--- premail-0.46.orig/README +++ premail-0.46/README @@ -1,4 +1,5 @@ - p r e m a i l v. 0 . 4 5 + + p r e m a i l v. 0 . 4 5 This is the Halloween Eve release of premail, version 0.45. --- premail-0.46.orig/debian/README.Debian +++ premail-0.46/debian/README.Debian @@ -0,0 +1,17 @@ +premail for DEBIAN +---------------------- + +This version of premail has been modified to work with Perl-5.6. +It is strongly suggested that the user make a back-up copy of their +~/.premail/secrets file before using this version of premail. + +Steve Kostecke Sun, 18 Mar 2001 23:12:19 -0500 + +This is a small bug-fix version, based on new sources sent to me by +Raph Levien, the program's creator. Because of some problems I observed +with the pop-up console used to get the user passphrase (in cases where +the user does not login to premail), I have added a small Gtk pop-up +widget to ask for the password. Any problems with this particular part of +the package are entirely my fault, and inquiries should be directed to me. + +Brent A. Fulgham , Sun, 5 Jul 1998 16:09:33 -0700 --- premail-0.46.orig/debian/changelog +++ premail-0.46/debian/changelog @@ -0,0 +1,142 @@ +premail (0.46-10) unstable; urgency=medium + + * QA upload. + * Set maintainer to Debian QA Group. (See: #705938) + * Switch to debhelper 9 and minimal dh(1) based rules. (Closes: #800205) + * Update to Standards-Version: 3.9.6. + * Remove debconf warning related to Perl > 5.004 support. + + -- Andreas Beckmann Wed, 14 Oct 2015 17:03:24 +0200 + +premail (0.46-9) unstable; urgency=low + + * Fixed minor typo in description (closes: #125269). + * Added missing Build-Depends on Debhelper (closes: #261030). + * Added reference to http://www.noreply.org/allpingers/ in the + preferences file (closes: #182607). + * Applied finger patch from Devin Carraway (closes: #134091, #149434). + * Added man-page sym-link for prepost. + * Updated to Standards 3.6.1.1 + + -- Steve Kostecke Sun, 25 Jul 2004 23:28:19 -0400 + +premail (0.46-8) unstable; urgency=low + + * Modified to work with Perl > 5.004; see sub open_pgp() for details. + * Removed Perl-5.004 dependency (closes: #65257, #80727). + * It is suggested that the user make a back up copy of thier + .premail/secrets file before using this version of premail. + + -- Steve Kostecke Sun, 18 Mar 2001 23:12:19 -0500 + +premail (0.46-7) unstable; urgency=high + + * Changed Maintainer: field in the control file. + + -- Steve Kostecke Sat, 3 Jun 2000 00:02:29 -0400 + +premail (0.46-6) unstable; urgency=high + + * New maintainer. + * Changed interpreter from #!/usr/bin/perl to #!/usr/bin/perl5.004 + and changed Perl5 dependency to Perl-5.004 (closes: #55282). + * Changed back to xterm password interface since GTK hack doesn't + work on Potato. + * Install undocumented man page for prepost (closes: #45714). + * Change debian/rules to use dh_installmanpages and + dh_installexamples. + * Commented out subs create_entry and destroy_window. Removed + gtk-perl dependency (closes: #45714). + * Updated to Standards 3.0.0.0 + + -- Steve Kostecke Mon, 7 Feb 2000 22:35:02 -0500 + +premail (0.46-5) unstable; urgency=high + * Correct backup-file problem that prevented Premail being used + as a mail filter. + + -- Brent A. Fulgham Mon, 7 Sep 1999 11:15:10 -0700 + +premail (0.46-4) unstable; urgency=low + * Rebuilt for Perl5 dependency + + -- Brent A. Fulgham Mon, 12 July 1999 11:15:10 -0700 + +premail (0.46-3) unstable; urgency=low + * Updated 'build' stuff for new debian versions + * Closed some bugs -- 34865, 30474, 30476 + * Note: Premail is not maintained upstream. I will continue to fix + bugs as they arise, and am contemplating a fork. Send comments + to my e-mail. + + -- Brent A. Fulgham Fri, 1 June 1999 11:15:10 -0700 + +premail (0.46-2) unstable; urgency=low + * Updated source with new patches, fixed misc. misspellings, etc.: + - Added ability to get finger: URL's for using finger:*@anon.ics.mit.edu + for rlist and pubring + - Added newer sendmail options to valid options list + - Add +language=en to PGP calls -- this needs to be updated for other + languages, too. + - Fix sendmail args building (typo) + - Added koi8-r to valid 8bit charsets list + * updated my e-mail address + + -- Brent A. Fulgham Tue, 4 Aug 1998 21:45:12 -0700 + + +premail (0.46-1) unstable; urgency=low, closes=8872 23710 + + * New maintainer. + * Implemented a Gtk-interface to access password information, since + existing implementation doesn't function properly on Debian systems. + * Added more checks that opened files are actually opened before using them. + * Moved example preference file to /usr/doc/premail/example + + -- Brent A. Fulgham Sun, 5 Jul 1998 16:27:15 -0700 + +premail (0.45-4) stable frozen unstable; urgency=high, closes=8943 15680 10553 13579 22416 + + * New maintainer. I'm the maintain the packages until Brent Fulgham gets + through the new-maintainer procedure. + * Implemented a method to provide secure file creation under /tmp in order + do fix a security problem (closes: Bug#15680) + * Added more my statements to declare local variables as local (closes: + Bug#8943) + * Changed section to contrib/mail (closes: Bug#10553, Bug#22416) + * Corrected name of non-existing manpage (closes: Bug#13579) + + -- Martin Schulze Sat, 30 May 1998 18:33:52 +0200 + +premail (0.45-3) non-free; urgency=low + + * debian/rules: premail(1) linked to /usr/man/man7/undocumented.7.gz. + * install Remi Guyomarch's patch for warning messages. + + -- Karl Sackett Wed, 19 Mar 1997 08:41:11 -0600 + +premail (0.45-2) non-free; urgency=high + + * Man page premail(1) linked to undocumented(7) (bug #6251). + + -- Karl Sackett Tue, 14 Jan 1997 09:06:12 -0600 + +premail (0.45-1) non-free; urgency=high + + * New upstream release. + * Patched to remove secrets file bug. + + -- Karl Sackett Mon, 23 Dec 1996 11:35:41 -0600 + +premail (0.44-1) non-free; urgency=low + + * First Debian release. + * premail: call /usr/bin/perl. + * Added index.html documentation. + + -- Karl Sackett Thu, 19 Sep 1996 10:22:32 -0500 + +Local variables: +mode: debian-changelog +End: + --- premail-0.46.orig/debian/compat +++ premail-0.46/debian/compat @@ -0,0 +1 @@ +9 --- premail-0.46.orig/debian/control +++ premail-0.46/debian/control @@ -0,0 +1,21 @@ +Source: premail +Section: contrib/mail +Priority: optional +Maintainer: Debian QA Group +Build-Depends: debhelper (>= 9) +Standards-Version: 3.9.6 + +Package: premail +Architecture: all +Depends: + pgp, + mail-reader, + ${perl:Depends}, + ${misc:Depends} +Description: An e-mail privacy package. + Premail adds support for encrypted e-mail to your mailer, using plain PGP, + PGP/MIME, MOSS, or S/MIME. In addition, premail provides a seamless, + transparent interface to the anonymous remailers, including full support + for Mixmaster remailers and the nymservers. Nymservers provide + cryptographically protected, fully anonymous accounts for both sending and + receiving e-mail. --- premail-0.46.orig/debian/copyright +++ premail-0.46/debian/copyright @@ -0,0 +1,72 @@ +This is the Debian Linux prepackaged version of premail. + +This package was put together by Brent Fulgham , +from sources obtained from: + + A patch to Raph Levien's latest build v. 0.46 + ftp://ftp.hacktic.nl/pub/replay/pub/remailer/premail-0.45.tar.gz + ftp://ftp.hacktic.nl/pub/replay/pub/remailer/premail/premail.patch + +For more information see: + + http://www.c2.net/~raph/premail.html + http://www.c2.net/~raph/premail/ + +premail is covered under the following copyright: + +# Copyright 1996 Raph Levien +# All rights reserved. +# +# This program is free for commercial and non-commercial use as long as +# the following conditions are adhered to. +# +# Copyright remains Raph Levien's, and as such any Copyright notices in +# the code are not to be removed. If this package is used in a product, +# Raph Levien should be given attribution as the author of the parts of +# the program used. This can be in the form of a textual message at +# program startup or in documentation (online or textual) provided with +# the package. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# 1. Redistributions of source code must retain the copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgement: This product +# includes software developed by Raph Levien . If more +# than one author is so cited, the list may be combined into one +# sentence. +# +# 4. Use and adaptation of small, specific components of this software +# is actively encouraged, and is exempt from the requirements above. +# +# This software is provided by Raph Levien ``as is'' and any express or +# implied warranties, including, but not limited to, the implied +# warranties of merchantability and fitness for a particular purpose are +# disclaimed. In no event shall the author or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even if +# advised of the possibility of such damage. +# +# The license and distribution terms for any publically available +# version or derivative of this code cannot be changed. i.e. this code +# cannot simply be copied and put under another distribution license +# [including the GNU General Public License.] +# +# The reason behind this being stated in this direct manner is (Eric +# Young's) past experience in code simply being copied and the +# attribution removed from it and then being distributed as part of +# other packages. This implementation was a non-trivial and unpaid +# effort. --- premail-0.46.orig/debian/premail.docs +++ premail-0.46/debian/premail.docs @@ -0,0 +1 @@ +README doc-0.46.html doc-0.46.txt --- premail-0.46.orig/debian/premail.examples +++ premail-0.46/debian/premail.examples @@ -0,0 +1 @@ +preferences --- premail-0.46.orig/debian/premail.install +++ premail-0.46/debian/premail.install @@ -0,0 +1 @@ +premail usr/bin --- premail-0.46.orig/debian/premail.links +++ premail-0.46/debian/premail.links @@ -0,0 +1,2 @@ +usr/bin/premail usr/bin/prepost +usr/share/man/man1/premail.1 usr/share/man/man1/prepost.1 --- premail-0.46.orig/debian/premail.lintian-overrides +++ premail-0.46/debian/premail.lintian-overrides @@ -0,0 +1,2 @@ +# GPL is mentioned in a remark, it is not the licence of this package. +copyright-should-refer-to-common-license-file-for-gpl --- premail-0.46.orig/debian/premail.manpages +++ premail-0.46/debian/premail.manpages @@ -0,0 +1 @@ +premail.1 --- premail-0.46.orig/debian/rules +++ premail-0.46/debian/rules @@ -0,0 +1,10 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +# export DH_VERBOSE=1 + +%: + dh $@ + +override_dh_auto_build: + perl -c premail --- premail-0.46.orig/debian/source/format +++ premail-0.46/debian/source/format @@ -0,0 +1 @@ +1.0 --- premail-0.46.orig/doc-0.46.html +++ premail-0.46/doc-0.46.html @@ -0,0 +1,1291 @@ +premail documentation + + + +

