Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

centos:mail_c7:mta_10 [29.01.2016 12:02. ] (aktuell)
django angelegt
Zeile 1: Zeile 1:
 +====== OPENPGP DNS & Milter ======
 +
 +
 +   # yum install hash-slinger
 +
 +   # rpm -qil hash-slinger
 +<​code>​Name ​       : hash-slinger
 +Version ​    : 2.7
 +Release ​    : 1.el7
 +Architecture:​ noarch
 +Install Date: Fri 22 Jan 2016 10:12:33 AM CET
 +Group       : Applications/​Internet
 +Size        : 88902
 +License ​    : GPLv2+
 +Signature ​  : RSA/SHA256, Sun 03 Jan 2016 04:05:07 AM CET, Key ID 6a2faea2352c64e5
 +Source RPM  : hash-slinger-2.7-1.el7.src.rpm
 +Build Date  : Sun 03 Jan 2016 01:34:40 AM CET
 +Build Host  : buildppcle-05.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager ​   : Fedora Project
 +Vendor ​     : Fedora Project
 +URL         : http://​people.redhat.com/​pwouters/​hash-slinger/​
 +Summary ​    : Generate various DNS records such as RFC-4255 SSHFP and RFC-698 TLSA
 +Description :
 +This package contains various tools to generate special DNS records:
 +
 +sshfp       ​Generate RFC-4255 SSHFP DNS records from known_hosts files
 +            or ssh-keyscan
 +tlsa        Generate RFC-6698 ​ TLSA DNS records via TLS
 +openpgpkey ​ Generate draft-ietf-dane-openpgpkey DNS records from OpenPGP
 +            keyrings
 +ipseckey ​   Generate RFC-4025 IPSECKEY DNS records on Libreswan
 +            IPsec servers
 +
 +This package supersedes '​sshfp'​ and '​swede'​
 +/​usr/​bin/​ipseckey
 +/​usr/​bin/​openpgpkey
 +/​usr/​bin/​sshfp
 +/​usr/​bin/​tlsa
 +/​usr/​share/​doc/​hash-slinger-2.7
 +/​usr/​share/​doc/​hash-slinger-2.7/​BUGS
 +/​usr/​share/​doc/​hash-slinger-2.7/​CHANGES
 +/​usr/​share/​doc/​hash-slinger-2.7/​COPYING
 +/​usr/​share/​doc/​hash-slinger-2.7/​README
 +/​usr/​share/​man/​man1/​ipseckey.1.gz
 +/​usr/​share/​man/​man1/​openpgpkey.1.gz
 +/​usr/​share/​man/​man1/​sshfp.1.gz
 +/​usr/​share/​man/​man1/​tlsa.1.gz</​code>​
 +
 +
 +  $ openpgpkey --fetch --uid 2 michael@nausch.org ​                        
 +<​code>​-----BEGIN PGP PUBLIC KEY BLOCK----- ​                                                 ​
 +Comment: michael@nausch.org key obtained from DNS                                     
 +Comment: key transfer was protected by DNSSEC ​                                        
 +Version: GnuPG v2.0.22 (GNU/​Linux) ​                                                   ​
 +
