NAME

Mail::SpamAssassin::Plugin::OpenPGP - A SpamAssassin plugin that validates OpenPGP signed email.

VERSION

Version 1.0.0

SYNOPSIS

Install this module by running:

cpan Mail::SpamAssassin::Plugin::OpenPGP

Tell SpamAssassin to use it by putting the following (from this module's etc/init_openpgp.pre) in a configuration file

loadplugin Mail::SpamAssassin::Plugin::OpenPGP

Configure the plugin by putting the following (from this module's etc/26_openpgp.cf) in a configuration file (see http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo)

ifplugin Mail::SpamAssassin::Plugin::OpenPGP

rawbody   OPENPGP_SIGNED     eval:check_openpgp_signed()
describe OPENPGP_SIGNED     OpenPGP: message body is signed

rawbody   OPENPGP_ENCRYPTED     eval:check_openpgp_encrypted()
describe OPENPGP_ENCRYPTED     OpenPGP: message body is encrypted

rawbody   OPENPGP_SIGNED_GOOD     eval:check_openpgp_signed_good()
describe OPENPGP_SIGNED_GOOD     OpenPGP: message body is signed with a valid signature
tflags nice

rawbody   OPENPGP_SIGNED_BAD     eval:check_openpgp_signed_bad()
describe OPENPGP_SIGNED_BAD     OpenPGP: message body is signed but the signature is invalid, or doesn't match with email's date or sender

endif   # Mail::SpamAssassin::Plugin::OpenPGP

Set up some rules to your liking, for example:

score OPENPGP_SIGNED -1
# this will total to -2
score OPENPGP_SIGNED_GOOD -1
# this will total to 0
score OPENPGP_SIGNED_BAD 1

DESCRIPTION

This uses Mail::GPG which uses GnuPG::Interface which uses Gnu Privacy Guard via IPC.

Make sure the homedir you use for gnupg has a gpg.conf with something like the following in it, so that it will automatically fetch public keys. And make sure that the directory & files are only readable by owner.

keyserver-options auto-key-retrieve
# any keyserver will do
keyserver  x-hkp://random.sks.keyserver.penguin.de

To ensure that your local public keys don't get out of date, you should probably set up a scheduled job to delete pubring.gpg regularly

For project information, see http://konfidi.org

USER SETTINGS

gpg_executable /path/to/gpg
gpg_homedir /var/foo/gpg-homedir-for-spamassassin

TOKENS

The following per-message SpamAssassin "tokens" are set. (Is "token" the right word? They're set directly on instances of PerMsgStatus)

openpgp_checked

Set to 1 after the email has been checked for an OpenPGP signature

openpgp_signed

Set to 1 if the email has an OpenPGP signature

openpgp_signed_good

Set to 1 if the email has a "good" OpenPGP signature

openpgp_encrypted

Set to 1 if the email is encrypted with OpenPGP

AUTHOR

Dave Brondsema, <dave at brondsema.net>

BUGS

If an email is signed with a subkey, OPENPGP_SIGNED_BAD is returned. We need to use the master key's fingerprint and mail aliases instead of the subkey's.

If only part of a PGP/MIME message is signed (for example, a mailing list added a footer outside of the main content & signature) then it is not considered signed. If any part of a message is signed inline, it is considered signed. A future version will probably use OPENPGP_PART_SIGNED, and have checks to verify that the unsigned part is at the end and that the signed part is not very short (to prevent spammers from having a small signed part accompanied by a large spammy part).

Please report any bugs or feature requests to bug-mail-spamassassin-plugin-OpenPGP at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Mail-SpamAssassin-Plugin-OpenPGP. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc Mail::SpamAssassin::Plugin::OpenPGP

You can also look for information at:

ACKNOWLEDGEMENTS

COPYRIGHT & LICENSE

Copyright 2006 Dave Brondsema, all rights reserved.

This program is released under the following license: Apache License, Version 2.0