This document is available online at http://www.c2.net/~raph/premail/. + +

Introduction to premail

+
+ +

This is the documentation for version 0.46 of premail, an e-mail +privacy package by Raph +Levien. It is organized as a single, large document so as to be easily +readable when printed. You can, however, jump directly to one of these +topics: + +installation, + +secrets, + +preferences, + +Netscape, + +Pine, + +other mailers, + +command line, + +encryption, + +decoding, + +anonymity, + +nyms, + +usenet, + +address book, + +smime, + +debugging, + +technical notes, + +related documents, + +(end of list).

+ +

The main function of premail is adding support for encrypted e-mail to +your mailer, using plain PGP, PGP/MIME, MOSS, or S/MIME.

+ +

In addition, premail provides a seamless, transparent interface to +the anonymous +remailers, including full support for Mixmaster remailers and the +nymservers. Nymservers provide cryptographically protected, fully +anonymous accounts for both sending and receiving e-mail.

+ +

While premail can be used as a stand-alone application, it works +best when integrated with your mailer. Currently, premail is +integrated completely seamlessly and transparently only with Netscape +3.0's built-in mailer. It works fairly well with Pine 3.94 or later, as +well (plain PGP is supported, but decryption of MIME-based e-mail +encryption protocols is still missing). Transparent integration of +outgoing mail only is supported for any mailer in which the mail +sending program can be configured, including Berkeley mail, most emacs +mailers, and MH. +For these mailers, you can decode messages with a single command.

+ +

To integrate with your mailer, premail places itself between the +mailer and the actual mail transport. For outgoing mail, premail +masquerades as sendmail. You configure your mailer to call premail +instead of sendmail. Then, premail performs the encryption or signing, +and invokes sendmail to actually send the message.

+ +

For mailers that call a command to receive incoming mail +(including Netscape 3.0), the situation is similar. Netscape, for +example, can be configured to call movemail to get incoming mail. To +integrate premail, you'd configure Netscape to call premail instead, +which would in turn call movemail to actually get the mail, then would +decode it.

+ +

You need the following software in order to effectively use +premail:

+ +
    + +
  • Unix. Unfortunarely, premail does not work on Mac or Windows. + +
  • Perl 5.000 or +later. + +
  • PGP +(version 2.6.2 recommended). + +
  • RIPEM 3.0b2 or +later (optional, for S/MIME support) + +
  • TIS/MOSS 7.1 +(optional, for MOSS support) + +
  • Mixmaster (optional, +for higher security anonymous mail) + +
  • Lynx +(only if you're behind a firewall) + +
+ +
+

Installation

 +
+ +

First, you need to get premail. The source code is available from +an export-control +Web server. You may also be able to find a copy on the Hacktic FTP +site in the Netherlands. In either case, you want to get the file +premail-0.46.tar.gz.

+ +

After you've gotten the file, unpack it. This command should do +it:

+ +
+   gzip -dc premail-0.46.tar.gz | tar xvf -
+
+ +

The unpacking process will create a subdirectory called +premail-0.46, containing the following files:

+ +
+ + + + + +
   README A short +description of the contents
   premail The premail +program itself
   preferences A skeletal +preferences file
+ +

Test to see if you can run premail. These commands should print a +usage summary:

+ +
+   cd premail-0.46
+   ./premail
+
+ +

If you get an error message reading "command not found," then you +will have to edit the first line of premail to refer to the +actual pathname of the perl5 interpreter. One good way to find out the +pathname is to do "which perl5" or "which perl". +

+ +

On the other hand, if you get a string of syntax errors, then the +problem is that you are running perl4, while premail needs perl5. Try +to see if you can find perl5 on your machine. Otherwise, you may need +to install perl5 yourself.

+ +

If you will be using premail from the command line frequently, +then you may want to copy (or symlink) the premail program into a +location in your $PATH. For example, if you have permission +to add files into /usr/local/bin, then you may consider +running this command:

+ +
+   cp -p premail /usr/local/bin
+
+ +

At this point, you are ready to test whether premail actually +works. We are assuming that you already have PGP installed and have +generated your own public key. Type this command, substituting in your +own e-mail address:

+ +
+   ./premail -t
+   To: your@own.email.addr ((encrypt-pgp))
+   Subject: Test
+
+   Does this really work?
+   .
+
+ +

If all goes well, you should be back at the command line within a +couple of seconds. If it seems to hang without any disk or net +activity, try typing randomly for a minute, under the assumption that +PGP needs random keystrokes. This shouldn't happen if PGP is already +set up correctly (including having generated your own public key), but +on the chance that it isn't, hanging while waiting for random +keystrokes is one of the more common failure modes.

