Skip to content
/ signing-milter Public

signing-milter enables you to s/mime sign an ordinary mail while passing a MTA. Base on https://signing-milter.org/ by Andreas Schulze

License

GPL-2.0 license
7 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

smeinecke/signing-milter

BranchesTags

Repository files navigation

signing-milter in systemd

signing-milter enables you to s/mime sign an ordinary mail while passing a MTA. It is written in C and tested with the postfix MTA. It should work with any MTA implementing the milter protocol.

This repository replaces the daemontools service manager used in the original release by the Debian standard systemd service.

Installation

Install the required dependencies (if not already done):

apt-get install libcdb1 libmilter1.0.1 tinycdb

Download the current release (no Debian repository at the time of writing) for your Debian version and install the .deb file:

wget https://github.com/smeinecke/signing-milter/releases/download/20220416/signing-milter_20220426-bookworm_amd64.deb
dpkg -i signing-milter_20220426-bookworm_amd64.deb

Basic postfix configuration

In default configuration the postfix daemon is chrooted to the spool folder located in /var/spool/postfix/. To use the socket feature of signing-milter the socket + permissions has to be configured in the /etc/default/signing-milter file:

#DISABLE_HOURLY_STATISTIK_LOGGING='yes'
#DISABLE_DAILY_STATISTIK_LOGGING='yes'
OPTIONS="-s unix:/var/spool/postfix/signing-milter/signing-milter.sock -c postfix"

Also create the folder within the postfix spool folder with the correct permissions:

mkdir -m o-rwx /var/spool/postfix/signing-milter
chown signing-milter:postfix /var/spool/postfix/signing-milter

The socket has to be configured in postfix in main.cf as new milter:

smtpd_milters = unix:signing-milter/signing-milter.sock

And reload/restart the services:

systemctl restart signing-milter
systemctl reload postfix

Configure certificates

All certificates are configured in the /etc/signing-milter/sigingtable file.

Just add the email address + path of the pem file and use

make

to update the cdb database and trigger reloading signing-milter.

The certificates have to be readable by the signing-milter user.

Intermediate certificates

Since version 20120731 signing-milter also supports intermediate certificates.

Just name your certificate with the suffix -cert+key.pem and put the intermediate + root certificate in a file suffixed by -chain.pem in the same folder.

Contributing

The project is based on signing-milter.org by Andreas Schulze.

About

signing-milter enables you to s/mime sign an ordinary mail while passing a MTA. Base on https://signing-milter.org/ by Andreas Schulze

Topics

postfix smime milter mail-signature rfc1847

Resources

Readme

License

GPL-2.0 license
Activity

Stars

7 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases 1

20220416 Latest
Apr 16, 2022

Languages