SYNOPSIS
schleuder [-c baseconfig] listaddress < emailschleuder [-c baseconfig] -test [listaddress]
DESCRIPTION
Schleuder is a groups email gateway: subscribers can communicate encrypted (and pseudonymously) among themselves, receive emails from non-subscribers and send emails to non-subscribers via the list.Schleuder takes care of all decryption and encryption, stripping of headers, format conversions, etc. Schleuder can also send out its own public key upon request and process administrative commands received by email.
Email cryptography is handled by using GnuPG. Schleuder understands all common encapsulation formats: inline, multipart/encrypted and multipart/signed.
schleuder(8) is usually called in delivery mode by a Mail Transport Agent with an incoming email piped to its standard input. For more informations on how to integrate Schleuder with your existing mail setup, please look at the Schleuder website: http://schleuder.nadir.org/
schleuder-newlist(8) automates the creation of new mailing lists.
AUTOMATIC SENDING OF LIST PUBLIC KEY
To receive the public key of the mailing list anybody can send an email to the special list address which includes -sendkey as a postfix:Schleuder will reply with the public key of the list without forwarding the request to the list-members.
EMAIL COMMANDS
Schleuder provides some special commands for advanced features to be used by list-members. Generally they are called by keywords written into the first non-blank line of an email. Schleuder scans for those keywords in every incoming email that is encrypted and validly signed by a list-admin or --- if allowed by the list's configuration --- a list-member.Administrative commands (membership and key management) must be sent to the request-address or the list, which includes -request as a postfix:
Communicative commands (resending) must be sent to the normal list-address.
Membership management
Resending is a list-command, that means it is only allowed in emails sent over the mailing list.- To receive the list of members send:
-
X-LIST-MEMBERS
- You will receive a list of list-admins and list-members, and their public keys (or the lack thereof).
- To see details on one list-member, including his/her public key:
-
X-GET-MEMBER: [email protected]
-
- To unsubscribe from the mailing-list:
-
X-UNSUBSCRIBE
- This will remove the member associated with the sender's signing key.
- To add a member:
-
X-ADD-MEMBER: [email protected] mime -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQGiBEjVO7oRBADQvT6wtD2IzzIiK0NbrcilCKCp4MWb8cYXTXguwPQI6y0Nerz4 dsK6J0X1Vgeo02tqA4xd3EDK8rdqL2yZfl/2egH8+85R3gDk+kqkfEp4pwCgp6VO [...] pNlF/qkaWwRb048h+iMrW21EkouLKTDPFkdFbapV2X5KJZIcfhO1zEbwc1ZKF3Ju Q9X5GRmY62hz9SCZnsC0jeYAni8OUQV9NXfXlS/vePBUnOL08NQB =xTv3 -----END PGP PUBLIC KEY BLOCK-----
- mime could also be plain (for receiving inline-encapsulated messages) or be skipped (then the list's default setting is used).
- The public key block is also optional.
- To delete a member from the list:
-
X-DELETE-MEMBER: [email protected]
- Please note that this doesn't delete any public keys.
Key management
- To receive the list of public keys known to the list:
-
X-LIST-KEYS
-
- To receive a certain public key known to the list:
-
X-GET-KEY: [email protected]
- You can also specify a KeyID, or parts of it, as long as it identifies the key distinctly.
- To add a public key to the list:
-
X-ADD-KEY: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQGiBEjVO7oRBADQvT6wtD2IzzIiK0NbrcilCKCp4MWb8cYXTXguwPQI6y0Nerz4 dsK6J0X1Vgeo02tqA4xd3EDK8rdqL2yZfl/2egH8+85R3gDk+kqkfEp4pwCgp6VO [...] pNlF/qkaWwRb048h+iMrW21EkouLKTDPFkdFbapV2X5KJZIcfhO1zEbwc1ZKF3Ju Q9X5GRmY62hz9SCZnsC0jeYAni8OUQV9NXfXlS/vePBUnOL08NQB =xTv3 -----END PGP PUBLIC KEY BLOCK-----
-
- To delete a key from the list's keyring:
-
X-DELETE-KEY: 0xDEADBEEF
- You can also specify an email address, as long as it identifies the key distinctly.
Resending
Resending is a list-command, that means it is only allowed in emails sent over the mailing list.- To send out an email to an external recipient (encrypted if possible, otherwise in the clear):
-
X-RESEND: [email protected]
-
- Or to send it only if encryption is available:
-
X-RESEND-ENCRYPTED-ONLY: [email protected]
-
- To specify multiple recipients separate the addresses with spaces or specify the command multiple times:
-
X-RESEND: [email protected] [email protected]
- or
-
X-RESEND: [email protected] X-RESEND: [email protected]
- With the first format don't let your Mail User Agent break long lines!
Misc.
- •
- To know which version of Schleuder is installed: X-GET-VERSION
OPTIONS
- -c path-to-schleuder-configuration
- Specify an alternate configuration directory than the default /etc/schleuder.
- -test
- Instead of processing an incoming email, specifying this flag will make Schleuder verify that the setup and basic settings are in a workable state.
- -h
- Display usage and exit.
EXIT STATUS
- 0
- Incoming email was processed without errors.
- Configuration is correct in test mode.
- 1
- Internal failure in incoming email processing.
- Bad configuration in test mode.
- 100
- Unable to decrypt the received message.
- Unable to verify the signature when configured to only accept signed messages.
- Message is cleartext when only encrypted messages are allowed.
- Message is not authenticated as coming from a list-member when authentication is required.
FILES
- •
- /etc/schleuder/schleuder.conf: global Schleuder configuration
- •
- /etc/schleuder/default-list.conf: default list settings
- •
- /var/schleuderlists/LISTNAME/list.conf: list settings
- •
- /var/schleuderlists/LISTNAME/members.conf: list susbcribers.
- Each member must have the email-attribute set. All other attributes are optional.
- The following attributes are available:
- •
- mime: defines the 'pgp-variant' to send to the member, possible values are MIME (for pgp/mime-formatted mail according to RFC 3156), and PLAIN (for inline-pgp). The fallback-default for this is defined in the list.conf.
- •
- encrypted_only: schleuder tries to encrypt every outgoing email. If that is not possible under some conditions it sends the email unecrypted. If this attribute is set the member will never receive unencrypted emails; the member will be skipped if encrypting is not possible.
- Example:
-
- email: [email protected] - email: [email protected] mime: PLAIN - email: [email protected] encrypted_only: true
-
- •
- /var/schleuderlists/HOSTNAME/LISTNAME: list internal data
- •
- /var/log/schleuder: Schleuder logs directory
All configuration files are formatted as YAML. See http://www.yaml.org/ for more details.