+ +

This is also the point at which you may get a PGP error. Two +common problems are that premail can't find the PGP program, in which +case you will want to add a line to your preferences file (see below), or that it can't find the public key +corresponding to your e-mail address.

+ +

If the test was successful you now have a PGP-encrypted message in +your mailbox, then you should now have a PGP-encrypted message in your +mailbox.

+ +
+

Preferences

 +
+ +

While premail's default configuration is designed to be sufficient +for the the most common cases, you may want to change some of the +configuration options. This is done by adding lines to the +preferences file.

+ +

The default location for the preferences file is +~/.premail/preferences, where ~ represents your home +directory. The premail distribution comes with a skeleton preferences +file, but it does not automatically copy it into the +~/.premail directory. You might choose to do that yourself, +or you might create one from scratch.

+ +

The format of the preferences file is a sequence of lines such as +the following:

+ +
+   $config{'option'} = 'value';
+
+ +

All other lines (including those beginning with #) are +considered to be comments and are ignored. Here's a typical +preferences file (actually, the one on my home machine):

+ +
+   $config{'logfile'} = '/home/raph/premail/log';
+   $config{'debug'} = 'chvl';
+   $config{'movemail'} = '/home/raph/bin/movehome';
+   $config{'ripem'} = '/home/raph/install/ripem/main/ripem';
+   $config{'pgp'} = '/usr/local/bin/pgp';
+
+ +

As you can see, a major use for the preferences file is to specify +full pathnames for the helper programs. In addition, I've set it up to +produce a full log, which I find useful, because I'm constantly +tracking down bugs :-)

+ +

Here's a table of all the configuration options, their defaults, +and a very brief description. More complete descriptions are found in +the preferences file included in the premail distribution.

+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
option
default		explanation
pgp
pgp		 The location +of the PGP executable.
sendmail
+/usr/lib/sendmail		 The location of the +sendmail executable.
mixmaster
mixmaster		 The +location of the Mixmaster executable (useful for more +secure anonymous mail).
movemail
movemail		 The +location of the movemail executable (useful for integrating +Netscape 3.0).
ripem
ripem		 The location +of the ripem executable (needed for S/MIME messages).
mossbin
 The directory +containing the TIS/MOSS executables (needed for MOSS messages).
post
post		 The location +of the MH post executable (needed for MH +integration).
geturl
 A command for +getting files from the Web. Use "lynx -source" if behind a +firewall.
dead-letter
~/dead.letter		 The file where premail stores undeliverable +mail.
logfile
 The location +where premail stores its log, if the l debug flag is +set.
storefile
 If set, the +location where premail stores outgoing mail, instead of calling +sendmail.
tmpdir
/tmp		 Where +premail stores its temporary files.
charset
iso-8859-1		 The +default charset for outgoing 8-bit messages.
encrypt
yes		 Set to +blank to disable PGP encryption to remailers.
ack
 If set, nymservers will +send acknowledgements for all outgoing mail.
extrablank
 If set, +premail adds an extra blank on remailer messages. Useful if behind a +broken mail proxy.
debug
 Debugging flags +(see section on debugging).
signuser
 The user id of the +default PGP secret key used to sign messages.
default-reply-to
 Adds a +Reply-To: header field with this address when sending +anonymous e-mail.
addresses
+~/.premail/addresses		 The file containing your +addresses.
rlist
+~/.premail/rlist		 The file where premail +stores the remailer list.
pubring
+~/.premail/pubring.pgp		 The file where premail +stores the public keyring for the remailers.
premail-secrets-pgp
+~/.premail/secrets.pgp		 + The file where premail stores the encrypted +secrets file.
premail-secrets
+/tmp/premail-secrets.$<		 The location of your +secrets file
+ + + + + + + + + +
rlist-url
+http://kiwi.cs.berkeley.edu/rlist 		The URL for +the remailer list.
pubring-url
+http://kiwi.cs.berkeley.edu/pubring.pgp		 The URL +for the remailer public keyring.
type2-list-url
+http://www.jpunix.com/type2.html		 + The URL for the Mixmaster type2 +list.
pubring-mix-url
+http://www.jpunix.com/pubring.html		 The URL for +the Mixmaster pubring.
+ +

Secrets

 +
+ +

To create signatures, decrypt messages, or use nyms, you need to +set up a "premail secrets" file. If you will only be using premail to +encrypt outgoing mail, you can skip this section.

+ +

The default filename is /tmp/.premail-secrets.$< , +where $< is equal to your numeric user id. To change the +filename, use a preferences line such as this one:

+ +
+   $config{'premail-secrets'} = '/mnt/cryptdisk/premail-secrets';
+
+ +

If you don't know your numeric user id, you can find it by running +"echo $uid" (from csh or tcsh), "echo $UID" (from sh +or bash), or:

+ +
+   perl -e 'print "$<\n"'
+
+ +

The premail secrets file has this format:

+ +
+   $pgppass{'user'} = 'PGP passphrase for user';
+   $pgppass{'alternate'} = 'PGP passphrase for alternate';
+   $penetpass = 'Passphrase for anon.penet.fi';
+
+ +

However, make sure your premail secrets file has restrictive +permissions, so other people on your system can't read your +passphrases! This command is well recommended (substituting your +actual user id, of course):

+ +
+   chmod 600 /tmp/.premail-secrets.7437
+
+ + +

Logging in and logging out

+ +

Generally, premail stores its secrets file in the /tmp +directory. In some cases, this is good enough security. In other +cases, it might be better to store the file encrypted most of the +time, and only decrypt it when necessary. To use this capability of +premail, first set a passphrase with:

+ +
+   premail -setpass
+
+ +

You will be prompted for a passphrase. You can use the same +passphrase as for your PGP key, or a different one, depending on how +many passphrases you want to remember. This command leaves you logged +in with the new passphrase set. + +

To log out:

+ +
+   premail -logout
+
+ +

You might consider adding this command to your .logout file, so +that it occurs automatically every time you log out of your account. +

+ +

To log in again:

+ +
+   premail -login
+
+ +

If you are running on a system with X, then premail will +automatically pop up a window to log in whenever the secrets are +needed. If you are not running X, and the secrets are needed, you will +get an error. In this case, you can log in manually and try the +command again.

+ +
+

Netscape

 +
+ +

This section describes how to integrate premail into Netscape +3.0's built-in mailer. Skip this section if you won't be using +Netscape mail.

+ +

1. Create symbolic links to premail called "prezilla" and +"premailmove". To do this, make sure you are in the same directory as +premail itself, and type:

+ +
+   ln -s premail prezilla
+   ln -s premail premailmove
+
+ +

2. Find a working movemail. If you have emacs installed, then you +most likely have one in /usr/lib/emacs/etc/movemail or a similar +location. If you don't already have one, then the source (or possibly +binary) for one is included in the Netscape Navigator distribution and +you can build it (no need if a binary is included). Then, make sure +premail can find it by adding a line such as this one to your +preferences file:

+ +
+   $config{'movemail'} = '/usr/lib/emacs/etc/movemail';
+
+ +

This usage assumes that you get your mail from a mail spool, as +opposed to POP or some such. You may be able to get it to work for POP +as well, but you need to figure out how to invoke movemail to move the +mail from your mailbox to a file (specified as the second argument to +the movemail script).

+ +

3. Add this line to your .cshrc, assuming your shell is csh or +tcsh:

+ +
+   setenv NS_MSG_DELIVERY_HOOK /your/path/to/prezilla
+
+ +

Also run this command from the shell so it takes effect +immediately. The syntax is slightly different if your shell is sh or +bash (note: is this right?):

+ +
+   NS_MSG_DELIVERY_HOOK=/your/path/to/prezilla
+   export NS_MSG_DELIVERY_HOOK
+
+ +

4. Start Netscape (exit first if it's already running). Go to the +Options|Mail and News Preferences dialog, select the Servers tab. +Click on "External Movemail" and set the value to +/your/path/to/premailmove.

