centos:mail_c7:mta_10

no way to compare when less than two revisions

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.


centos:mail_c7:mta_10 [29.01.2016 12:02. ] (aktuell) – angelegt django
Zeile 1: Zeile 1:
 +====== OPENPGP DNS & Milter ======
 +
 +
 +   # yum install hash-slinger
 +
 +   # rpm -qil hash-slinger
 +<code>Name        : hash-slinger
 +Version     : 2.7
 +Release     : 1.el7
 +Architecture: noarch
 +Install Date: Fri 22 Jan 2016 10:12:33 AM CET
 +Group       : Applications/Internet
 +Size        : 88902
 +License     : GPLv2+
 +Signature   : RSA/SHA256, Sun 03 Jan 2016 04:05:07 AM CET, Key ID 6a2faea2352c64e5
 +Source RPM  : hash-slinger-2.7-1.el7.src.rpm
 +Build Date  : Sun 03 Jan 2016 01:34:40 AM CET
 +Build Host  : buildppcle-05.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager    : Fedora Project
 +Vendor      : Fedora Project
 +URL         : http://people.redhat.com/pwouters/hash-slinger/
 +Summary     : Generate various DNS records such as RFC-4255 SSHFP and RFC-698 TLSA
 +Description :
 +This package contains various tools to generate special DNS records:
 +
 +sshfp       Generate RFC-4255 SSHFP DNS records from known_hosts files
 +            or ssh-keyscan
 +tlsa        Generate RFC-6698  TLSA DNS records via TLS
 +openpgpkey  Generate draft-ietf-dane-openpgpkey DNS records from OpenPGP
 +            keyrings
 +ipseckey    Generate RFC-4025 IPSECKEY DNS records on Libreswan
 +            IPsec servers
 +
 +This package supersedes 'sshfp' and 'swede'
 +/usr/bin/ipseckey
 +/usr/bin/openpgpkey
 +/usr/bin/sshfp
 +/usr/bin/tlsa
 +/usr/share/doc/hash-slinger-2.7
 +/usr/share/doc/hash-slinger-2.7/BUGS
 +/usr/share/doc/hash-slinger-2.7/CHANGES
 +/usr/share/doc/hash-slinger-2.7/COPYING
 +/usr/share/doc/hash-slinger-2.7/README
 +/usr/share/man/man1/ipseckey.1.gz
 +/usr/share/man/man1/openpgpkey.1.gz
 +/usr/share/man/man1/sshfp.1.gz
 +/usr/share/man/man1/tlsa.1.gz</code>
 +
 +
 +  $ openpgpkey --fetch --uid 2 michael@nausch.org                         
 +<code>-----BEGIN PGP PUBLIC KEY BLOCK-----                                                  
 +Comment: michael@nausch.org key obtained from DNS                                     
 +Comment: key transfer was protected by DNSSEC                                         
 +Version: GnuPG v2.0.22 (GNU/Linux)                                                    
 +
