This patch is an effort to include OpenPGP and S/MIME support in Mailman, as part of the SURFnet Secure List Server project.
The Mailman SSLS project's home is at http://non-gnu.uvt.nl/mailman-ssls/. Sources are available from http://non-gnu.uvt.nl/pub/mailman/.
New versions of this patch will be announced on the Mailman developers list
This is Mailman patch #1167696.
Beware! This code is not mature, and not yet suitable for production use. Inspect the code to find out if it's good enough for you.
This patch handles both RFC 2633 (S/MIME) and RFC 2440 (OpenPGP) email messages.
A post will be distributed only if the PGP (or S/MIME) signature on the post is from one of the list members.
For sending encrypted email, a list member encrypts to the public key of the list. The post will be decrypted and re-encrypted to the public keys of all list members.
In order to achieve this, each list has a public and private key. (These private keys can optionally be protected by passphrases.) Furthermore, new list settings are defined:
Similar settings are defined for S/MIME.
Finally, each subscriber can upload her PGP and S/MIME public key using the webinterface.
Additional requirements: gpg binary in path of qrunner, GnuPGInterface python library from http://py-gnupg.sourceforge.net/ and (for now) openssl.
SSLS support needs to store additional information for the mailing lists, thus new variables were introduced. Have a look at bin/update and search for "GPG" and "smime".
The automatic upgrade procedure occuring on a change of the version number is implemented yet untested. You can either modify the version number in Version.py to trigger the automatic patch, or run bin/update --force (worked for me, but I won't give any guarantees).
If you're installing on a Debian(-based) hosts, you can "apt-get install" the patched package from
deb http://non-gnu.uvt.nl/debian sarge mailman
If you're on another platform, you can apply the patch to a pristine official mailman tarball, and install using the official installation instructions.
Create a list. Go to the admin menu. Open "Privacy options", select "GPG options" and "S/MIME options". Make the settings appropriate for your list (yes, there is some help text!). Create a keypair for your list. Make sure the list-posting-address is in one of the keys identities. Publish the public key for your list, e.g. on the list info page. Ask all subscribers to upload their public key. A good idea is to set up the web interface to only run over https.
Very likely, you'd prefer "Confirm and approve" as subscribe_policy (Privacy Options; Subscribtion Rules).
Very likely, you'd prefer "No" for archive (Archiving Options): no effort was made to do something "sane" w.r.t. the archiving of encrypted posts. Just don't archive.
Subscribers who do not upload their public keys will miss posts. Errors
show up in /var/log/mailman/smtp-failure
:
Mar 24 15:29:28 2005 (5267) delivery to joe@example.com failed with code 550: Encryption forced, but no keys found
Tell your subscribers where to upload their keys: list Info Page, Subscribers section. Visit "Subscriber List", choose your address, list membership configuration, "Your GPG key for postings".
Distribute the list public key to your subscribers, e.g. by posting it to the list after they've subscribed, or by pasting it in "[General Options], info" in the list admin webinterface.
I only updated the english html template for the user preferences; that means that users using a different language setting will be unable to upload their public key. Either allow English only, or make the patches to other language templates (and send the diff to me).
Users won't get warnings when mails are not delivered to them due to the encryption send policy. Failures to send due to a missing public key will be treated like bounces.
If you're interested in helping with the work, you might like to subscribe to the developer list for a GPG/SMIME-enhanced mailman ssls-dev /a/ ulm.ccc.de. (Thanks a lot to Stefan Schlott for hosting this list.) If you'd like to contact the author directly, mail Joost van Baal on <joostvb+mailman-ssls /a/ uvt.nl>.
If you'd like to contribute patches, check out the code using darcs:
darcs get http://non-gnu.uvt.nl/repos/mailman-ssls
A fancy webinterface to this version control system is available at http://non-gnu.uvt.nl/cgi-bin/darcs.cgi/mailman-ssls/.
If you'd like your changes to get imported in
http://non-gnu.uvt.nl/repos/mailman-ssls
, so that your stuff will
get incorporated in the SSLS patch, you have some options:
non-gnu.uvt.nl
). Mail the ssls-devel list once you have some
interesting stuff, ready for importing: Joost will run darcs
pull
;darcs record
and
darcs send
, so that your patch is ready for
darcs apply
) or using traditional unified diff
format;non-gnu.uvt.nl
directly. You
can get write access either after asking and getting granted access, or after
being invited and accepting access.Please split contributions and patches in small bits: one patch for each functional change please. This helps people who'd like to apply just a subset of your patches.
This patch is based upon prior work by Stefan Schlott in mailman-2.1.5-gpg_2005-02-22.diff.gz. Copyright on the code is held by Stefan Schlott (stuff from mailman-2.1.5-gpg_2005-02-22.diff.gz) and Tilburg University (stuff written by Joost van Baal), see the individual files for details. Some contributions are from Michael Feiri.
Biggest lumps of changes by Joost van Baal are in Mailman/GPGUtils.py (function verifyMessage added) and in Mailman/Handlers/Moderate.py (code which deals with gpg_post_sign added). These are likely nontrivial so copyright-able. Check with a specialist if you'd like to know for sure. Likely, Mailman upstream wants a copyright assignment to FSF before patch gets included.
There are some alternative approaches on integrating PGP with Mailman:
See NEWS.SSLS for user visible (and some other) changes. See TODO.SSLS for known bugs and plans for improvement.