+ +

Try sending yourself mail, and clicking on "Get Mail" from the +Netscape Mail window. The mail should show up in the Inbox, correctly +decoded.

+ +

To view the X-Premail-Auth: header field to see the result of +signature checking, select Options|Show All Headers from the Netscape +Mail window.

+ +

Note: as of Netscape v3.0, there is still a bug in the handling +of the Bcc: header field, which causes it to be ignored. Do +not use this field. Hopefully, this will be fixed in a future version +of Netscape.

+ +

Note: some 3.0 beta versions modify the PATH environment +variable. If premail seems to work correctly from the command line, +but not from Netscape, try setting absolute pathnames for the programs +used by premail.

+ +

Pine
+ +

As of Pine 3.94, premail integrates both outgoing mail and the +decryption of plain PGP incoming mail. Unfortunately, decryption of +MIME-based mail is not yet supported.

+ +

Two Pine configuration options need to be set to integrate premail +(i.e. from the main Pine screen, S for setup, then C +for configure). First, sendmail-path should be set to a value +similar to this (substituting the actual path to premail):

+ +
+   /your/path/to/premail -oem -t -oi
+
+ +

Second, display_filters should be set to a value similar +to this:

+ +
+   _BEGINNING("-----BEGIN PGP")_ /your/path/to/premail -decode -body
+
+ +

If you have trouble finding these options in the setup screen, +then you can edit the .pinerc file directly.

+ +

One caveat when using Pine: it usually tries to be "smart" and +remove comments from e-mail addresses, which includes the double-paren +commands such as ((encrypt-pgp)). There are a few ways to +deal with this problem:

+ +
    + +
  • Use "( )" instead of (( )). +Note: I think this works, but I haven't tested it. + +
  • Use the alternative caret syntax. These two lines mean the same +thing: + +
    +   To: raph@cs.berkeley.edu ((encrypt-key, sign))
+   To: raph@cs.berkeley.edu^encrypt-key^sign
+
    + +
  • Avoid setting the encryption options on the command line +altogether, and set them in the addresses file instead (see below). + +
+ +
+

Other mailers

 +
+ +

This section describes how to integrate premail with MH, emacs, +and UCBMail. With these mailers, premail will only handle outgoing +mail automatically. To decode incoming mail, you still need to invoke +premail -decode by hand. + +

Integrating premail with Emacs

+ +

To add premail support to emacs, just add this line to your .emacs +file:

+ +
+   (setq sendmail-program "/your/path/to/premail")
+
+ + +

Integrating premail with MH

+ +

In whatever directory you keep the premail executable, create a +symbolic link as follows:

+ +
+   ln -s premail prepost
+
+ +

Under the name "prepost", premail will masquerade as MH's post +program rather than sendmail. You can get MH to call premail instead +of post by adding this line to your .mh_profile:

+ +
+   postproc: /your/path/to/prepost
+
+ +

One thing to keep in mind is that premail's processing is done +before that of post. Thus, if you have MH aliases, they will get +expanded after the call to premail. If you use only premail aliases, +only MH aliases, or neither, this won't be a problem.

+ +

Alternatively, if you have appropriate privileges, you can add this +line to /usr/lib/mh/mtstailor:

+ +
+   sendmail: /your/path/to/premail
+
+ +

You may also have to configure MH to call sendmail locally rather +than connecting to an SMTP server. Don't do both the mtstailor and +mh_profile methods -- that would run premail twice.

+ + +

Installing premail with UCBmail

+ +

UCBmail is a simple mailer front-end (also known as Mail and +mailx). If, when you type "mail user@site.dom", the mailer asks you +for a "Subject: " line, you are undoubtedly using UCBmail. If so, you +are in luck - it integrates very easily with premail. Just add this +line to your ~/.mailrc file: + +

+   set sendmail=/your/path/to/premail
+
+ +

Using premail with UCBmail is not very different from using +premail by itself, but you do get some handy features, such as +including files and using an editor on the mail.

+ +
+

Command line

 +
+ +

Hopefully, you have integrated premail into your mail client, and +you won't have to invoke it from the command line. However, there may +still be times when it is convenient to use premail from the command +line.

+ +

The most basic use of premail is as a replacement for sendmail. +For example, you can send mail directly from the command line, as +follows (here, the > represents the Unix prompt):

+ +
+   > premail -t
+   To: raph@cs.berkeley.edu ((sign))
+   Subject: premail bug report
+
+   Here's a bug in premail: ...
+   .
+   >
+
+ +

The -t option specifies that the recipients are extracted +from the header fields (To:, Cc:, Bcc:, and +the Resent- variants of each). As in sendmail, you can +specify the recipients on the command line instead of using the +-t option.

+ +

In addition, you can set configuration options from the command +line, using the +option=value syntax. This is especially +useful with the debug option. For example, to +show you what happens when formatting mail for remailers, but not +actually send the message:

+ +
+
+   > premail +debug=ry -t
+   To: raph@cs.berkeley.edu ((chain=1))
+   Subject: test of remailer
+
+   test
+   .
+   Chose chain exon
+   /usr/lib/sendmail -oi remailer\@remailer\.nl\.com << -eof-
+   To: remailer@remailer.nl.com
+
+   ::
+   Encrypted: PGP
+
+   -----BEGIN PGP MESSAGE----- remailer@remailer.nl.com
+   ::
+   Request-Remailing-To: raph@cs.berkeley.edu
+
+   ##
+   Subject: test of remailer
+
+   test
+   -----END PGP MESSAGE-----
+   -eof-
+
+ +

There is one configuration option that can only be set from the +command line in this fashion, which is the location of the preferences +file itself. The configuration option is preferences, and the +default value is ~/.premail/preferences.

+ +
+

Encryption

 +
+ +

Once you've got premail set up, actually using encryption is easy. +You simply add commands in double parentheses to the e-mail addresses. +The encrypt-pgp command (which can be abbreviated to +key) adds encryption to the outgoing mail, and the +sign command signs it.

+ +

For example, to send me encrypted mail, you'd send it to +raph@cs.berkeley.edu ((encrypt-pgp)). You need to have a key +with this user id on your PGP public keyring, otherwise you'll get an +error message. If the user id on the key doesn't match the e-mail +address, you can specify it directly. For example, to send mail +directly to my workstation, but using the same public key as above, +use raph@kiwi.cs.berkeley.edu ((key=raph@cs.berkeley.edu)). +

+ +

Signing works much the same way. I can sign mail by adding +((sign=raph@cs.berkeley.edu)) to the outgoing address. +Actually, because I set the signuser configuration option in +my preferences file, all I have to add is ((sign)).

+ +

Doing both encryption and signing is just as easy. For example, +to send me signed, encrypted mail, use this line:

+ +
+   To: raph@cs.berkeley.edu ((encrypt-pgp, sign))
+
+ +

Each recipient is treated separately - the double-paren commands +after an e-mail address apply to that recipient only. However, you can +add a Sign: header field to indicate that your message is +signed for all recipients. Example:

+ +
+   To: vp@company, secretary@company, employees@company,
+       friend@outside ((encrypt-pgp))
+   Subject: Important announcement
+   Sign:
+
+   ...
+
+ +

In this example, all recipients will get a signed message, and the +message to friend@outside will be encrypted as well.

+ +
+

Decoding

 +
+ +

The basic way to decode encrypted messages is to use premail +-decode as a command line. You can either give a filename as an +argument, or premail will accept the encrypted message on its standard +input. In either case, the decoded message will be printed on the +standard output.

