For the first there are some options:
-- Schleuder: http://schleuder2.nadir.org/
-- GPG Mailman: http://medien.informatik.uni-ulm.de/~stefan/gpg-mailman.xhtml
-- Crypt-ML - gpg-ezmlm: http://www.synacklabs.net/projects/crypt-ml/
-- Secure Email List Services (SELS): http://sels.ncsa.illinois.edu/
+- [Schleuder](http://schleuder2.nadir.org/)
+- [GPG Mailman](http://medien.informatik.uni-ulm.de/~stefan/gpg-mailman.xhtml)
+- [Crypt-ML - gpg-ezmlm](http://www.synacklabs.net/projects/crypt-ml/)
+- [Secure Email List Services (SELS)](http://sels.ncsa.illinois.edu/)
-For the second option there is the NAH6 Mailman patch,
-http://mail.python.org/pipermail/mailman-coders/2003-June/000506.html
+For the second option there is the
+[NAH6 Mailman patch](http://mail.python.org/pipermail/mailman-coders/2003-June/000506.html).
-For the firsts releases of Firma, we choose to use just the first option.
-In the future the code should contain support for an one-keypair list,
-but this is not the main behavior we want in an encrypted mailing list.
-This is a question of centralized versus decentralized vulnerability.
+During the initiral Firma releases, we have chosen to use just the first
+option. In the future the code should contain support for an one-keypair list,
+but this is not the main behavior we want in an encrypted mailing list. This
+is a question of centralized versus decentralized vulnerability.
An one-keypair list is more or less just like a mail alias: someone
send an encrypted email to the list address and the manager just forwards
- Bash is found in almost all unix-like systems
- Small dependencies: firma needs just tools like sed, awk, grep, cut and
- gpg itself. Look at the file "GUIDELINES" to see a complete list of all
+ gpg itself. Look at the file [[GUIDELINES]] to see a complete list of all
unix commands needed to run firma.
- You can easily put all the tools, scripts and config files in a read-only
- Firma has a total KISS design, and bash helps to keep it simple.
-- Firma adopted the style suggested in the Advanced Bash-Scripting Guide,
- http://www.tldp.org/LDP/abs/html/scrstyle.html
+- Firma adopted the style suggested in the
+ [Advanced Bash-Scripting Guide](http://www.tldp.org/LDP/abs/html/scrstyle.html).
Development Guidelines
----------------------
Firma installation is quite simple:
-1. Create a folder to store lists; by default firma use /var/lib/firma/lists
- but you can use anything, just edit firma and change FIRMA_LIST_PATH
+1. Create a folder to store lists; by default firma use `/var/lib/firma/lists`
+ but you can use anything, just edit firma and change `FIRMA_LIST_PATH`
variable.
-2. Copy firma script to whatever you like, e.g. /usr/local/bin and check that
+2. Copy firma script to whatever you like, e.g. `/usr/local/bin` and check that
it has no write permission
-3. Create a list-wide config file (default is /var/lib/firma/firma.conf) with
+3. Create a list-wide config file (default is `/var/lib/firma/firma.conf`) with
the common definitions for all lists. You might just copy the sample
firma.conf.dist and edit according to your needs.
- All config variables can be overwritten at each list's own config file;
- firma.conf should be chmoded as 600, chowned nobody.nobody or whatever
- user your MTA runs. If you run postfix, the user is specified by the
- main.cf parameter "default_privs".
+All config variables can be overwritten at each list's own config file;
+firma.conf should be chmoded as `600`, chowned `nobody.nobody` or whatever user
+your MTA runs. If you run postfix, the user is specified by the `main.cf`
+parameter `default_privs`.
- For a list of all config parameters, type
+For a list of all config parameters, type
firma --help config
PASSPHRASE= passphrase for the list's private keyring
A gpg keypair and a config file are automatically generated; the owner of the
-config file and keyring should be nobody.nobody (or the user your MTA run as)
-and its permissions must be 600.
+config file and keyring should be `nobody.nobody` (or the user your MTA run as)
+and its permissions must be `600`.
After that you can add some optional parameters on this list config file:
your-list: "| /usr/local/bin/firma -p your-list"
your-list-request: "| /usr/local/bin/firma -e your-list"
- and then run the command
+and then run the command
newaliases
- alternatively, you can use a virtual mailbox table if you want
- to easily host a lot of encrypted mailing lists.
+alternatively, you can use a virtual mailbox table if you want
+to easily host a lot of encrypted mailing lists.
7. Admin tasks are performed through aliases like your-list-request@yourmachine
or via command-line:
and be sure that after this command the list keyring is owned by nobody.nobody.
-9. Send encrypted AND signed messages to your-list@yourmachine and look
+9. Send encrypted AND signed messages to `your-list@yourmachine` and look
what happens :)
Tips
- Use an encrypted swap memory
- Use a read-only media to store firma and its needed apps
-- Use ramdisk to FIRMA_LIST_PATH so all keys and passwords vanishes if the server is shutdown
-- Use a big PASSPHRASE, 25+ chars with alpha-numeric and special ascii keys
+- Use ramdisk to `FIRMA_LIST_PATH` so all keys and passwords vanishes if the server is shutdown
+- Use a big `PASSPHRASE`, 25+ chars with alpha-numeric and special ascii keys
Design and features (OUTDATED)
------------------------------
projects / firma.git / commitdiff