 +mQINBFI9/​U0BEACfpc7ClI9gjdYZ4dU4oRq7OytIMJCqd9f/​82zXLav2R282a+Ne
 +k997kartujdknbuAsVKpqh4kVjj7SA1/​4ITkuE+d7Ski2XZZVAJQlqXgpqVmCP2w
 +Gq2zODnopuueIp0VZlKc+WlspS0NGfNiIrywEEt7joL25YqgDwejsmYiWlbd3Qnh
 +TKqlAXn6g7VZA1Bk3K7OBkV6RY7vlIrKmeefHkLrU4B2+02Two2w4tP15l9iXOUT
 +o/​6bdnJYzcnGWU2cavmpxF6VoSId984rgIWNvqsJbvD+T5/​fKh1ev8GfIcIANYbg
 +v0QJlplFXIvIyMJMnrKD7z+AmuACwZoAUnG9IXipb439axPje1lQMN/​qpXxxzumQ
 +lsc+ctGAOmPrIVBZaeBznu5bMx+l0y2nb/​dNY3mNywED4ixiCEYYez1QlXN/​1NZN
 +Oo5ZFY/​0ZIv+pPUF1+Th77LOo8vL7fUBKQCz1SdsZB5whe0z4GYQp8qHfJLm2Trm
 +Tmyfcs71HdUGOcr2D++HPjF6XFOPvmJ/​MXEWNPYL4ne/​1dvkJJIkya8B7+nXKvKs
 +ot/​MWXEcuC2q9MaLbDGjNKqagJTrPmZavi5nAuQgfGbQCmDrbDX+DaX1TmTMtQ0h
 +ceDbEnuV5J0+OdZRwQurZdbDA0w7N+6Q7hdPKS6pCjQEJXGHthz1ojO0qQARAQAB
 +tCNNaWNoYWVsIE5hdXNjaCA8bWljaGFlbEBuYXVzY2gub3JnPokCPQQTAQgAJwUC
 +Uj39TQIbAwUJBKKGAAULCQgHAwUVCgkICwUWAwIBAAIeAQIXgAAKCRAHTs9hUKa/​
 +7bVYD/​wLgjtz9l3tsyPbuqG3d9vqSfwCcHyMXako+fB3Llq3ImOmJ2YoYYGCmx6m
 +FF2zzK3HeiofyVTAMkYtLxZcmAQw32YtTvSEa9RyibOl21ayCuVyeYSpjcsOYglS
 +G3I82uPpMj8ob/​ich3QARqU1EPpCMqQsxPnP9At6glcldZ2BIK6poDdGnHwS0JKJ
 +zqQ8ImKNJlA8CfuRTGlpaxoh3VP0sjKIUhqC3yuw64fAU/​gl5KGQVzp9jFgWKqw4
 +hHKhdwMj9gmh/​MkvmaL/​cITSh3uTcs/​xEL/​e9keTPQ8E3JbiGy2UuChJdwHoYE//​
 +6RUP5XXpHPgcl8ffQJEq51rZHs8YXWQnFvGL9+T2YK2AXPrEHP1FeS8MWTX1GKWa
 +Rs4r5Ax5iosw+h/​1dDRd6Ph3z2dD+QIbLg2t8ALtzbKUr1rsQ9NrLta1zt7P4lj3
 +Qr0PCwWMp9QXw/​nkIiSYmfxuzUWE3oR1H2W7Ol2jSzslW2RBOpqVSd7bwyNUGg3t
 +AWGCvRSSucBV+nCr1/​r+HpnFIWm6rkpQKjbozt+4z+CoozytNLD/​jwAoTBukSOmN
 +5vEpukoRLYmLiNhsfm1wJeqjhCvfrec48t1jLYQDkC+O2+uuVMvbdA6eR8T1WCpk
 +lxcnyP0KZbRellLoFzxQbQl6rBU1I1axyxz4VbkXzEfRISeaDLQ2TWljaGFlbCBO
 +YXVzY2ggKGFrYSBEamFuZ28gW0JPZkhdKSA8ZGphbmdvQG5hdXNjaC5vcmc+iQI9
 +BBMBCAAnBQJSPgXoAhsDBQkEooYABQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJ
 +EAdOz2FQpr/​t+4sP/​jRt0dc5fTM5ZaZ7Dnmb1K5O9XR7T5ByLbflHb27LRWNkYEk
 +jsKoJ6Z/​h8E59r5d6zR13UeW2LTr7THU3uk70s0BAEBkI5HkI1MMYX3ZhVK8W5mi
 +gWpNIT7gXa7ngfipgrVXZGUZwU0roRdqZ1CZ94e76FtYUjMNnZ6KlbPJQZCN3S/​w
 +91DoQGCJrVpWqNOTHB5nZaHFGyWWdIAYBr5pjFboHzTGtYU1W6y248bmUafIyBk6
 +Z6p4oMVyPsGFes7IRseUBJhClEPYYCY8+fFbmpGTvfpHM5X/​zIdJqQAk7OX9ttlw
 +o4MskoQHNKz5kDzIF4uDUNIQq8ZkoxvuiPlaZsk4/​AiCAwM+D0rng88/​i0sbxxRi
 +iuEuqz+MdtQQz3TwogVc2VPC5JtrQEWWC9cikTVX71l9DpisP/​uwC0/​LtmnmSLix
 +h/​zLN75SJ/​PCfZbaT6r8ANob5+LxX/​MHdfyv54qQaPlB4w2UDc0QJSPB2+bR2wDq
 +ueJRp92M93WaQzvxsTD6kurPxkvTTlaGo7LHf/​04flvRNILH1mdavvFO+DKrat2w
 +C5NITtBaLcXiJvAmZS3ZfhSsiK8YdQF+BJi+B7mjZGqcqUT+gZsPKQuahcX+2SbE
