/zeyple

Postfix filter/hook to automatically encrypt outgoing emails with PGP/GPG

Primary LanguagePythonOtherNOASSERTION

ZEYPLE: Zeyple Encrypts Your Precious Log Emails Build Status

Zeyple automatically encrypts outgoing emails with GPG:

  1. It catches emails from your Postfix queue
  2. Then encrypts them if it's got the recipient's GPG public key
  3. Finally it puts them back into the queue
     unencrypted email   ||   encrypted email
sender --> Postfix --> Zeyple --> Postfix --> recipient(s)

Why should I care? If you are a sysadmin who receives emails from various monitoring tools like Logwatch, Monit, Fail2ban, Smartd, Cron, whatever - it goes without saying that those emails contain lots of information about your servers. Information that may be intercepted by some malicious hacker sniffing SMTP traffic, your email provider, <insert your (paranoid) reason here>... Why would you take that risk - encrypt them all!

Install & upgrade

See INSTALL.md & UPGRADE.md.

Disable/enable Zeyple

Just comment/uncomment the line content_filter = zeyple in your /etc/postfix/main.cf then postfix reload.

Key management

  • List of keys: sudo -u zeyple gpg --homedir /var/lib/zeyple/keys --list-keys
  • Update imported keys: sudo -u zeyple gpg --homedir /var/lib/zeyple/keys --keyserver hkp://keys.gnupg.net --refresh-keys
  • Import a new key: sudo -u zeyple gpg --homedir /var/lib/zeyple/keys --keyserver hkp://keys.gnupg.net --search you@domain.tld

Integration with other MTAs

Although tested only with Postfix, Zeyple should integrate nicely with any MTA which provides a filter/hook mechanism. Please let me know if you experiment with this.

Docker

A Docker image is available for development purposes.

Vagrant

A fully-setup test-environment is available to easily test your modifications. Vagrant and a compatible virtualization environment (VirtualBox for example) are required. Visit zeyple-vagrant for download and more information.

Contributing

See CONTRIBUTING.md.

Kudos

Many thanks to Harry Knitter for his feedback to help make Zeyple more robust.

Blog posts & articles

License

AGPLv3+