 +mQINBFI9/U0BEACfpc7ClI9gjdYZ4dU4oRq7OytIMJCqd9f/82zXLav2R282a+Ne
 +k997kartujdknbuAsVKpqh4kVjj7SA1/4ITkuE+d7Ski2XZZVAJQlqXgpqVmCP2w
 +Gq2zODnopuueIp0VZlKc+WlspS0NGfNiIrywEEt7joL25YqgDwejsmYiWlbd3Qnh
 +TKqlAXn6g7VZA1Bk3K7OBkV6RY7vlIrKmeefHkLrU4B2+02Two2w4tP15l9iXOUT
 +o/6bdnJYzcnGWU2cavmpxF6VoSId984rgIWNvqsJbvD+T5/fKh1ev8GfIcIANYbg
 +v0QJlplFXIvIyMJMnrKD7z+AmuACwZoAUnG9IXipb439axPje1lQMN/qpXxxzumQ
 +lsc+ctGAOmPrIVBZaeBznu5bMx+l0y2nb/dNY3mNywED4ixiCEYYez1QlXN/1NZN
 +Oo5ZFY/0ZIv+pPUF1+Th77LOo8vL7fUBKQCz1SdsZB5whe0z4GYQp8qHfJLm2Trm
 +Tmyfcs71HdUGOcr2D++HPjF6XFOPvmJ/MXEWNPYL4ne/1dvkJJIkya8B7+nXKvKs
 +ot/MWXEcuC2q9MaLbDGjNKqagJTrPmZavi5nAuQgfGbQCmDrbDX+DaX1TmTMtQ0h
 +ceDbEnuV5J0+OdZRwQurZdbDA0w7N+6Q7hdPKS6pCjQEJXGHthz1ojO0qQARAQAB
 +tCNNaWNoYWVsIE5hdXNjaCA8bWljaGFlbEBuYXVzY2gub3JnPokCPQQTAQgAJwUC
 +Uj39TQIbAwUJBKKGAAULCQgHAwUVCgkICwUWAwIBAAIeAQIXgAAKCRAHTs9hUKa/
 +7bVYD/wLgjtz9l3tsyPbuqG3d9vqSfwCcHyMXako+fB3Llq3ImOmJ2YoYYGCmx6m
 +FF2zzK3HeiofyVTAMkYtLxZcmAQw32YtTvSEa9RyibOl21ayCuVyeYSpjcsOYglS
 +G3I82uPpMj8ob/ich3QARqU1EPpCMqQsxPnP9At6glcldZ2BIK6poDdGnHwS0JKJ
 +zqQ8ImKNJlA8CfuRTGlpaxoh3VP0sjKIUhqC3yuw64fAU/gl5KGQVzp9jFgWKqw4
 +hHKhdwMj9gmh/MkvmaL/cITSh3uTcs/xEL/e9keTPQ8E3JbiGy2UuChJdwHoYE//
 +6RUP5XXpHPgcl8ffQJEq51rZHs8YXWQnFvGL9+T2YK2AXPrEHP1FeS8MWTX1GKWa
 +Rs4r5Ax5iosw+h/1dDRd6Ph3z2dD+QIbLg2t8ALtzbKUr1rsQ9NrLta1zt7P4lj3
 +Qr0PCwWMp9QXw/nkIiSYmfxuzUWE3oR1H2W7Ol2jSzslW2RBOpqVSd7bwyNUGg3t
 +AWGCvRSSucBV+nCr1/r+HpnFIWm6rkpQKjbozt+4z+CoozytNLD/jwAoTBukSOmN
 +5vEpukoRLYmLiNhsfm1wJeqjhCvfrec48t1jLYQDkC+O2+uuVMvbdA6eR8T1WCpk
 +lxcnyP0KZbRellLoFzxQbQl6rBU1I1axyxz4VbkXzEfRISeaDLQ2TWljaGFlbCBO
 +YXVzY2ggKGFrYSBEamFuZ28gW0JPZkhdKSA8ZGphbmdvQG5hdXNjaC5vcmc+iQI9
 +BBMBCAAnBQJSPgXoAhsDBQkEooYABQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJ
 +EAdOz2FQpr/t+4sP/jRt0dc5fTM5ZaZ7Dnmb1K5O9XR7T5ByLbflHb27LRWNkYEk
 +jsKoJ6Z/h8E59r5d6zR13UeW2LTr7THU3uk70s0BAEBkI5HkI1MMYX3ZhVK8W5mi
 +gWpNIT7gXa7ngfipgrVXZGUZwU0roRdqZ1CZ94e76FtYUjMNnZ6KlbPJQZCN3S/w
 +91DoQGCJrVpWqNOTHB5nZaHFGyWWdIAYBr5pjFboHzTGtYU1W6y248bmUafIyBk6
 +Z6p4oMVyPsGFes7IRseUBJhClEPYYCY8+fFbmpGTvfpHM5X/zIdJqQAk7OX9ttlw
 +o4MskoQHNKz5kDzIF4uDUNIQq8ZkoxvuiPlaZsk4/AiCAwM+D0rng88/i0sbxxRi
 +iuEuqz+MdtQQz3TwogVc2VPC5JtrQEWWC9cikTVX71l9DpisP/uwC0/LtmnmSLix
 +h/zLN75SJ/PCfZbaT6r8ANob5+LxX/MHdfyv54qQaPlB4w2UDc0QJSPB2+bR2wDq
 +ueJRp92M93WaQzvxsTD6kurPxkvTTlaGo7LHf/04flvRNILH1mdavvFO+DKrat2w
