- Bash is found in almost all unix-like systems
- Small dependencies: firma needs just tools like sed, awk, grep, cut and
- gpg itself
+ gpg itself. Look at the file "GUIDELINES" to see a complete list of all
+ unix commands needed to run firma.
- You can easily put all the tools, scripts and config files in a read-only
media to protect againt cracks such as rootkits.
- Keeping your encripted list manager out from a huge and sometimes bugged
- mail software ...
+ mail software prevents insecure use of your mailing list by an excess of
+ unwanted functions and routines.
+
+ - Firma has a total KISS design, and bash helps to keep it simple.
Setup
-----
Firma installation is quite simple:
1 - create a folder to store lists; by default firma use /usr/local/etc/lists
- but you can use anything, just edit firma and change FIRMA_LIST_PATH
- variable.
+ but you can use anything, just edit firma and change FIRMA_LIST_PATH
+ variable.
2 - copy firma script to whatever you like, eg. /usr/local/bin and check that
- it has no write permission
+ it has no write permission
3 - then create your lists with the command
- firma -c your-list
+ firma -c your-list
- this will ask some questions and create a gpg keyring and a config file
- with the following variables:
+ this will ask some questions and create a gpg keyring and a config file
+ with the following variables:
- MAIL= path for mail program (eg, /usr/bin/nail)
- GPG= path for gnupg binary (eg, /usr/bin/gpg)
- LISTNAME= list email (eg, firma@domain.tld)
- LISTADMIN= list administrator email addresses (space separated)
- GPGDIR= gpg dir for the lists' keyring
- PASSWD= passwd for the lists' keyring
+ MAIL= path for sendmail or any smtp wrapper (eg, /usr/lib/sendmail)
+ MAIL_ARGS= command line arguments to the smtp wrapper
+ GPG= path for gnupg binary (eg, /usr/bin/gpg)
+ LISTNAME= list email (eg, firma@domain.tld)
+ LISTADMIN= list administrator email addresses (space separated)
+ GPGDIR= gpg dir for the lists' keyring
+ PASSWD= passwd for the lists' keyring
- the owner of the config file and keyring is nobody.nobody and its
- permissions are 600.
+ then a gpg keypair and a config file are created. the owner of the config
+ file and keyring should be nobody.nobody (or the user your MTA run as) and its
+ permissions must be 600.
4 - create an alias to the list at your MTA; on sendmail or postfix,
- add this to your aliases file:
+ add this to your aliases file:
- your-list: "| /usr/local/bin/firma -p your-list"
- your-list-request: "| /usr/local/bin/firma -r your-list"
+ your-list: "| /usr/local/bin/firma -p your-list"
+ your-list-request: "| /usr/local/bin/firma -r your-list"
- and then run the command
+ and then run the command
- newaliases
+ newaliases
5 - to subscribe the users and the list admins on the list, use ...
+ 6 - send encrypted AND signed messages to your-list@yourmachine and look
+ what happens :)
+
Tips
----
- Use an encrypted swap memory
- - Use a read-only media to store ...
- - Use ramdisk to the ...
+ - Use a read-only media to store firma and its needed apps
+ - Use ramdisk to FIRMA_LIST_PATH so all keys and passwords vanishes if the server frozes
- Use a big PASSWD, 25+ chars with alpha-numeric and special ascii keys
Design and features
- by default it doesn't archive messages in the server
- by default it remove the Subject header and put it inside the encrypted
- message, as Subject are outside the PGP/MIME context
+ message, as Subject are outside the PGP/MIME context
+
+ - messages appear to be sent To: Undisclosed Recipients
Major features are:
- keyring support
- - administration through email
+ - administration through email or command-line
projects / firma.git / commitdiff