 +2X0ID5QznRmX1HWCm+CQcATaErNTJT+Ika037kDN2kq233H4UTOIZcHLjV/​ntDNN
 +aWNoYWVsIE5hdXNjaCAoYWthIEJpZ0NoaWVmKSA8YmlnY2hpZWZAb21uaTEyOC5k
 +ZT6JAj0EEwEIACcFAlI+BiACGwMFCQSihgAFCwkIBwMFFQoJCAsFFgMCAQACHgEC
 +F4AACgkQB07PYVCmv+1jFA//​XPJSEQkXdsHlMfofK7cUG5ZU6LZwU1zfi5hbYizc
 +1z6rD3+5v4HS7Oz7nUv8SOYkB/​ot99AXfqgbh6Iin3RfRi5gSx1DJuhRNhzOW+1F
 +ocjYPXHvWdGLVmbwCmPLjoA72ct4SH4gyLRNZH0dvUPT8vfXEKRIaiCNB7ht93UJ
 +XcDn97DY54q+EfxkywVmlK1EYmNN+3EUuBPNVpumC+6Zy3u/​plphxUZa6LEZEihp
 +I+d2EPSBOw1MYihYfqYLRKGziTTEJmvUEt5pnI5S9uE0IqedAOUTdjwhOnzyJk+P
 +ulEGnhtoJ1v0DIYEYiIEaVPIp8Pax151QbnYDSPIe+WlOpbG3C1Yb8CTz65FpcwS
 +jG84GjoTrapePWj07PwwAC5+/​Yvqr1AAKIzqEJkfIv5qW5OCwAWkChL3rATWyDaP
 +HwYStsZ3Xgn/​oUkx7StOstwqqrdmd0vJJKKnMYV9wjE/​W0SYoT0UDwzK0XSUCFPN
 +rHCHML0CINa7/​rX9NYCSX6K55APnslqoHh1c1gIhaZ2srs7sryfTDy65V32Stxg7
 +oAXO9DJn6AcgAJHSpopQJgTqfez8djL5j34kjiGXncqv3CZNDiVzeoTTjDG41Rmy
 +HhSUKpyo8WGkvmhIXWzbcMrxEueclyppMgSqb2JCl0iIFu1Uu7Wg7qRPygZLXAdT
 +kuq5Ag0EUj39TQEQAMIfFbJQ8x/​gRrmRRlO3AmSHZfI1I0+OU97iXhYPDc5ncWh+
 +BWYq1q2j3NiQAljpWyc4sX/​uJtPtsiTms7hp4P8H0zlHGZHiGDRZ/​kWn7j7mioaY
 +6/​8tXBM07hRe21rngt247icBRX927RnHO813JaNjb6/​aEpyO9qkOr2SrQfBSysbd
 +1XNc/​I4cxGEUCqghJcrh6fcYA1z4Pek6UBziBocSPSZ4hfXEE4pS4P0l1OQpEngT
 +pTb4jKRClj2grOyUfyPs4vLbWta5T4H2JLsD289JmRSOFu9KRQwqc0hDHnYFs1Uu
 +90HPJHzQ/​BIrOdGUfnjzsOcL5CUQDi/​09Mm2Duz6F3U8WyIc6vLTAG8ciFkAGTj0
 +VcwjHFdq7uijJrjkzl3LI3OC7wIX5XDk2kTh2fmp/​dEo5LAjfJHUimQKDibkznJt
 +suLWlgJD6MorOB8qyA3hSjAhA/​I6sqGd/​nbHsFTvJWB/​VPjXxDHIYGfEG55ur5rD
 +O6xEALS8SKruVL97avxulLQ5X1vc7JgM1C/​AF7L6wCQAfa7QkGoBDvLZyKOsCxxi
 +ELotiG1QaGtocgH2dNnDklwx4RJ0W5IJGxei9fUA2YOvy9SvAYINpmWKZJuDiiNO
 +YR5OjcywXvTcYglxgcDwpSk0xw/​IKjZevR90/​xIItWGAkFpsOqv6s2i6npE5ABEB
 +AAGJAiUEGAEIAA8FAlI9/​U0CGwwFCQSihgAACgkQB07PYVCmv+3glQ//​VpUYontl
 +CsnPPrEUZNYbdvawm4EN0jEtNYc0EFY/​13shsHEBX+x28HzqE3M87B5xBU5KNwkE
 +VKZVK1CYKJ5kG8Gv3sTzlTbvC1i1xFH9HO+NZFQqG1WupG8zVKsLJoIHUkplA7lO
 +ZfA0z262VH4JJaQU6tv7WQXbEEaXUpa0hsoJmvei/​ShaYpDZiDhl6dVbDGw3hJ54
 +t4H1YQGZk7sely/​DyUXhmRlyTqB6AH4ZFGDeysQk4D1iPqGnhCOJnsyJ/​UwRRdSn
 +kUjAF8EB3kw2cyB++LgOyrqVFbxkO/​JTepDDWwfzAlcQ18dc/​DBhdOVNhLH7AFxp
 +CS+64+snMskT88mvkRkcc7OBYhITKnn2XDuSBkWiw6UAFFoKgb1ZCBnMMnG086ZD
 +WMLZkCQ1nL8pX7wPdyUU9YP9U5YvTYeuCrNpNy7xM3l5BEFK/​Y91fygnvy4UBtJ0
 +LymqM80MuSVRgQrFdxJAFgHN+ziRw9v+VRijWzmufeHkqUo77BVot9mDmouAiUGw
 +cK1hGL0Nl34rgN6gOETPzGLiOLBmytVW/​fGZ0hwerRuE7rk0W5lapE2lQeQPjCiL