+ +

The message can be a standard e-mail message (RFC 822 format), or +it can be an entire mailbox. In the latter case, premail will decode +each of the messages individually. If you don't have premail directly +integrated into your mailer, then here's a handy way to view your +mail:

+ +
+   premail -decode $MAIL | more
+
+ +

If the message is actually encrypted, then premail will need to +access the secrets file. If you are logged out of premail, then +premail will try to open an xterm window for you to type the +passphrase for the secrets file. If that doesn't succeed, premail will +print an error message. At that point, you might choose to log in +(i.e. premail -login) and then try the decoding again.

+ +

If, as in many mailers, you have easy access to the body of the +message but not the header, then you can use premail -decode +-body on the body. This works well for plain PGP encrypted +messages, but unfortunately does not work for MIME-based message +formats, because important information is contained in the header. +

+ +

The results of the decoding (including signature verification) are +given in an X-Premail-Auth: header field. This header field +is protected against forgery; if the original message contains it, it +is changed to X-Attempted-Auth-Forgery.

+ +
+

Anonymity

 +
+ +

The original reason for writing premail was to provide good +support for anonymous +remailers. If you're not interested in sending anonymous mail, you +can skip this section.

+ +

Sending anonymous mail is very similar to sending encrypted mail. +Simply add the ((chain)) command to the recipient's e-mail +address. Alternatively, you can add a Chain: header field, +and the mail will be send anonymously to all recipients.

+ +

Even though the chain command is simple, a lot is going on under +the surface. The default chain is 3, which asks that three +"good" remailers be chosen randomly. To make sure that it makes its +choice based on fresh, up-to-date information, premail downloads the +remailer list and a set of PGP public keys for the remailers from the +Web (the actual URLs are configuration options). After choosing the +remailers, the message is multiply encrypted with the PGP public keys, +and finally sent to the first remailer in the chain.

+ +

The automatic chain selection process is very good. My tests +indicate that reliability is consistently above 99%. Further, the +chain selection process avoids some potential problems. For example, +some remailers are known not to work well in chains, probably because +of incorrectly configured "block lists." Also, some remailers are +"linked," in the sense of being hosted on the same machine, or being +administered by the same person. Choosing a sequence of linked +remailers wouldn't offer much security, so premail doesn't.

+ +

You can also choose the chain length. A shorter chain will be +faster and more reliable, but less secure, and conversely for longer +chains. For example, ((chain=5)) selects a chain of five +remailers.

+ +

If this isn't enough control, you can specify the exact chain of +remailers by hand. For example, ((chain=replay;jam;exon)) +bounces the message around a few times outside the US.

+ +

Mixmaster chains are specified inside an additional set of +parentheses. At the moment, there is no way to automatically select a +chain of Mixmaster remailers, so you have to do it by hand. For +example: ((chain=(replay;ecafe-mix;lcs))). You can even mix +Mixmaster and type-1 remailers; for example, +((chain=(anon);1;(replay))) will sandwich one well-chosen +remailer between the two Mixmaster remailers.

+ +

Extra header fields can be placed in the outgoing message by +prefixing the header with "Anon-". A particularly common +usage is an Anon-Reply-To: field, which specifies a reply-to +address in the mail delivered to the recipient. The Reply-To: +header field is used often enough that premail includes a +default-reply-to configuration option, which automatically +adds it to all anonymous messages.

+ +

The following header fields are passed through to the anonymized +message, even without the Anon- prefix:

+ +
+   Mime-Version:
+   Content-Type:
+   Content-Transfer-Encoding:
+   Newsgroups:
+   X-Anon-To:
+   In-Reply-To:
+   References:
+
+ +
+

Using nyms

 +
+ +

This section describes how to create and use nyms, which +are accounts for sending and receiving anonymous mail. There are two +types of nymservers: alpha (named after the now defunct alpha.c2.org), +and newnym. For the most part, the operation of the two is similar. +

+ +

To create a new nym, type

+ +
+   premail -makenym
+
+ +

and follow the prompts. This command is also good for updating an +existing nym, which is important if one of the nym's remailers goes +down.

+ +

You can also create or update a nym from the command line, as +follows:

+ +
+   premail -makenym you@alias.cyberpass.net your@real.email.address
+
+ +

When premail creates a nym, it chooses random passphrases (one for +each remailer in the chain). The passphrases and other details of the +nym are stored in the premail secrets file. Thus, the nym is fairly +secure (much more so than, say, anon.penet.fi).

+ +

The decode mechanism handles responses to nyms, again looking up +the passphrases in the premail secrets file.

+ +

You can also send mail from your nym, in one of two ways. Assume +for the sake of example that your nym is you@alias.cyberpass.net. Then, you +would use a chain of 2;cyber=you. Alternatively, you can use +a chain of 2;cyber and include this header field:

+ +
+   Anon-From: you@alias.cyberpass.net (You Know Who)
+
+ +

If you want the nymserver to send you a confirmation every time +you send mail from your nym, add a $config{'ack'} = 'yes'; +line to your preferences file.

+ +

To delete a nym:

+ +
+   premail -makenym you@alias.cyberpass delete
+
+ +

Please delete nyms if you are not actually using them; this helps +free up disk space and prevents the nymservers from being overloaded.

+ +

As of version 0.46, premail now supports the newnym type of +nymserver. This nymserver is more richly featured than the alpha type. +You do have to answer a few more prompts when creating nyms for the +newnym type, including creating a new PGP key. It's worth it, though. +The newnym servers seem to be working a lot better than the alpha ones +ever did. For more information on newnym, see the nym.alias.net +homepage. If you want to exchange nyms between premail and other +programs (or a manual setup), then take a look at the -importnym and +-exportnym commands, which are explained in the documentation for the +patch +that upgraded premail 0.44 to have newnym capability.

+ +
+

Posting to Usenet

 +
+ +

Even though some remailers can post directly to Usenet, premail does +not support that. Thus, if you want to post to Usenet, you should use +a mail-to-news gateway.

+ +

To find a working mail-to-news gateway, check Don Kitchen's list. There +are two basic kinds: sites that scan the header fields, and sites that +include the newsgroup in the address.

+ +

Using the address-parsing kind, to post to alt.anonymous, you'd +just send mail to alt.anonymous@myriad.alias.net (assuming, of +course, that myriad.alias.net is still functioning).

+ +

Using the header-scanning kind, send mail to +mail2news@myriad.alias.net, and include this header field:

+ +
+   Newsgroups: alt.anonymous
+
+ +

The header scanning kind has one advantage: you can cross-post to +multiple newsgroups using one mail message.

+ +

One frequently asked question is: how can I follow up on a thread +while posting anonymously? This is easy. Find the Message-Id: +header field in the post you're responding to, and change it into a +References: field in your outgoing mail.

+ +

Here's an example that ties it all together. Let's say you wanted +to reply to this post:

+ +
+   From: Edward Brian Kaufman <ebk8@columbia.edu>
+   Newsgroups: alt.privacy.anon-server, alt.anonymous
+   Subject: A few questions about anon posts
+   Message-ID: <Pine.SUN.3.94L.960630113156@aloha.cc.columbia.edu>
+
+   Hi,
+
+   I'd like to know what the best/easiest way to do anon posts is and
+   how to do them.  Thank you,
+
+   Ed
+
+ +

To post the reply anonymously, send this mail:

+ +
+   To: mail2news@myriad.alias.net ((chain))
+   Cc: Edward Brian Kaufman <ebk8@columbia.edu> ((chain))
+   Newsgroups: alt.privacy.anon-server, alt.anonymous
+   Subject: Re: A few questions about anon posts
+   References: <Pine.SUN.3.94L.960630113156@aloha.cc.columbia.edu>
+
+   If you have a Unix machine, using premail is the best way. To find
+   out how, read the manual.
+
+ +
+

Address book

 +
+ +

Adding the extra encryption commands is not difficult, but it can +be tedious and potentially error prone. Thus, premail provides an address +book for specifying commands to be used with specific e-mail addresses. + +

For example, let's say that one of your correspondents tells you +that she prefers mail to be PGP encrypted. Then, instead of typing +((encrypt-pgp)) every time you send her mail, you could add +this line to your addresses file:

+ +
+   her@email.address: ((encrypt-pgp))
+
+ +

The addresses file is usually at ~/.premail/addresses, +but the location is a configurable option.

