This page outlines a method for setting up Exim 4.x to detect the presence of gpg keys and automatically encrypt outbound email.
This version has some limitations. Future versions will address these.
First version.
You should be generally familiar with the basic features of Exim 4.x, and gpg, and both should be installed. You will also need a C compiler such as gcc.
This section details things that are to be set up in the Exim configuration file, and the setup of the alias files.
If you are using an external database engine, you may need to configure it here. For example, if using PostgreSQL, you need to include the following (or something like it):
hide pgsql_servers=localhost/pgpkeys/exim/password
The dnslookup router must be modified to check for email addresses that have gpg keys, and then direct those messages to a different transport.
This version uses a simple PostgreSQL table to list such addresses, as in my case I want the list to be visible to more than one exim mail server. LDAP could also do this job nicely.
If only one server needs to see this data, it can be kept in a flat text file or a berkeley db style database.
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = ${lookup pgsql \
{select client_id from client \
where username='$local_part' and domain='$domain'}\
{outbound_gpg_transport}\
{remote_smtp}}
ignore_target_hosts = 127.0.0.0/8
no_more
The following transport sends the message to be encrypted through a small C program that encrypts the body, leaving the headers intact.
# gpg transport
outbound_gpg_transport:
driver = smtp
user=exim
transport_filter = '/usr/local/bin/mail-gpg' '$local_part@$domain'
The simple schema needed with the lookups above is here. It should work with any sane SQL database, it has no special requirements that I am aware of. Users of older versions (pre 3.22) of MySQL will need to change the CREATE INDEX to appropriate ALTER TABLE statements. For small databases of keys, the indices are totally unnecessary and the CREATE INDEX statements can be removed entirely.
LDAP configuration examples will provided at a later date.
Configuration for lsearch, dbm, etc. lookups is fairly trivial. Just create a flat file of email addresses and look the address up in the usual style.
The C program may be found here. Licensing is BSD-style.
This program is too trivial to require even a Makefile, compile it with
cc -o mail-gpg mail-gpg.c
Install it in /usr/local/bin, chown to user exim, chgrp group exim, and set the suid bit.
This version of the program assumes that all relevant public keys have been placed on the exim user's keyring.
For distributed applications, a script needs to be written to replicate gpg keyrings to other mail servers. This could be eliminated by using an LDAP or SQL based keyserver (see Future Plans below).
This software does not sign the outbound messages. If it did, it would be necessary to use private keys w/o passphrases, which introduces a security weakness. A future version may provide an option for signing, along with a discussion of the pros and cons.
I am looking at an open source PostgreSQL-based pgp keyserver, but it is in a very early state and not yet ready for prime time.
It would be nice to have a version which used an LDAP based pgp keyserver, but the open source versions of this technology seem to be immature at the present time.
A version which decrypts inbound email automatically is being considered. There are a number of significant issues to be addressed. More on that as I have it.