What's this?
============
This is a simple script, which works with the mail from STDIN, or from 
a file, and (hopefully) encodes, signs it with GnuPG (RFC2015) depending
on the recipient. Including headears.

With procmail, it is very handy tool... :)

It is possible, that I've invented the wheel and someone has already made it 
in a simpler way. In this case, please alert me!

I mean there is no need for further development. Because the original problem
is solved, and it works for me. Of course you can send me bugfix, or
you can write in it, or you can beautify it too, but please send me a copy.

Thanks.

Prerequisites:
==============

mime-construct -> mime-construct package from debian

# apt-get install mime-construct

INSTALL:
========

1. Create a new user in the system, ex. robot:

# adduser robot

2. Generate a GnuPG key for it:

       # su - robot
 robot~$ gpg --gen-key

3. Import the public keys, whom we would like to send mail via the robot.

 robot~$ gpg --import kulcsok

4. Sign it, and make it full trust.

 robot~$ gpg --edit-key kulcs_id
        Command> sign
        Command> trust
        Command> save

5. The script can be anywhere (ex.: ~/robot/bin)
   The user should be able to execute it.
   IMPORTANT! When you insert the password for the GnuPG sign, only
   the robot user should see it!
   So change the mode to 0700
   
  robot~$ chmod 700 level_out.sh

6. Edit the script with your favourite text editor.
   The PASSPHRASE argument should contain the password for the robot user's
   private key. After re-check the arguments on the script's beginning,
   you can change the default values if you want.

7. Create the needed directories.
   robot~$ mkdir -p ~/robot/.gpg_mail_queue/{log,error}   

8. Edit ~/robot/.procmailrc, mail_out.sh should get all mail.
   Example:
     
  ------------ cut -----------------
  SHELL="/bin/bash"
  QUEUE="/home/robot/.gpg_mail_queue"
  LOCK="${QUEUE}/log"
  #LOGFILE="${QUEUE}/log/logfile.procmail"
  MAIL_OUT="/home/robot/bin/mail_out.sh"

  ADDR_ROOT="root_mailbox@somewhere.hu next_sysadmin@somewhere.hu"
  ADDR_LOGCHECK="logchecker@somewhere.hu"
  ADDR_NOBODY="everything@else.robot.gets"

  :0
  * ^To.*root|^To.*webmaster|^To.*postmaster
  * ! ^X-Loop: mail_out
  * ! ^X-Loop: error-mail_out
  | ${MAIL_OUT} --stdin --gpg --email ${ADDR_ROOT}

  :0
  * ^To.*logcheck
  * ! ^X-Loop: mail_out
  * ! ^X-Loop: error-mail_out
  | ${MAIL_OUT} --stdin --gpg --email ${ADDR_LOGCHECK}
  -------------- cut ----------------

9. Config your MTA that the robot should get root, logcheck, webmaster, etc
   mails. (In most cases you should edit /etc/aliases)

10. Test. Send a letter to root, and wait until you got the encrypted
    and signed mail. :)

 Note: You can check the sign on the mail, when you imported the robot's
        public key into your keyring.    


Made: 2003.12.10.
Author: szimszon@freemail.hu

English translation: 2003.12.13.
                     danielp@get.funky.hu 
                     GnuPG key ID: 60F824BE @ x-hkp://pgp.mit.edu
                     http://get.funky.hu/~danielp/dp-gpg.sig.asc

More english translation and small improvements : 2006.01.19 by
Olivier Berger (< olivier.berger @t int-evry.fr >).

100% GPL! :)
More information: http://www.gnu.org/copyleft/gpl.html