+ +

Another example was the hackerpunks mailing list (now defunct), in +which all of the subscribers have alpha.c2.org nyms. Since +haqr@alpha.c2.org had this line in his addresses file, he was able to +post to the list with just "To: hpunks":

+ +
+   hpunks: hackerpunks@alpha.c2.org ((chain=2;alpha=haqr))
+
+ +

An address book entry can also expand to a list of addresses. For +example:

+ +
+   alice: alice@crypto.com ((encrypt-pgp))
+   bob: bwhite@got.net ((key=bobw@netcom.com))
+   eric: eric@ecsl.org ((encrypt-pgp))
+
+   friends: alice, bob, eric
+
+ +

Sending mail to friends would then do what you'd expect: +send encrypted mail to each of alice, bob, and eric's full e-mail +addresses.

+ +
+

S/MIME

 +
+ +

Version 0.46 of premail contains limited support for S/MIME +messages. Basic message formatting works, but there are problems with +creating usable certificates, and there is still no support for an +encryption algorithm interoperable with RC2. However, a few hearty +souls may wish to experiment with the S/MIME functionality that is +present. This section explains how to do it.

+ +

First, you must install RIPEM 3.0b2 (or later). This is available +from the ripem export-controlled FTP site. You'll need +to get an account on the server in order to download any of the +export-controlled code - the GETTING_ACCESS +file on the site explains how.

+ +

Once you have RIPEM installed (and the ripem +configuration option pointing to the executable), create a public key +with this command:

+ +
+   premail -ripemkey
+
+ +

You will then be prompted for your e-mail address. Alternatively, +you can give your e-mail address as a command line argument to +premail -ripemkey.

+ +

After your key is created, you can send signed messages by adding +the ((ssign)) command. If you send a signed message to +another premail user, they will have your public key, and can send you +mail, by using ((encrypt=your@user.id)).

+ +

The default encryption is Triple-DES. If the recipient can't +handle it, then ((encrypt-des)) will fall back to plain DES, +which most users will be able to decrypt - probably including "export" +versions of S/MIME. Of course, the disadvantage of using plain DES is +that any competent spy organization will also be able to decrypt the +messages ;-).

+ +

Unfortunately, RIPEM 3.0b2 has some significant differences from +other S/MIME implementations in the way it handles public key +certificates. These prevent you from getting a VeriSign certificate +you can use. It is, however, possible to accept VeriSign class 1 beta +certificates by running the following (prompts and messages are in +normal font, what you type is in boldface; you can find out the +password by looking in the secrets file):

+ +
+   > rcerts -u your@user.id
+   Enter password to private key:
+   E - Enable standard issuers...
+   ...other choices...
+     Enter choice:
+   e
+   ...V - VeriSign something or other...
+   v
+     Enter the number of months the certificate will be valid, or blank to cancel:
+   12
+     Enter choice:
+   q
+
+ +
+

Debugging

 +
+ +

If you run into trouble with premail, it might be of value to turn +on some of the debugging options. This can be done on the command +line, or in the .premailrc file. In the former case, add a ++debug=chvy argument to the command line. In the latter case, +try:

+ +
+   $config{'debug'} = 'chvy';
+
+ +

Here are the meanings of the debug options:

+ +c: Print command line invocation.
+ +h: Print headers of input message.
+ +l: Debug output goes to log instead of stdout.
+ +p: Print finished message, do PGP.
+ +r: Print chain chosen (useful in debugging chain +selection).
+ +y: Print finished message, don't do PGP.
+ +v: Print all kinds of verbose info.
+ +

Note that +debug=p puts the encrypted message on stdout. +This may be useful for constructing reply blocks, among other things. +

+ +

If there are problems with premail, then one of the best ways to +track them down is through the log. Try setting the debug +configuration option to chvl, setting the logfile +configuration option (for example, to ~/.premail/log), and +then examining the log. Also, if you're bringing bugs to my attention, +it helps a lot if you can send me relevant excerpts from the log.

+ +
+

Technical notes

 +
+ +

This section covers a number of techincal notes related to the +operation of premail. This information should not be necessary for +ordinary use.

+ +

Multiple recipients

+ +

One of the tricky problems with mail encryption packages such as +premail is how to deal with multiple recipients. Based on experience +with previous versions, this version of premail tries very hard to +"get it right." However, as a consequence, the exact behavior can +sometimes be difficult to understand.

+ +

The hard part is when some of the recipients have encryption +specified and others don't. What premail does is to split the +recipients up into groups. If two recipients can receive the same +actual message, they are in the same group, otherwise not. For +example, recipients getting an encrypted and an unencrypted message +cannot be in the same group. However, multiple recipients appearing in +To: and Cc: fields that use the same encryption +method will be in the same group. A single message, encrypted to +multiple recipients, will be sent, which is considerably more +efficient than encrypting separately for each recipient.

+ +

One subtle point is the handling of Bcc: recipients. The +semantics of Bcc: specify that the mail be sent to each of +the Bcc: recipients, but that none of the other recipients be +able to find out their identity. However, encrypting to multiple +recipients would defeat this, because it is possible to indentify all +of the recipients of the encrypted message. Thus, each encrypted +Bcc: recipient gets its own group.

+ +

Each recipient of an anonymous message also gets its own group, +for similar reasons.

+ +

An attempt is made to make the headers in the message +received by the recipient be the same as if no encryption were used. +Specifically, the complete To: and Cc: header fields +will be present, but the Bcc: field will be missing. One +exception to this rule is anonymous messages, in which case the +recipient can't see any information about the other recipients.

+ +

Error handling

+ +

The goal is to handle errors in the same way as sendmail. Thus, +the exact handling depends on the setting of the -oe command +line option. The default (as in sendmail) is -oep, meaning +that the error message is printed to standard out, and the mail message is +appended to the dead letter file (the location of which is a +configuration option).

+ +

Another choice is -oem, in which case the error message +and the mail message are packaged together and mailed back to the +user. This is appropriate when the mailer has no way to deal with +error messages returned from premail.

+ +

One additional choice, not provided by sendmail, is -oed, +which prints the error message on standard out, but drops the mail +message. This is a good choice if the mailer can interpret a non-zero +return status code as indication of an error. This is the mode used by +Netscape (and is automatically selected when premail is invoked as +prezilla).

+ +

Security issues

+ +

In designing premail, usefulness and convenience were considered +more important than top security. Nonetheless, it can provide good +security, especially if you are aware of the security issues.

+ +

One overriding assumption was that your machine is secure, and +that the serious threats were those of eavesdroppers on the network +and e-mail forgers. In general, premail handles passive attacks quite +well, while containing a number of vulnerabilities to active attacks. +

+ +

Here are some potential security pitfalls with premail:

+ +
    + +
  • Stores secrets information on disk file. + +
  • Stores (potentially sensitive) temporary files on disk. + +
  • Does not check authenticity of remailer list, remailer public key +ring, or Mixmaster information gotten from the Web. + +
  • Accessing the Web signals when anonymous mail is about to be sent, +perhaps aiding traffic analysis. + +
  • Does not evaluate the trustworthiness of public keys used for +encryption and signature checking. + +
+ +

Useless features

+ +

Over the years, premail has accumulated a number of features of +dubious value. One of them is support for MOSS, a nice encryption +protocol that nevertheless failed to catch on. If you feel the urge to +use it, documentation is available in the release +notes for version 0.43.

