NAME¶
schleuder - a groups email gateway
SYNOPSIS¶
schleuder [-c
baseconfig]
listaddress <
email
schleuder [-c
baseconfig] -test [
listaddress]
DESCRIPTION¶
Schleuder is a groups email gateway: subscribers can communicate encrypted (and
pseudonymously) among themselves, receive emails from non-subscribers and send
emails to non-subscribers via the list.
Schleuder takes care of all decryption and encryption, stripping of headers,
format conversions, etc. Schleuder can also send out its own public key upon
request and process administrative commands received by email.
Email cryptography is handled by using GnuPG. Schleuder understands all common
encapsulation formats:
inline,
multipart/encrypted and
multipart/signed.
schleuder(8) is usually called in delivery mode by a
Mail Transport Agent
with an incoming email piped to its standard input. For more informations on
how to integrate Schleuder with your existing mail setup, please look at the
Schleuder website:
http://schleuder.nadir.org/
schleuder-newlist(8) automates the creation of new mailing lists.
AUTOMATIC SENDING OF LIST PUBLIC KEY¶
To receive the public key of the mailing list anybody can send an email to the
special list address which includes
-sendkey as a postfix:
-
-
listname-sendkey@example.org
-
Schleuder will reply with the public key of the list without forwarding the
request to the list-members.
EMAIL COMMANDS¶
Schleuder provides some special commands for advanced features to be used by
list-members. Generally they are called by keywords written into the first
non-blank line of an email. Schleuder scans for those keywords in every
incoming email that is encrypted and validly signed by a list-admin or —
if allowed by the list´s configuration — a list-member.
Administrative commands (membership and key management) must be sent to the
request-address or the list, which includes
-request as a postfix:
-
-
listname-request@example.org
-
Communicative commands (resending) must be sent to the normal list-address.
Membership management¶
Resending is a list-command, that means it is only allowed in emails sent over
the mailing list.
- To receive the list of members send:
-
-
X-LIST-MEMBERS
-
- You will receive a list of list-admins and list-members,
and their public keys (or the lack thereof).
- To see details on one list-member, including his/her public
key:
-
-
X-GET-MEMBER: you@example.net
-
-
- To unsubscribe from the mailing-list:
-
-
X-UNSUBSCRIBE
-
- This will remove the member associated with the
sender´s signing key.
- To add a member:
-
-
X-ADD-MEMBER: you@example.net mime
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
mQGiBEjVO7oRBADQvT6wtD2IzzIiK0NbrcilCKCp4MWb8cYXTXguwPQI6y0Nerz4
dsK6J0X1Vgeo02tqA4xd3EDK8rdqL2yZfl/2egH8+85R3gDk+kqkfEp4pwCgp6VO
[...]
pNlF/qkaWwRb048h+iMrW21EkouLKTDPFkdFbapV2X5KJZIcfhO1zEbwc1ZKF3Ju
Q9X5GRmY62hz9SCZnsC0jeYAni8OUQV9NXfXlS/vePBUnOL08NQB
=xTv3
-----END PGP PUBLIC KEY BLOCK-----
-
- mime could also be plain (for receiving
inline-encapsulated messages) or be skipped (then the list´s
default setting is used).
- The public key block is also optional.
- To delete a member from the list:
-
-
X-DELETE-MEMBER: you@example.net
-
- Please note that this doesn´t delete any public
keys.
Key management¶
- To receive the list of public keys known to the list:
-
-
X-LIST-KEYS
-
-
- To receive a certain public key known to the list:
-
-
X-GET-KEY: foobar@example.com
-
- You can also specify a KeyID, or parts of it, as long as it
identifies the key distinctly.
- To add a public key to the list:
-
-
X-ADD-KEY:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
mQGiBEjVO7oRBADQvT6wtD2IzzIiK0NbrcilCKCp4MWb8cYXTXguwPQI6y0Nerz4
dsK6J0X1Vgeo02tqA4xd3EDK8rdqL2yZfl/2egH8+85R3gDk+kqkfEp4pwCgp6VO
[...]
pNlF/qkaWwRb048h+iMrW21EkouLKTDPFkdFbapV2X5KJZIcfhO1zEbwc1ZKF3Ju
Q9X5GRmY62hz9SCZnsC0jeYAni8OUQV9NXfXlS/vePBUnOL08NQB
=xTv3
-----END PGP PUBLIC KEY BLOCK-----
-
-
- To delete a key from the list´s keyring:
-
-
X-DELETE-KEY: 0xDEADBEEF
-
- You can also specify an email address, as long as it
identifies the key distinctly.
Resending¶
Resending is a list-command, that means it is only allowed in emails sent over
the mailing list.
- To send out an email to an external recipient (encrypted if
possible, otherwise in the clear):
-
-
X-RESEND: emailaddress@example.net
-
-
- Or to send it only if encryption is available:
-
-
X-RESEND-ENCRYPTED-ONLY: emailaddress@example.net
-
-
- To specify multiple recipients separate the addresses with
spaces or specify the command multiple times:
-
-
X-RESEND: you@example.net me@example.net
-
- or
-
-
X-RESEND: you@example.net
X-RESEND: me@example.net
-
- With the first format don´t let your Mail User Agent
break long lines!
Misc.¶
- •
- To know which version of Schleuder is installed:
X-GET-VERSION
-
OPTIONS¶
- -c path-to-schleuder-configuration
- Specify an alternate configuration directory than the
default /etc/schleuder.
- -test
- Instead of processing an incoming email, specifying this
flag will make Schleuder verify that the setup and basic settings are in a
workable state.
- -h
- Display usage and exit.
EXIT STATUS¶
- 0
- Incoming email was processed without errors.
- Configuration is correct in test mode.
- 1
- Internal failure in incoming email processing.
- Bad configuration in test mode.
- 100
- Unable to decrypt the received message.
- Unable to verify the signature when configured to only
accept signed messages.
- Message is cleartext when only encrypted messages are
allowed.
- Message is not authenticated as coming from a list-member
when authentication is required.
FILES¶
- •
- /etc/schleuder/schleuder.conf: global Schleuder
configuration
- •
- /etc/schleuder/default-list.conf: default list
settings
- •
- /var/schleuderlists/LISTNAME/list.conf:
list settings
- •
- /var/schleuderlists/LISTNAME/members.conf:
list susbcribers.
- Each member must have the email-attribute set. All other
attributes are optional.
- The following attributes are available:
- •
- mime: defines the ´pgp-variant´ to send to
the member, possible values are MIME (for pgp/mime-formatted mail
according to RFC 3156), and PLAIN (for inline-pgp). The
fallback-default for this is defined in the list.conf.
- •
- encrypted_only: schleuder tries to encrypt every
outgoing email. If that is not possible under some conditions it sends the
email unecrypted. If this attribute is set the member will never receive
unencrypted emails; the member will be skipped if encrypting is not
possible.
-
- Example:
-
-
- email: you@example.net
- email: me@example.org
mime: PLAIN
- email: them@example.com
encrypted_only: true
-
-
- •
- /var/schleuderlists/HOSTNAME/LISTNAME:
list internal data
- •
- /var/log/schleuder: Schleuder logs directory
-
All configuration files are formatted as YAML. See
http://www.yaml.org/
for more details.
BUGS¶
Known bugs are listed on the Schleuder bugtracker at
https://git.codecoop.org/projects/schleuder
SEE ALSO¶
schleuder-newlist(8),
gnupg(7).
- Schleuder website
- http://schleuder.nadir.org/
- Webschleuder website
- http://webschleuder.nadir.org/ (web interface to
schleuder)
- YAML website
- http://www.yaml.org/