 +C5NITtBaLcXiJvAmZS3ZfhSsiK8YdQF+BJi+B7mjZGqcqUT+gZsPKQuahcX+2SbE
 +2X0ID5QznRmX1HWCm+CQcATaErNTJT+Ika037kDN2kq233H4UTOIZcHLjV/ntDNN
 +aWNoYWVsIE5hdXNjaCAoYWthIEJpZ0NoaWVmKSA8YmlnY2hpZWZAb21uaTEyOC5k
 +ZT6JAj0EEwEIACcFAlI+BiACGwMFCQSihgAFCwkIBwMFFQoJCAsFFgMCAQACHgEC
 +F4AACgkQB07PYVCmv+1jFA//XPJSEQkXdsHlMfofK7cUG5ZU6LZwU1zfi5hbYizc
 +1z6rD3+5v4HS7Oz7nUv8SOYkB/ot99AXfqgbh6Iin3RfRi5gSx1DJuhRNhzOW+1F
 +ocjYPXHvWdGLVmbwCmPLjoA72ct4SH4gyLRNZH0dvUPT8vfXEKRIaiCNB7ht93UJ
 +XcDn97DY54q+EfxkywVmlK1EYmNN+3EUuBPNVpumC+6Zy3u/plphxUZa6LEZEihp
 +I+d2EPSBOw1MYihYfqYLRKGziTTEJmvUEt5pnI5S9uE0IqedAOUTdjwhOnzyJk+P
 +ulEGnhtoJ1v0DIYEYiIEaVPIp8Pax151QbnYDSPIe+WlOpbG3C1Yb8CTz65FpcwS
 +jG84GjoTrapePWj07PwwAC5+/Yvqr1AAKIzqEJkfIv5qW5OCwAWkChL3rATWyDaP
 +HwYStsZ3Xgn/oUkx7StOstwqqrdmd0vJJKKnMYV9wjE/W0SYoT0UDwzK0XSUCFPN
 +rHCHML0CINa7/rX9NYCSX6K55APnslqoHh1c1gIhaZ2srs7sryfTDy65V32Stxg7
 +oAXO9DJn6AcgAJHSpopQJgTqfez8djL5j34kjiGXncqv3CZNDiVzeoTTjDG41Rmy
 +HhSUKpyo8WGkvmhIXWzbcMrxEueclyppMgSqb2JCl0iIFu1Uu7Wg7qRPygZLXAdT
 +kuq5Ag0EUj39TQEQAMIfFbJQ8x/gRrmRRlO3AmSHZfI1I0+OU97iXhYPDc5ncWh+
 +BWYq1q2j3NiQAljpWyc4sX/uJtPtsiTms7hp4P8H0zlHGZHiGDRZ/kWn7j7mioaY
 +6/8tXBM07hRe21rngt247icBRX927RnHO813JaNjb6/aEpyO9qkOr2SrQfBSysbd
 +1XNc/I4cxGEUCqghJcrh6fcYA1z4Pek6UBziBocSPSZ4hfXEE4pS4P0l1OQpEngT
 +pTb4jKRClj2grOyUfyPs4vLbWta5T4H2JLsD289JmRSOFu9KRQwqc0hDHnYFs1Uu
 +90HPJHzQ/BIrOdGUfnjzsOcL5CUQDi/09Mm2Duz6F3U8WyIc6vLTAG8ciFkAGTj0
 +VcwjHFdq7uijJrjkzl3LI3OC7wIX5XDk2kTh2fmp/dEo5LAjfJHUimQKDibkznJt
 +suLWlgJD6MorOB8qyA3hSjAhA/I6sqGd/nbHsFTvJWB/VPjXxDHIYGfEG55ur5rD
 +O6xEALS8SKruVL97avxulLQ5X1vc7JgM1C/AF7L6wCQAfa7QkGoBDvLZyKOsCxxi
 +ELotiG1QaGtocgH2dNnDklwx4RJ0W5IJGxei9fUA2YOvy9SvAYINpmWKZJuDiiNO
 +YR5OjcywXvTcYglxgcDwpSk0xw/IKjZevR90/xIItWGAkFpsOqv6s2i6npE5ABEB
 +AAGJAiUEGAEIAA8FAlI9/U0CGwwFCQSihgAACgkQB07PYVCmv+3glQ//VpUYontl
 +CsnPPrEUZNYbdvawm4EN0jEtNYc0EFY/13shsHEBX+x28HzqE3M87B5xBU5KNwkE
 +VKZVK1CYKJ5kG8Gv3sTzlTbvC1i1xFH9HO+NZFQqG1WupG8zVKsLJoIHUkplA7lO
 +ZfA0z262VH4JJaQU6tv7WQXbEEaXUpa0hsoJmvei/ShaYpDZiDhl6dVbDGw3hJ54
 +t4H1YQGZk7sely/DyUXhmRlyTqB6AH4ZFGDeysQk4D1iPqGnhCOJnsyJ/UwRRdSn
 +kUjAF8EB3kw2cyB++LgOyrqVFbxkO/JTepDDWwfzAlcQ18dc/DBhdOVNhLH7AFxp
 +CS+64+snMskT88mvkRkcc7OBYhITKnn2XDuSBkWiw6UAFFoKgb1ZCBnMMnG086ZD
 +WMLZkCQ1nL8pX7wPdyUU9YP9U5YvTYeuCrNpNy7xM3l5BEFK/Y91fygnvy4UBtJ0
 +LymqM80MuSVRgQrFdxJAFgHN+ziRw9v+VRijWzmufeHkqUo77BVot9mDmouAiUGw
 +cK1hGL0Nl34rgN6gOETPzGLiOLBmytVW/fGZ0hwerRuE7rk0W5lapE2lQeQPjCiL
