mail-wwwpage's Introduction
NAME mail-webpage - script to parse e-mail, get page(s) and mail them back DESCRIPTION Script which reads an e-mail from STDIN, parses its body for commands, downloads web pages and mails them back. It seems to be one of the ways how to anonymize browsing. The original idea was pitched in one interview with RMS. Script utilizes GPG for authentification/authorization and privacy. Encryption of message and attachments is supported. REQUIREMENTS - Perl and some Perl packages - Postfix or another mail server - GnuPG tools INSTALLATION Installation and configuration of Postifx is beyond the scope of this help. It is assumed you know how to properly configure and administer Posfix. It is also assumed you know how to configure GnuPG. Some information can be found here - http://www.madboa.com/geek/gpg-quickstart/ Following text is just a proposition. Excercise your liberty to alter or develop your own configuration. - # mkdir /var/lib/mail-page/; - # mkdir /var/lib/mail-page/tmp/; - # mkdir /var/lib/mail-page/.gpg/; - # chown nobody:root /var/lib/mail-page/; - # chmod 750 /var/lib/mail-page/; - # cd /var/lib/mail-page/; - # chmod 700 /var/lib/mail-page/.gpg/; - # gpg --homedir /var/lib/mail-page/.gpg/ --gen-key; - # chown -R nobody:root /var/lib/mail-page/.gpg/; - Import your public key or keys of your users - # vim /etc/postfix/aliases ; and add line: ALIAS: |/var/lib/mail-page/mail-page.pl - # newaliases; or # postmap /etc/postfix/aliases; - edit mail-webpage.pl and configure it - # postfix reload; CONFIGURATION use lib <PATH>; - path to GPGmod.pm (mandatory) $debug = integer; - turns on debugging output $home_dir = <PATH>; - base directory $tmp_dir = <PATH>; - temporary directory used by MIME to dump messages SMTP settings $my_user = "user"; - e-mail alias for receiving mail-page mails(mandatory) $my_domain = "example.com"; - our domain we're sitting at(mandatory) $my_smtp = ""; - address of SMTP server(non-mandatory) Plain-text email validation $disable_plaintext = 1; - disables plain-text/non-signed e-mails $file_users = ""; - ACL file with e-mail addresses(non-mandatory) $mail_validity = 0; - validity score we're starting with $mail_validity_min = 5; - e-mail is valid when this score is reached $my_subject = "someSubject"; - subject of e-mail that's expected LWP settings $max_wwwpage_size = 2097152; - maximum size of fetched page @protocols_forbidden = qw(file mail); - forbidden protocols @proxy_schemes = qw//; - proxy protocols $proxy_url = ""; - proxy proto:addr:port GPG settings $gpg_homedir = <PATH>; - GnuPG homedir(mandatory?) $gpg_passphrase = "12345678"; - secret key passphrase(mandatory) $gpg_my_keyid = "CEB62607"; - our secret key ID(mandatory) Usage Usage is fairly simple. After everything is set up, just send an e-mail for this script, say '[email protected]'. Subject of e-mail doesn't matter as long as you're using PGP. Supported "commands" are GET and POST. Yes, you'll have to figure out which one you need, however GET will do just fine in, what, 90% of cases? POST is usually used for web forms. Syntax is: GET <URL> POST <URL> Each command must be at the beginning of the new line. Other than that, it can be anywhere in the mail body. FAQ Q: When is e-mail considered valid? A: It depends whether e-mail is plain-text, signed or encrypted. - Plain-text checks for header fields and is really not recommended to use - Signed e-mail has its signature verified and signature must be known - Encrypted e-mails are probably obvious; decryption must be successful Q: Why have you used GPG.pm? A: Because it was the only one that worked. I've started with GPG.pm, then found out it was missing some features and it actually was abandoned by its original author. So I've tried couple other packages, which didn't work one way or another, and ended up back with GPG.pm. I've hacked in features I wanted and here we are. If you come up with better solution, if you actually do one, let me know ;) Q: Why don't you use GPG MIME? A: Well, actually I had. Actually, I think it was working properly. However, it didn't with Enigmail in Mozilla Thunderbird. Ok, I don't know for sure. Q: What's the origin of this script? Where did it come from? A: RMS pitched this idea in one of his interviews. He said he's never browsing intranet from his own computer and that he has script like this. He didn't share details and I didn't look for any. I used my imagination and implemented GnuPG encryption, because e-mails are monitored nowadays. It is even possible something like this exists already and is freely available. Again, I didn't look for it, I wanted to try and do it myself. Q: Don't you think this is somewhat pointless since we have projects like Tor? A: No. More tools, more ways we have, better. This might not be the best, might not be the brightest and perhaps outdated, but I still think it's worth having. Known Issues When updating GnuPG keys files do get chowned to root, resp. to UID used to update keys. There are two ways to solve it. First, simply watch out. Second, use user, eg. nobody, that's supposed to own these files :) Error handling is somewhat ... terrible. I believe it could be solved by writing up function that would mail error to postmaster, or whatever. On the other hand, I think MTA will handle this once message "time-outs" in queue. Be careful! Even though you don't view web page directly, I've seen pages that I'll load all the missing content from web, eg. pictures, CSS, scripts. Yes, it means they'll rat you out. Debugging might be a problematic. What proven to be a good method is to save e-mail into file, and then just % cat file.txt | perl mail-webpage.pl ; with debug on. I can't and won't claim all issues are handled and accounted for.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.