. If omitted defaults to False.
+ # Conflicts with use_smime == True)
+ # fingerprint: GPG fingerprint (Not required when use_smime == True or use_transport == True)
# gpg_plain: Plain text inline GPG encryption (If omitted defaults to False)
admin2 at admin2.domain:
name: Admin2
diff --git a/Documentation/man5/remail.config.rst b/Documentation/man5/remail.config.rst
index a7035b6..0c4d199 100644
--- a/Documentation/man5/remail.config.rst
+++ b/Documentation/man5/remail.config.rst
@@ -384,6 +384,7 @@ The list administrators section:
fingerprint: 40CHARACTERFINGERPRINT
enabled: True
use_smime: False
+ use_transport: False
gpg_plain: False
admin2 at other.domain:
@@ -405,6 +406,21 @@ The list administrators section:
Send S/MIME encrypted mail to the admin if True. Otherwise use
PGP. Optional, defaults to False.
+ use_transport:
+
+ Do not bother with encryption and send plain text messages, i.e. rely
+ on the SMTP transport layer encryption. None of the admin messages are
+ really confidential.
+
+ This may also be a valid option for some subscribers, for example in
+ scenarios where the mail provider manages the subscriber key (sic!)
+ and does server side decryption anyway, or when mail is delivered to
+ an inbox stored on the same infrastructure as remail itself.
+ Not recommended for most cases.
+
+ Optional, defaults to False. Note, this is mutually exclusive with
+ the 'use_smime' option.
+
gpg_plain:
If False send mail in the application/pgp-encrypted format. If True
diff --git a/remail/config.py b/remail/config.py
index a01aa78..9201215 100644
--- a/remail/config.py
+++ b/remail/config.py
@@ -40,10 +40,11 @@ def show_attrs(obj, attrdict, indent):
print('%*s%-40s: %s' %(indent, '', attr, getattr(obj, attr)))
account_defaults = {
- 'enabled' : False,
- 'fingerprint' : None,
- 'use_smime' : False,
- 'gpg_plain' : False,
+ 'enabled' : False,
+ 'fingerprint' : None,
+ 'use_smime' : False,
+ 'use_transport' : False,
+ 'gpg_plain' : False,
}
class account_config(object):
@@ -58,6 +59,11 @@ class account_config(object):
self.name = get_mandatory('name', cfgdict, base)
set_defaults(self, account_defaults, cfgdict)
+ # Valdiate transport options to be coherent
+ if self.use_smime and self.use_transport:
+ txt = 'use_smime and use_transport cannot both be set for %s' % addr
+ raise RemailListConfigException(txt)
+
# Get the optional aliases to allow sending from
# different accounts when the list is moderated
aliases = cfgdict.get('aliases')
diff --git a/remail/maillist.py b/remail/maillist.py
index 1df7c31..faf658e 100644
--- a/remail/maillist.py
+++ b/remail/maillist.py
@@ -71,12 +71,17 @@ class maillist(object):
def encrypt(self, msg_plain, account):
'''
- Encrypt plain text message for the account
+ Encrypt plain text message for the account or return the plain text
+ message when the account has the 'use_transport' option set. The
+ latter is used for delivery to admin accounts on the machine or the
+ protected network and for transport based security to mail providers
+ like gmail which manage the recipients S/MIME key and do server
+ side decryption anyway (shudder).
'''
msg = msg_from_string(msg_plain.as_string())
if self.smime and account.use_smime:
self.smime.encrypt(msg, account)
- else:
+ elif not account.use_transport:
self.gpg.encrypt(msg, account)
return msg
@@ -317,7 +322,7 @@ class maillist(object):
continue
if account.use_smime and self.smime:
self.smime.check_cert(account)
- else:
+ elif not account.use_transport:
self.gpg.check_key(account)
class maillist_checker(object):
@@ -368,9 +373,9 @@ class maillist_checker(object):
if not account.enabled:
continue
try:
- if not account.use_smime:
- gpg.check_key(account)
- else:
+ if account.use_smime:
smime.check_cert(account)
+ elif not account.use_transport:
+ gpg.check_key(account)
except Exception as ex:
self.logger.log(str(ex) + '\n')
--
2.26.2
More information about the Remail
mailing list