Next: Check a passphrase on stdin against the patternfile, Previous: Encrypt or sign files into an archive, Up: Helper Tools [Contents][Index]
gpg-mail-tube
takes RFC-822 formatted mail on stdin and
turns it into a PGP/MIME encrypted mail which is then written to
stdout.
The recipients must be plain mail addresses
(e.g. foo@example.org
) and should in general list the To and
Cc addresses contained in the mail.
gpg-mail-tube
understands these options:
--verbose
¶-v
Enable extra informational output.
--quiet
¶-q
Try to be as quiet as possible.
--log-file file
¶Write log output to file. Use socket:// to log to a socket.
--no-stderr
Suppresses all output to stderr. This is useful for callers which don’t distinguish stdout and stderr. To get diagnostics the option --log-file can be used.
--header name=value
¶Add the mail header "name: value" to the output.
--setenv name=value
¶Put the given environment string into the environment of this process and of the called gpg. This option is required if there is no other way to set the environemt.
--gpg gpgcmd
¶Use the specified command gpgcmd instead of gpg
.
--vsd
¶Use the gpg from a GnuPG VS-DesktopĀ® AppImage. The AppImage is started if it is not running. A symlink named ~/.gnupg-vsd/gnupg-vs-desktop.AppImage needs to link to the actually to be used AppImage.
--version
¶Print version of the program and exit.
--help
¶Display a brief help page and exit.
The program returns 0 on a successful encryption or a non-zero value on error. Note that on error some output might have already been written to stdout.
The following options can be used in a local transport rule of the Exim MTA which assumes that that check_local_user has been used in the router.
transport_filter = /usr/local/bin/gpg-mail-tube --setenv HOME=${home} \ --no-stderr -- $pipe_addresses
For a remote transport the use of size_addition and an
explicit setting of the user and its home directory might be required.
To avoid permission problems it is often better to use a service like
userv
to run the command under a different user. This can
be done by using this transport_filter:
transport_filter = /usr/bin/userv -- foo gpg-mail-tube $pipe_addresses
With foo being the account name used by GnuPG. In that user’s home directory you will install a file ~/.userv/rc with this content:
if ( glob service gpg-mail-tube & glob calling-user Debian-exim & glob service-user foo ) reset errors-to-syslog no-suppress-args execute /usr/local/bin/gpg-mail-tube \ -v --no-stderr \ --log-file /home/foo/logs/mail-tube.log \ --setenv HOME=/home/foo -- quit fi
Take care to have the trailing double dashes and adjust the log-file as needed. The errors-to-syslog statement makes sure that errors pertaining to the userv system (e.g. script errors) are directed to the syslog (facility is "user", level is "error"). If needed replace Debian-exim by the name of the user under which Exim is running.
Next: Check a passphrase on stdin against the patternfile, Previous: Encrypt or sign files into an archive, Up: Helper Tools [Contents][Index]