+ +

One potentially cool feature is a server for decoding e-mail. This +would be a useful feature if there were any mailers which used +it. The protcol for the server was designed to be fast (much, much +faster than invoking premail -decode separately for each +message), as well as "crypto-neutral," meaning that it doesn't contain +any features designed just for crypto, and that it could be used for +other tasks, for example converting image formats or character sets. +Thus, a client designed to use this protocol would like be fully +exportable from the US. If you're interested in integrating support +for this protocol into a popular e-mail client, please get in touch +with me.

+ +
+

Related documents

 +
+ +
    + +
  • The README file for premail +version 0.33a. + +
  • Release notes for version 0.43 of premail. + +
+ +
+ +
premail home + + --- premail-0.46.orig/doc-0.46.txt +++ premail-0.46/doc-0.46.txt @@ -0,0 +1,1053 @@ + + This document is available online at + [1]http://www.c2.net/~raph/premail/. + +Introduction to premail + + This is the documentation for version 0.46 of premail, an e-mail + privacy package by [2]Raph Levien. It is organized as a single, + large document so as to be easily readable when printed. You can, + however, jump directly to one of these topics: [3]installation, + [4]secrets, [5]preferences, [6]Netscape, [7]Pine, [8]other mailers, + [9]command line, [10]encryption, [11]decoding, [12]anonymity, + [13]nyms, [14]usenet, [15]address book, [16]smime, [17]debugging, + [18]technical notes, [19]related documents, (end of list). + + The main function of premail is adding support for encrypted e-mail + to your mailer, using plain PGP, [20]PGP/MIME, [21]MOSS, or + [22]S/MIME. + + In addition, premail provides a seamless, transparent interface to + the [23]anonymous remailers, including full support for Mixmaster + remailers and the nymservers. Nymservers provide cryptographically + protected, fully anonymous accounts for both sending and receiving + e-mail. + + While premail can be used as a stand-alone application, it works + best when integrated with your mailer. Currently, premail is + integrated completely seamlessly and transparently only with + Netscape 3.0's built-in mailer. It works fairly well with [24]Pine + 3.94 or later, as well (plain PGP is supported, but decryption of + MIME-based e-mail encryption protocols is still missing). + Transparent integration of outgoing mail only is supported for any + mailer in which the mail sending program can be configured, + including Berkeley mail, most emacs mailers, and [25]MH. For these + mailers, you can decode messages with a single command. + + To integrate with your mailer, premail places itself between the + mailer and the actual mail transport. For outgoing mail, premail + masquerades as sendmail. You configure your mailer to call premail + instead of sendmail. Then, premail performs the encryption or + signing, and invokes sendmail to actually send the message. + + For mailers that call a command to receive incoming mail (including + Netscape 3.0), the situation is similar. Netscape, for example, can + be configured to call movemail to get incoming mail. To integrate + premail, you'd configure Netscape to call premail instead, which + would in turn call movemail to actually get the mail, then would + decode it. + + You need the following software in order to effectively use + premail: + + * Unix. Unfortunarely, premail does not work on Mac or Windows. + * [26]Perl 5.000 or later. + * [27]PGP (version 2.6.2 recommended). + * [28]RIPEM 3.0b2 or later (optional, for S/MIME support) + + [29]TIS/MOSS 7.1 (optional, for MOSS support) + + [30]Mixmaster (optional, for higher security anonymous mail) + + [31]Lynx (only if you're behind a firewall) + +Installation + + First, you need to get premail. The source code is available from + an [32]export-control Web server. You may also be able to find a + copy on the [33]Hacktic FTP site in the Netherlands. In either + case, you want to get the file premail-0.46.tar.gz. + + After you've gotten the file, unpack it. This command should do it: + + gzip -dc premail-0.46.tar.gz | tar xvf - + + The unpacking process will create a subdirectory called + premail-0.46, containing the following files: + + README A short description of the contents + premail The premail program itself + preferences A skeletal preferences file + + Test to see if you can run premail. These commands should print a + usage summary: + + cd premail-0.46 + ./premail + + If you get an error message reading "command not found," then you + will have to edit the first line of premail to refer to the actual + pathname of the perl5 interpreter. One good way to find out the + pathname is to do "which perl5" or "which perl". + + On the other hand, if you get a string of syntax errors, then the + problem is that you are running perl4, while premail needs perl5. + Try to see if you can find perl5 on your machine. Otherwise, you + may need to install perl5 yourself. + + If you will be using premail from the command line frequently, then + you may want to copy (or symlink) the premail program into a + location in your $PATH. For example, if you have permission to add + files into /usr/local/bin, then you may consider running this + command: + + cp -p premail /usr/local/bin + + At this point, you are ready to test whether premail actually + works. We are assuming that you already have PGP installed and have + generated your own public key. Type this command, substituting in + your own e-mail address: + + ./premail -t + To: your@own.email.addr ((encrypt-pgp)) + Subject: Test + + Does this really work? + . + + If all goes well, you should be back at the command line within a + couple of seconds. If it seems to hang without any disk or net + activity, try typing randomly for a minute, under the assumption + that PGP needs random keystrokes. This shouldn't happen if PGP is + already set up correctly (including having generated your own + public key), but on the chance that it isn't, hanging while waiting + for random keystrokes is one of the more common failure modes. + + This is also the point at which you may get a PGP error. Two common + problems are that premail can't find the PGP program, in which case + you will want to add a line to your preferences file (see + [34]below), or that it can't find the public key corresponding to + your e-mail address. + + If the test was successful you now have a PGP-encrypted message in + your mailbox, then you should now have a PGP-encrypted message in + your mailbox. + +Preferences + + While premail's default configuration is designed to be sufficient + for the the most common cases, you may want to change some of the + configuration options. This is done by adding lines to the + preferences file. + + The default location for the preferences file is + ~/.premail/preferences, where ~ represents your home directory. The + premail distribution comes with a skeleton preferences file, but it + does not automatically copy it into the ~/.premail directory. You + might choose to do that yourself, or you might create one from + scratch. + + The format of the preferences file is a sequence of lines such as + the following: + + $config{'option'} = 'value'; + + All other lines (including those beginning with #) are considered + to be comments and are ignored. Here's a typical preferences file + (actually, the one on my home machine): + + $config{'logfile'} = '/home/raph/premail/log'; + $config{'debug'} = 'chvl'; + $config{'movemail'} = '/home/raph/bin/movehome'; + $config{'ripem'} = '/home/raph/install/ripem/main/ripem'; + $config{'pgp'} = '/usr/local/bin/pgp'; + + As you can see, a major use for the preferences file is to specify + full pathnames for the helper programs. In addition, I've set it up + to produce a full log, which I find useful, because I'm constantly + tracking down bugs :-) + + Here's a table of all the configuration options, their defaults, + and a very brief description. More complete descriptions are found + in the preferences file included in the premail distribution. + + _option + default_ _explanation_ + pgp + _pgp_ The location of the PGP executable. + sendmail + _/usr/lib/sendmail_ The location of the sendmail executable. + mixmaster + _mixmaster_ The location of the Mixmaster executable (useful for more + secure anonymous mail). + movemail + _movemail_ The location of the movemail executable (useful for + integrating Netscape 3.0). + ripem + _ripem_ The location of the ripem executable (needed for S/MIME + messages). + mossbin + __The directory containing the TIS/MOSS executables (needed for MOSS + messages). + post + _post_ The location of the MH post executable (needed for MH + integration). + geturl + __A command for getting files from the Web. Use "lynx -source" if + behind a firewall. + dead-letter + _~/dead.letter_ The file where premail stores undeliverable mail. + logfile + __The location where premail stores its log, if the l debug flag is + set. + storefile + __If set, the location where premail stores outgoing mail, instead of + calling sendmail. + tmpdir + _/tmp_ Where premail stores its temporary files. + charset + _iso-8859-1_ The default charset for outgoing 8-bit messages. + encrypt + _yes_ Set to blank to disable PGP encryption to remailers. + ack + __If set, nymservers will send acknowledgements for all outgoing mail. + extrablank + __If set, premail adds an extra blank on remailer messages. Useful if + behind a broken mail proxy. + debug + __Debugging flags (see section on [35]debugging). + signuser + __The user id of the default PGP secret key used to sign messages. + default-reply-to + __Adds a Reply-To: header field with this address when sending + anonymous e-mail. + addresses + _~/.premail/addresses_ The file containing your addresses. + rlist + _~/.premail/rlist_ The file where premail stores the remailer list. + pubring + _~/.premail/pubring.pgp_ The file where premail stores the public + keyring for the remailers. + premail-secrets-pgp + _~/.premail/secrets.pgp_ The file where premail stores the encrypted + secrets file. + premail-secrets + _/tmp/premail-secrets.