NAME
Mail::SpamAssassin::Plugin::OpenPGP - A SpamAssassin plugin that validates OpenPGP signed email.
VERSION
Version 1.0.3
SYNOPSIS
Install this module by running:
cpan Mail::SpamAssassin::Plugin::OpenPGP
Tell SpamAssassin to use it by putting the following (from this module's etc/init_openpgp.pre) in a configuration file
loadplugin Mail::SpamAssassin::Plugin::OpenPGP
Configure the plugin by putting the following (from this module's etc/26_openpgp.cf) in a configuration file (see http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo)
ifplugin Mail::SpamAssassin::Plugin::OpenPGP
rawbody OPENPGP_SIGNED eval:check_openpgp_signed()
describe OPENPGP_SIGNED OpenPGP: message body is signed
rawbody OPENPGP_ENCRYPTED eval:check_openpgp_encrypted()
describe OPENPGP_ENCRYPTED OpenPGP: message body is encrypted
rawbody OPENPGP_SIGNED_GOOD eval:check_openpgp_signed_good()
describe OPENPGP_SIGNED_GOOD OpenPGP: message body is signed with a valid signature
tflags OPENPGP_SIGNED_GOOD nice
rawbody OPENPGP_SIGNED_BAD eval:check_openpgp_signed_bad()
describe OPENPGP_SIGNED_BAD OpenPGP: message body is signed but the signature is invalid, or doesn't match with email's date or sender
endif # Mail::SpamAssassin::Plugin::OpenPGP
Set up some rules to your liking, for example:
score OPENPGP_SIGNED -1
# this would total to -2
score OPENPGP_SIGNED_GOOD -1
# this would total to 0
score OPENPGP_SIGNED_BAD 1
DESCRIPTION
This uses Mail::GPG which uses GnuPG::Interface which uses Gnu Privacy Guard via IPC.
Make sure the homedir you use for gnupg has a gpg.conf with something like the following in it, so that it will automatically fetch public keys. And make sure that the directory & files are only readable by owner (a gpg security requirement).
keyserver-options auto-key-retrieve timeout=5
# any keyserver will do
keyserver x-hkp://random.sks.keyserver.penguin.de
If a public key cannot be retrieved, the email will be marked as SIGNED but neither GOOD nor BAD. To ensure that your local public keys don't get out of date, you should probably set up a scheduled job to delete pubring.gpg regularly
For project information, see http://konfidi.org
USER SETTINGS
gpg_executable /path/to/gpg
gpg_homedir /var/foo/gpg-homedir-for-spamassassin
openpgp_add_header_fingerprint 1 # default 1 (true)
openpgp_add_header_failure_info 0 # default 1 (true)
TAGS
The following per-message SpamAssassin "tags" are set.
openpgp_checked
Set to 1 after the email has been checked for an OpenPGP signature
openpgp_signed
Set to 1 if the email has an OpenPGP signature
openpgp_signed_good
Set to 1 if the email has a "good" OpenPGP signature
openpgp_signed_bad
Set to 1 if the email has a "bad" OpenPGP signature
openpgp_encrypted
Set to 1 if the email is encrypted with OpenPGP
openpgp_fingerprint
Set to the OpenPGP fingerprint from the signature
AUTHOR
Dave Brondsema, <dave at brondsema.net>
BUGS
If only part of a PGP/MIME message is signed (for example, a mailing list added a footer outside of the main content & signature) then it is not considered signed. If any part of a message is signed inline, it is considered signed. A future version will probably use OPENPGP_PART_SIGNED, and have checks to verify that the unsigned part is at the end and that the signed part is not very short (to prevent spammers from having a small signed part accompanied by a large spammy part).
Please report any bugs or feature requests to bug-mail-spamassassin-plugin-OpenPGP at rt.cpan.org
, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Mail-SpamAssassin-Plugin-OpenPGP. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Mail::SpamAssassin::Plugin::OpenPGP
You can also look for information at:
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
http://cpanratings.perl.org/d/Mail-SpamAssassin-Plugin-OpenPGP
RT: CPAN's request tracker
http://rt.cpan.org/NoAuth/Bugs.html?Dist=Mail-SpamAssassin-Plugin-OpenPGP
Search CPAN
http://search.cpan.org/dist/Mail-SpamAssassin-Plugin-OpenPGP
ACKNOWLEDGEMENTS
COPYRIGHT & LICENSE
Copyright 2006 Dave Brondsema, all rights reserved.
This program is released under the following license: Apache License, Version 2.0