 +2LeJPxcPjsBJa3h05QwIaZo18Wb9esnjBjzjV4fRY0+akiJw/​w6+V893FGbZnHIv
 +/​cDg8Z+10RIiBZa9qC50NNTfhPD70lV+HRc=
 +=usnJ
 +-----END PGP PUBLIC KEY BLOCK-----</​code>​
 +
 +
 +   # yum install openpgpkey-milter -y
 +
 +   # rpm -qil openpgpkey-milter ​
 +<​code>​Name ​       : openpgpkey-milter
 +Version ​    : 0.5
 +Release ​    : 1.el7
 +Architecture:​ noarch
 +Install Date: Fri 29 Jan 2016 12:35:15 PM CET
 +Group       : System Environment/​Daemons
 +Size        : 50233
 +License ​    : GPLv3+
 +Signature ​  : RSA/SHA256, Mon 04 Jan 2016 04:56:06 PM CET, Key ID 6a2faea2352c64e5
 +Source RPM  : openpgpkey-milter-0.5-1.el7.src.rpm
 +Build Date  : Mon 04 Jan 2016 01:08:27 AM CET
 +Build Host  : bvirthost02-nfs.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager ​   : Fedora Project
 +Vendor ​     : Fedora Project
 +URL         : ftp://​ftp.nohats.ca/​openpgpkey-milter
 +Summary ​    : OPENPGPKEY basd automatic encryption of emails using the milter API
 +Description :
 +The openpgpkey-milter package provides a milter plugin for sendmail or postfix
 +that will automatically encrypt plaintext emails if the target recipient is
 +publishing an OPENPGPKEY record protected with DNSSEC. This is currently an
 +IETF draft (draft-wouters-dane-openpgp)
 +/​etc/​tmpfiles.d/​openpgpkey-milter.conf
 +/​usr/​lib/​systemd/​system/​openpgpkey-milter.service
 +/​usr/​sbin/​openpgpkey-milter
 +/​usr/​share/​doc/​openpgpkey-milter-0.5
 +/​usr/​share/​doc/​openpgpkey-milter-0.5/​LICENSE
 +/​usr/​share/​doc/​openpgpkey-milter-0.5/​README
 +/​var/​run/​openpgpkey-milter
 +/​var/​run/​openpgpkey-milter/​openpgpkey-milter.sock
 +/​var/​spool/​openpgpkey-milter</​code>​
 +
 +==== README ====
 +
 +   # less /​usr/​share/​doc/​openpgpkey-milter-0.5/​README
 +<​code>​
 +WARNING
 +=======
 +
 +This is pre-release software. It's only been testing by me on my personal
 +postfix server. Running this anywhere on a production machine might cost 
 +you your job, although afterwards please do let me know how it failed you
 +so I can fix it.                                                         
 +
 +openpgpkey-milter
 +-----------------
 +
 +openpgpkey-milter is a sendmail/​postfix milter service that will attempt
 +to automatically OpenPGP encrypt plaintext emails received by the MTA/MUA
 +before relaying the message further towards the recipient(s). These can be
 +messages received from the network, or generated locally.