 +2LeJPxcPjsBJa3h05QwIaZo18Wb9esnjBjzjV4fRY0+akiJw/w6+V893FGbZnHIv
 +/cDg8Z+10RIiBZa9qC50NNTfhPD70lV+HRc=
 +=usnJ
 +-----END PGP PUBLIC KEY BLOCK-----</code>
 +
 +
 +   # yum install openpgpkey-milter -y
 +
 +   # rpm -qil openpgpkey-milter 
 +<code>Name        : openpgpkey-milter
 +Version     : 0.5
 +Release     : 1.el7
 +Architecture: noarch
 +Install Date: Fri 29 Jan 2016 12:35:15 PM CET
 +Group       : System Environment/Daemons
 +Size        : 50233
 +License     : GPLv3+
 +Signature   : RSA/SHA256, Mon 04 Jan 2016 04:56:06 PM CET, Key ID 6a2faea2352c64e5
 +Source RPM  : openpgpkey-milter-0.5-1.el7.src.rpm
 +Build Date  : Mon 04 Jan 2016 01:08:27 AM CET
 +Build Host  : bvirthost02-nfs.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager    : Fedora Project
 +Vendor      : Fedora Project
 +URL         : ftp://ftp.nohats.ca/openpgpkey-milter
 +Summary     : OPENPGPKEY basd automatic encryption of emails using the milter API
 +Description :
 +The openpgpkey-milter package provides a milter plugin for sendmail or postfix
 +that will automatically encrypt plaintext emails if the target recipient is
 +publishing an OPENPGPKEY record protected with DNSSEC. This is currently an
 +IETF draft (draft-wouters-dane-openpgp)
 +/etc/tmpfiles.d/openpgpkey-milter.conf
 +/usr/lib/systemd/system/openpgpkey-milter.service
 +/usr/sbin/openpgpkey-milter
 +/usr/share/doc/openpgpkey-milter-0.5
 +/usr/share/doc/openpgpkey-milter-0.5/LICENSE
 +/usr/share/doc/openpgpkey-milter-0.5/README
 +/var/run/openpgpkey-milter
 +/var/run/openpgpkey-milter/openpgpkey-milter.sock
 +/var/spool/openpgpkey-milter</code>
 +
 +==== README ====
 +
 +   # less /usr/share/doc/openpgpkey-milter-0.5/README
 +<code>
 +WARNING
 +=======
 +
 +This is pre-release software. It's only been testing by me on my personal
 +postfix server. Running this anywhere on a production machine might cost 
 +you your job, although afterwards please do let me know how it failed you
 +so I can fix it.                                                         
 +
 +openpgpkey-milter
 +-----------------
 +
 +openpgpkey-milter is a sendmail/postfix milter service that will attempt
 +to automatically OpenPGP encrypt plaintext emails received by the MTA/MUA
 +before relaying the message further towards the recipient(s). These can be
 +messages received from the network, or generated locally.
