Exim 4.x and gpg

This page outlines a method for setting up Exim 4.x to detect the presence of gpg keys and automatically encrypt outbound email.

This version has some limitations. Future versions will address these.

Contents

Changes

Version 0.0, 4 April 2003

First version.

Prerequisites

You should be generally familiar with the basic features of Exim 4.x, and gpg, and both should be installed. You will also need a C compiler such as gcc.

Exim Configuration Details

This section details things that are to be set up in the Exim configuration file, and the setup of the alias files.

Main Configuration

If you are using an external database engine, you may need to configure it here. For example, if using PostgreSQL, you need to include the following (or something like it):

hide pgsql_servers=localhost/pgpkeys/exim/password

Router Configuration

The dnslookup router must be modified to check for email addresses that have gpg keys, and then direct those messages to a different transport.

This version uses a simple PostgreSQL table to list such addresses, as in my case I want the list to be visible to more than one exim mail server. LDAP could also do this job nicely.

If only one server needs to see this data, it can be kept in a flat text file or a berkeley db style database.

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = ${lookup pgsql \
                   {select client_id from client \
                    where username='$local_part' and domain='$domain'}\
		{outbound_gpg_transport}\
		{remote_smtp}}
  ignore_target_hosts = 127.0.0.0/8
  no_more

Transport Configuration

The following transport sends the message to be encrypted through a small C program that encrypts the body, leaving the headers intact.

# gpg transport
outbound_gpg_transport:
    driver = smtp
    user=exim
    transport_filter = '/usr/local/bin/mail-gpg' '$local_part@$domain'

Database configuration

SQL

The simple schema needed with the lookups above is here. It should work with any sane SQL database, it has no special requirements that I am aware of. Users of older versions (pre 3.22) of MySQL will need to change the CREATE INDEX to appropriate ALTER TABLE statements. For small databases of keys, the indices are totally unnecessary and the CREATE INDEX statements can be removed entirely.

LDAP

LDAP configuration examples will provided at a later date.

Other methods (lsearch, dbm, etc.)

Configuration for lsearch, dbm, etc. lookups is fairly trivial. Just create a flat file of email addresses and look the address up in the usual style.

The External Program

The C program may be found here. Licensing is BSD-style.

This program is too trivial to require even a Makefile, compile it with

cc -o mail-gpg mail-gpg.c

Install it in /usr/local/bin, chown to user exim, chgrp group exim, and set the suid bit.

This version of the program assumes that all relevant public keys have been placed on the exim user's keyring.

Limitations

For distributed applications, a script needs to be written to replicate gpg keyrings to other mail servers. This could be eliminated by using an LDAP or SQL based keyserver (see Future Plans below).

This software does not sign the outbound messages. If it did, it would be necessary to use private keys w/o passphrases, which introduces a security weakness. A future version may provide an option for signing, along with a discussion of the pros and cons.

Future Plans

SQL Database Key Servers

I am looking at an open source PostgreSQL-based pgp keyserver, but it is in a very early state and not yet ready for prime time.

LDAP based Key Servers

It would be nice to have a version which used an LDAP based pgp keyserver, but the open source versions of this technology seem to be immature at the present time.

decrypting inbound email

A version which decrypts inbound email automatically is being considered. There are a number of significant issues to be addressed. More on that as I have it.