 +
 +Requirements
 +------------
 +Apart from requiring a milter compatible mail server (postfix or sendmail),
 +openpgpkey-milter requires:
 +
 +* python-unbound / unbound-python (in all major distros)
 +* python-milter / python-pymilter (in all major distros)
 +* [python-gnupg](http://​pythonhosted.org/​python-gnupg/​)
 +  (older versions might need a [patch](http://​code.google.com/​p/​python-gnupg/​issues/​detail?​id=94)
 +* gnupg, libmilter, etc which are dragged in dependancies by the above packages
 +
 +Recommended
 +-----------
 +
 +The [hash-slinger](http://​people.redhat.com/​pwouters/​hash-slinger/​)
 +package contains an "​openpgpkey"​ command that allows you to generate and
 +verify your own OPENPGPKEY records.
 +
 +How does it work
 +----------------
 +
 +openpgpkey-milter detects when a message is not encrypted with gpg and
 +then checks all the recipients to see if they published the special
 +[OPENPGPKEY](http://​tools.ietf.org/​html/​draft-ietf-dane-openpgpkey) DNS record.
 +
 +Configuration of the milter service
 +-----------------------------------
 +
 +To use openpgpkey-milter with postfix, add to `/​etc/​postfix/​main.cf`
 +
 +     ​smtpd_milters = inet:​127.0.0.1:​8890
 +     ​non_smtpd_milters = $smtpd_milters
 +     ​milter_default_action = tempfail
 +     ​milter_protocol = 2
 +
 +If you run `opendkim`, ensure you add openpgpkey-milter **before** opendkim
 +or you'll break the opendkim signatures. For the fedora/rhel configuration
 +where opendkims uses port 8891, you can use the following:
 +
 +     ​smtpd_milters = inet:​127.0.0.1:​8890,​ inet:​127.0.0.1:​8891
 +     ​non_smtpd_milters = $smtpd_milters
 +     ​milter_protocol = 2
 +     ​milter_default_action = accept
 +
 +Mailing list and bug reports
 +----------------------------
 +
 +There is no mailing list yet. Please send questions and bug reports
 +to paul@nohats.ca. However if you run openpgpkey-milter on your mail
 +server and it broke, you might be better of mailing me at the unsigned
 +domain paul@cypherpunks.ca.
 +
 +</​code>​
 +
 +====== openpgpkey-milter ======
 +
 +nix zu tun
 +
 +   # vim /​etc/​tmpfiles.d/​openpgpkey-milter.conf
 +<file bash /​etc/​tmpfiles.d/​openpgpkey-milter.conf>​D /​var/​run/​openpgpkey-milter 0770 root mail -
 +</​file>​
 +
 +
 +   # systemctl start openpgpkey-milter
 +
 +
 +   # systemctl status openpgpkey-milter
 +<​code>​● openpgpkey-milter.service - OPENPGPKEY auto encryption milter
 +   ​Loaded:​ loaded (/​usr/​lib/​systemd/​system/​openpgpkey-milter.service;​ disabled; vendor preset: disabled)
 +   ​Active:​ active (running) since Fri 2016-01-29 12:45:19 CET; 22s ago
 + Main PID: 3880 (openpgpkey-milt)
 +   ​CGroup:​ /​system.slice/​openpgpkey-milter.service
 +           ​├─3880 /​usr/​bin/​python /​usr/​sbin/​openpgpkey-milter
 +           ​└─3886 /​usr/​bin/​python /​usr/​sbin/​openpgpkey-milter
 +
 +Jan 29 12:45:19 vml000087.dmz.nausch.org systemd[1]: Started OPENPGPKEY auto encryption milter.
 +Jan 29 12:45:19 vml000087.dmz.nausch.org systemd[1]: Starting OPENPGPKEY auto encryption milter...
 +Jan 29 12:45:20 vml000087.dmz.nausch.org openpgpkey-milter[3880]:​ openpgpkey-milter:​ failed to setproctitle - python-setproctitle missing?
 +Jan 29 12:45:20 vml000087.dmz.nausch.org openpgpkey-milter[3880]:​ starting daemon [3880] version 0.5 on port 8890 at /​var/​spool/​openpgpkey-milter with timeout 600</​code>​
  
  • centos/mail_c7/mta_10.txt
  • Zuletzt geändert: 29.01.2016 12:02.
  • von django