 +
 +Requirements
 +------------
 +Apart from requiring a milter compatible mail server (postfix or sendmail),
 +openpgpkey-milter requires:
 +
 +* python-unbound / unbound-python (in all major distros)
 +* python-milter / python-pymilter (in all major distros)
 +* [python-gnupg](http://pythonhosted.org/python-gnupg/)
 +  (older versions might need a [patch](http://code.google.com/p/python-gnupg/issues/detail?id=94)
 +* gnupg, libmilter, etc which are dragged in dependancies by the above packages
 +
 +Recommended
 +-----------
 +
 +The [hash-slinger](http://people.redhat.com/pwouters/hash-slinger/)
 +package contains an "openpgpkey" command that allows you to generate and
 +verify your own OPENPGPKEY records.
 +
 +How does it work
 +----------------
 +
 +openpgpkey-milter detects when a message is not encrypted with gpg and
 +then checks all the recipients to see if they published the special
 +[OPENPGPKEY](http://tools.ietf.org/html/draft-ietf-dane-openpgpkey) DNS record.
 +
 +Configuration of the milter service
 +-----------------------------------
 +
 +To use openpgpkey-milter with postfix, add to `/etc/postfix/main.cf`
 +
 +     smtpd_milters = inet:127.0.0.1:8890
 +     non_smtpd_milters = $smtpd_milters
 +     milter_default_action = tempfail
 +     milter_protocol = 2
 +
 +If you run `opendkim`, ensure you add openpgpkey-milter **before** opendkim
 +or you'll break the opendkim signatures. For the fedora/rhel configuration
 +where opendkims uses port 8891, you can use the following:
 +
 +     smtpd_milters = inet:127.0.0.1:8890, inet:127.0.0.1:8891
 +     non_smtpd_milters = $smtpd_milters
 +     milter_protocol = 2
 +     milter_default_action = accept
 +
 +Mailing list and bug reports
 +----------------------------
 +
 +There is no mailing list yet. Please send questions and bug reports
 +to paul@nohats.ca. However if you run openpgpkey-milter on your mail
 +server and it broke, you might be better of mailing me at the unsigned
 +domain paul@cypherpunks.ca.
 +
 +</code>
 +
 +====== openpgpkey-milter ======
 +
 +nix zu tun
 +
 +   # vim /etc/tmpfiles.d/openpgpkey-milter.conf
 +<file bash /etc/tmpfiles.d/openpgpkey-milter.conf>D /var/run/openpgpkey-milter 0770 root mail -
 +</file>
 +
 +
 +   # systemctl start openpgpkey-milter
 +
 +
 +   # systemctl status openpgpkey-milter
 +<code>● openpgpkey-milter.service - OPENPGPKEY auto encryption milter
 +   Loaded: loaded (/usr/lib/systemd/system/openpgpkey-milter.service; disabled; vendor preset: disabled)
 +   Active: active (running) since Fri 2016-01-29 12:45:19 CET; 22s ago
 + Main PID: 3880 (openpgpkey-milt)
 +   CGroup: /system.slice/openpgpkey-milter.service
 +           ├─3880 /usr/bin/python /usr/sbin/openpgpkey-milter
 +           └─3886 /usr/bin/python /usr/sbin/openpgpkey-milter
 +
 +Jan 29 12:45:19 vml000087.dmz.nausch.org systemd[1]: Started OPENPGPKEY auto encryption milter.
 +Jan 29 12:45:19 vml000087.dmz.nausch.org systemd[1]: Starting OPENPGPKEY auto encryption milter...
 +Jan 29 12:45:20 vml000087.dmz.nausch.org openpgpkey-milter[3880]: openpgpkey-milter: failed to setproctitle - python-setproctitle missing?
 +Jan 29 12:45:20 vml000087.dmz.nausch.org openpgpkey-milter[3880]: starting daemon [3880] version 0.5 on port 8890 at /var/spool/openpgpkey-milter with timeout 600</code>
  
  • centos/mail_c7/mta_10.txt
  • Zuletzt geändert: 29.01.2016 12:02.
  • von django