From 9dac9da3255a7e9f352ee4ff5152e0efe82e781c Mon Sep 17 00:00:00 2001 From: Hoang Xuan Phu Date: Sun, 3 Nov 2013 14:31:59 +0700 Subject: [PATCH 1/2] use markdown for installation instruction --- INSTALL => INSTALL.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename INSTALL => INSTALL.md (100%) diff --git a/INSTALL b/INSTALL.md similarity index 100% rename from INSTALL rename to INSTALL.md From c853df74a4141a479ca020245341b39b01a47303 Mon Sep 17 00:00:00 2001 From: Hoang Xuan Phu Date: Sun, 3 Nov 2013 14:45:15 +0700 Subject: [PATCH 2/2] change styling, reword some parts --- INSTALL.md | 69 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 31 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 77e3979..b6d9f6f 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,38 +1,45 @@ -1) Ensure that GPG is installed and configured. - a) Make sure public keys for all of your potential recipients are - available in the GPG home directory you use in step 2 -2) Configure /etc/gpg-mailgate.conf based on the provided sample config -3) Place gpg-mailgate.py in /usr/local/bin/ -4) Place the GnuPG directory in /usr/lib/python2.7/ (replace 2.7 with your Python version) -5) Add the following to the end of /etc/postfix/master.cf + 1. Ensure that GPG is installed and configured. Also make sure public keys for + all of your potential recipients are available in the GPG home directory + used for `keyhome` in step 2. + 2. Configure `/etc/gpg-mailgate.conf` based on the provided + `gpg-mailgate.conf.sample` + 3. Place `gpg-mailgate.py` in `/usr/local/bin/` + 4. Place the GnuPG directory in `/usr/lib/python2.7/` (replace 2.7 with your + Python version) + 5. Add the following to the end of `/etc/postfix/master.cf` -gpg-mailgate unix - n n - - pipe - flags= user=nobody argv=/usr/local/bin/gpg-mailgate.py ${recipient} + gpg-mailgate unix - n n - - pipe + flags= user=nobody argv=/usr/local/bin/gpg-mailgate.py ${recipient} -127.0.0.1:10028 inet n - n - 10 smtpd - -o content_filter= - -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks - -o smtpd_helo_restrictions= - -o smtpd_client_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o mynetworks=127.0.0.0/8 - -o smtpd_authorized_xforward_hosts=127.0.0.0/8 + 127.0.0.1:10028 inet n - n - 10 smtpd + -o content_filter= + -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks + -o smtpd_helo_restrictions= + -o smtpd_client_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o mynetworks=127.0.0.0/8 + -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -6) Add the following to /etc/postfix/main.cf + 6. Add the following to `/etc/postfix/main.cf` -content_filter = gpg-mailgate + content_filter = gpg-mailgate -7) Restart postfix. + 7. Restart postfix. -Note 1: it is also possible to create a dedicated user to store the PGP public keys - 1) useradd -s /bin/false -d /var/gpg -M gpgmap - 2) mkdir -p /var/gpg/.gnupg - 3) chown -R gpgmap /var/gpg - 4) chmod 700 /var/gpg/.gnupg - 5) sudo -u gpgmap /usr/bin/gpg --import /home/youruser/public.key --homedir=/var/gpg/.gnupg - a) replace the path with the location of your public key - b) the path can be deleted after importation - 6) Confirm that it's working: sudo -u gpgmap /usr/bin/gpg --list-keys --homedir=/var/gpg/.gnupg - 7) Use keyhome = /var/gpg/.gnupg in gpg-mailgate.conf +## Note 1 + +It is possible to create a dedicated user to store the PGP public keys with +these example commands: + + useradd -s /bin/false -d /var/gpg -M gpgmap + mkdir -p /var/gpg/.gnupg + chown -R gpgmap /var/gpg + chmod 700 /var/gpg/.gnupg + sudo -u gpgmap /usr/bin/gpg --import /home/youruser/public.key --homedir=/var/gpg/.gnupg + + - Replace `/home/youruser/public.key` with the location of your public key + - `/home/youruser/public.key` can be deleted after importation + - Confirm that it's working: `sudo -u gpgmap /usr/bin/gpg --list-keys --homedir=/var/gpg/.gnupg` + - Use `keyhome = /var/gpg/.gnupg` in `gpg-mailgate.conf`