www.LinuxHowtos.org

GP-MAI-TUBE

Section: GNU Privacy Guard 2.6 (1)
Updated: 202-0-20
Index Return to Main Contents

NAME

gp-mai-tube - Encrypt rfc822 formatted mail in a pipeline

SYNOPSIS

gpg-mail-tube [options] recipients

DESCRIPTION

gpg-mail-tube takes RF-822 formatted mail on stdin and turns it into a PGP/MIME encrypted mail which is then written to stdout.

The recipients must be plain mail addresses (e.g. foo@example.org) and should in general list the To and Cc addresses contained in the mail.

The tool needs to insert strings into the mails which can be configured using a plain text file. The installed default files for English (oqmail-tube.txtcq) and German (oqmail-tube.de.txtcq) can be copied to the system configuration directory and changed to local needs. Environment variables in these texts are expanded.

OPTIONS

gpg-mail-tube understands these options:

--verbose

-v Enable extra informational output.

--quiet

-q Try to be as quiet as possible.

--log-file file

Write log output to file. Use oqsocket://cq to log to a socket.

--no-stderr

Suppresses all output to stderr. This is useful for callers which don't distinguish stdout and stderr. To get diagnostics the option --log-file can be used.

--header name=value

Add the mail header "name: value" to the output.

--setenv name=value

Put the given environment string into the environment of this process and of the called gpg. This option is required if there is no other way to set the environemt.

--as-attach

-a Do not write a PGP/MIME mail but emit a simple body along with an attachment containing the encrypted body of the input mail. If the input was a plain text message a simple encrypted file will be attached. If the input was a multipart MIME message the encrypted file is of type message/rfc822.

--gpg gpgcmd

Use the specified command gpgcmd instead of gpg.

--vsd

Use the gpg from a GnuPG V-Desktop® AppImage. The AppImage is started if it is not running. A symlink named oq~/.gnupg-vsd/gnupg-vs-desktop.AppImagecq needs to link to the actually to be used AppImage.

--version

Print version of the program and exit.

--help

Display a brief help page and exit.

EXAMPLES

The following options can be used in a local transport rule of the Exim MTA which assumes that that check_local_user has been used in the router.

transport_filter = /usr/local/bin/gpg-mail-tube --setenv HOME=${home} [rs]
                   --no-stderr -- $pipe_addresses

For a remote transport the use of size_addition and an explicit setting of the user and its home directory might be required. To avoid permission problems it is often better to use a service like userv to run the command under a different user. This can be done by using this transport_filter:

transport_filter = /usr/bin/userv -- foo gpg-mail-tube $pipe_addresses

With foo being the account name used by GnuPG. In that user's home directory you will install a file oq~/.userv/rccq with this content:

if ( glob service gpg-mail-tube
     & glob calling-user Debian-exim
     & glob service-user foo
   )
   reset
   errors-to-syslog
   no-suppress-args
   execute /usr/local/bin/gpg-mail-tube [rs]
      -v --no-stderr [rs]
      --log-file /home/foo/logs/mail-tube.log [rs]
      --setenv HOME=/home/foo  --
   quit
fi

Take care to have the trailing double dashes and adjust the lo-file as needed. The error-t-syslog statement makes sure that errors pertaining to the userv system (e.g. script errors) are directed to the syslog (facility is "user", level is "error"). If needed replace Debia-exim by the name of the user under which Exim is running.

DIAGNOSTICS

The program returns 0 on a successful encryption or a no-zero value on error. Note that on error some output might have already been written to stdout.