ajgon / gpg-mailgate.py Goto Github PK

I am starting to track down a strange issue with my gpg-mailgate. I can have two emails generated to the same address - be it by cron scripts running in the middle of the night for instance.

One of the messages will be delivered encrypted and the other in plain text. The one in plain-text has the X-GPG-Mailgate header set to Not encrypted, public key not found, which is of course rendered by line 106 in gpg-mailgate.py.

These are emails to the same destination address so clearly the key is found, at least some of the time.

I will gather more log data and see if I can troubleshoot the matter. Has anyone else seen this in their own deployments?

kotecek

I see gpg-mailgate is a viable and transparent for easy adaptation in using gpg for sending email.

Currently, does it supports choice of signing mode only?

Also, if the user have used gpg client tools to sign / encrypt his emails, will gpg-mailgate double sign / encrypt emails?

Okay, so it's not really an issue, but...

I'm starting to make a bunch of code changes in my repository but
wanted to check that my understanding of the purpose of gpg-mailgate
is in accord with others on the project so I can make sure I steer my
changes in the right direction, or at least accommodate other's
purposes when I make changes.

I noticed the original project at http://code.google.com/p/gpg-mailgate/
would encrypt email to a specific set of domain names, which was almost
entirely opposite to my purposes, so I found it a bit confusing.

The current project here at ajgon/gpg-mailgate seems much more in
accordance with my goals. I'm running postfix to handle my personal
inbound/outbound email on my own single-user linux box, and wanted to
encrypt any outbound email whenever postfix can find a suitable public
key.

I don't encrypt inbound email (which is easy to achieve by making sure
that my own public key isn't available so no encryption happens).

I only need to handle 100 items/day so it doesn't need to be super
efficient.

The main problem with public key encryption of email is that not
enough people use it, so I would always favor any changes that make
the system easier to install/configure/run, even if this is at a
slight cost in efficiency, or even results in some emails going
unecrypted (as opposed to not getting delivered at all, for example if
there is some misconfiguration of keys). I would also like to see
more robustness under failure conditions, and more debugging messages
in the logfiles. Ultimately I would like to see all major linux
distributions include public key encryption options in their default
setups.

So, is this in line with what you're all using it for or are there other
use cases I should keep in mind when making changes? Please let me know.
I'm happy to write code but would prefer to make the changes that are also
useful to others because it will make it easier to keep my code synchronized
with the main project.

If there is no key present for the intended recipient then the message is not delivered. Last message in log is postfix handing it to gpg-mailgate.

Delivery works fine if there is a key present for the intended recipient.

Running postfix, dovecot. Was running uakfdotb's fork of this but no attachment support.

This is more of a note about the INSTALL file than the gpg-mailgate itself.

Command died with status 1:
    "/usr/local/bin/gpg-mailgate.py". Command output: Traceback (most recent
    call last):   File "/usr/local/bin/gpg-mailgate.py", line 129, in <module>
    send_msg( raw_message, gpg_to_smtp )   File
    "/usr/local/bin/gpg-mailgate.py", line 44, in send_msg     smtp =
    smtplib.SMTP(relay[0], relay[1])   File "/usr/lib/python2.7/smtplib.py",
    line 249, in __init__     (code, msg) = self.connect(host, port)   File
    "/usr/lib/python2.7/smtplib.py", line 309, in connect     self.sock =
    self._get_socket(host, port, self.timeout)   File
    "/usr/lib/python2.7/smtplib.py", line 284, in _get_socket     return
    socket.create_connection((port, host), timeout)   File
    "/usr/lib/python2.7/socket.py", line 571, in create_connection     raise
    err socket.error: [Errno 110] Connection timed out

This is the error:

 Command died with status 1:
    "/usr/local/bin/gpg-mailgate.py". Command output: Traceback (most recent
    call last):   File "/usr/local/bin/gpg-mailgate.py", line 8, in <module>
    **import GnuPG ImportError: No module named GnuPG**

Thinking that it might be the Python GnuPG import that is failing, I ran the follow:
sudo apt-get install python-pip
and
sudo pip install python-gnupg

Both of which installed without error.

test

There is an issue with long filenames:

--------------020908070905010506000203
Content-Type: application/octet-stream;
name="(24) [J Majik & Wickaman Feat. Dee Freer] In Pieces.mp3.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename*0="(24) [J Majik & Wickaman Feat. Dee Freer] In Pieces.mp3"

The "*0" thing is there, which stops the regular expression from matching, and the ".pgp" extension is not added (but it's still encrypted properly). More info about what the *0 thing is here:

http://kb.mozillazine.org/Attachments_renamed

I'm not totally sure if this is a problem in gpg-mailgate or in Thunderbird. When an HTML-only mail is recieved, it gets encrypted, and Thunderbird no longer displays it correctly.

• Viewing the message body as 'Plain Text' shows nothing, just a blank window.
• Viewing the message body as 'Original HTML' displays the message's HTML source code.
• Viewing the message body as 'Simple HTML' shows the ascii-armored ciphertext.

Hey,

is this project still active? i've added the script to my postfix config and its a bit of schrödinger's cat. it seems to work but not really. if i send an email i get an empty message. any suggestions?

I got the following error message (using Python 2.7.5):

key = line.split('<')[1].split('>')[0]
IndexError: list index out of range

I could reproduce this error on another machine (using Python 2.7.5). If I use Python 3.3.2, I don't get any error message.

As a quick and dirty fix I just added if ('<' or '>') not in line: continue in GnuPG/init.py before key = line.split('<')[1].split('>')[0] is called.

I only notice this from a few odd clients but when the headers are:
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0

The resulting message is garbled garbage. It seems to come from Exchange servers mostly.

Attachments come through as *.pgp files. No client that I've tried is able to read them. When attempting to decrypt with command line: gpg filename.txt.pgp error results.
gpg: no valid OpenPGP data found.
gpg: processing message failed: eof

Text portion of email is fine and decrypts normally.