$<_ The location of your secrets file + rlist-url + _http://kiwi.cs.berkeley.edu/rlist _The URL for the remailer list. + pubring-url + _http://kiwi.cs.berkeley.edu/pubring.pgp_ The URL for the remailer + public keyring. + type2-list-url + _http://www.jpunix.com/type2.html_ The URL for the Mixmaster type2 + list. + pubring-mix-url + _http://www.jpunix.com/pubring.html_ The URL for the Mixmaster + pubring. + +Secrets + + To create signatures, decrypt messages, or use nyms, you need to + set up a "premail secrets" file. If you will only be using premail + to encrypt outgoing mail, you can skip this section. + + The default filename is /tmp/.premail-secrets.$< , where $< is + equal to your numeric user id. To change the filename, use a + preferences line such as this one: + + $config{'premail-secrets'} = '/mnt/cryptdisk/premail-secrets'; + + If you don't know your numeric user id, you can find it by running + "echo $uid" (from csh or tcsh), "echo $UID" (from sh or bash), or: + + perl -e 'print "$<\n"' + + The premail secrets file has this format: + + $pgppass{'user'} = 'PGP passphrase for user'; + $pgppass{'alternate'} = 'PGP passphrase for alternate'; + $penetpass = 'Passphrase for anon.penet.fi'; + + However, make sure your premail secrets file has restrictive + permissions, so other people on your system can't read your + passphrases! This command is well recommended (substituting your + actual user id, of course): + + chmod 600 /tmp/.premail-secrets.7437 + + Logging in and logging out + + Generally, premail stores its secrets file in the /tmp directory. + In some cases, this is good enough security. In other cases, it + might be better to store the file encrypted most of the time, and + only decrypt it when necessary. To use this capability of premail, + first set a passphrase with: + + premail -setpass + + You will be prompted for a passphrase. You can use the same + passphrase as for your PGP key, or a different one, depending on + how many passphrases you want to remember. This command leaves you + logged in with the new passphrase set. + + To log out: + + premail -logout + + You might consider adding this command to your .logout file, so + that it occurs automatically every time you log out of your + account. + + To log in again: + + premail -login + + If you are running on a system with X, then premail will + automatically pop up a window to log in whenever the secrets are + needed. If you are not running X, and the secrets are needed, you + will get an error. In this case, you can log in manually and try + the command again. + +Netscape + + This section describes how to integrate premail into Netscape 3.0's + built-in mailer. Skip this section if you won't be using Netscape + mail. + + 1. Create symbolic links to premail called "prezilla" and + "premailmove". To do this, make sure you are in the same directory + as premail itself, and type: + + ln -s premail prezilla + ln -s premail premailmove + + 2. Find a working movemail. If you have emacs installed, then you + most likely have one in /usr/lib/emacs/etc/movemail or a similar + location. If you don't already have one, then the source (or + possibly binary) for one is included in the Netscape Navigator + distribution and you can build it (no need if a binary is + included). Then, make sure premail can find it by adding a line + such as this one to your preferences file: + + $config{'movemail'} = '/usr/lib/emacs/etc/movemail'; + + This usage assumes that you get your mail from a mail spool, as + opposed to POP or some such. You may be able to get it to work for + POP as well, but you need to figure out how to invoke movemail to + move the mail from your mailbox to a file (specified as the second + argument to the movemail script). + + 3. Add this line to your .cshrc, assuming your shell is csh or + tcsh: + + setenv NS_MSG_DELIVERY_HOOK /your/path/to/prezilla + + Also run this command from the shell so it takes effect + immediately. The syntax is slightly different if your shell is sh + or bash _(note: is this right?)_: + + NS_MSG_DELIVERY_HOOK=/your/path/to/prezilla + export NS_MSG_DELIVERY_HOOK + + 4. Start Netscape (exit first if it's already running). Go to the + Options|Mail and News Preferences dialog, select the Servers tab. + Click on "External Movemail" and set the value to + /your/path/to/premailmove. + + Try sending yourself mail, and clicking on "Get Mail" from the + Netscape Mail window. The mail should show up in the Inbox, + correctly decoded. + + To view the X-Premail-Auth: header field to see the result of + signature checking, select Options|Show All Headers from the + Netscape Mail window. + + Note: as of Netscape v3.0, there is still a bug in the handling of + the Bcc: header field, which causes it to be ignored. Do not use + this field. Hopefully, this will be fixed in a future version of + Netscape. + + Note: some 3.0 beta versions modify the PATH environment variable. + If premail seems to work correctly from the command line, but not + from Netscape, try setting absolute pathnames for the programs used + by premail. + +Pine + + As of Pine 3.94, premail integrates both outgoing mail and the + decryption of plain PGP incoming mail. Unfortunately, decryption of + MIME-based mail is not yet supported. + + Two Pine configuration options need to be set to integrate premail + (i.e. from the main Pine screen, S for setup, then C for + configure). First, sendmail-path should be set to a value similar + to this (substituting the actual path to premail): + + /your/path/to/premail -oem -t -oi + + Second, display_filters should be set to a value similar to this: + + _BEGINNING("-----BEGIN PGP")_ /your/path/to/premail -decode -body + + If you have trouble finding these options in the setup screen, then + you can edit the .pinerc file directly. + + One caveat when using Pine: it usually tries to be "smart" and + remove comments from e-mail addresses, which includes the + double-paren commands such as ((encrypt-pgp)). There are a few ways + to deal with this problem: + + * Use "( )" instead of (( )). _Note: I think this works, but I + haven't tested it._ + * Use the alternative caret syntax. These two lines mean the same + thing: + + To: raph@cs.berkeley.edu ((encrypt-key, sign)) + To: raph@cs.berkeley.edu^encrypt-key^sign + * Avoid setting the encryption options on the command line + altogether, and set them in the addresses file instead (see + [36]below). + +Other mailers + + This section describes how to integrate premail with MH, emacs, and + UCBMail. With these mailers, premail will only handle outgoing mail + automatically. To decode incoming mail, you still need to invoke + premail -decode by hand. + + Integrating premail with Emacs + + To add premail support to emacs, just add this line to your .emacs + file: + + (setq sendmail-program "/your/path/to/premail") + + Integrating premail with MH + + In whatever directory you keep the premail executable, create a + symbolic link as follows: + + ln -s premail prepost + + Under the name "prepost", premail will masquerade as MH's post + program rather than sendmail. You can get MH to call premail + instead of post by adding this line to your .mh_profile: + + postproc: /your/path/to/prepost + + One thing to keep in mind is that premail's processing is done + before that of post. Thus, if you have MH aliases, they will get + expanded after the call to premail. If you use only premail + aliases, only MH aliases, or neither, this won't be a problem. + + Alternatively, if you have appropriate privileges, you can add this + line to /usr/lib/mh/mtstailor: + + sendmail: /your/path/to/premail + + You may also have to configure MH to call sendmail locally rather + than connecting to an SMTP server. Don't do both the mtstailor and + mh_profile methods -- that would run premail twice. + + Installing premail with UCBmail + + UCBmail is a simple mailer front-end (also known as Mail and + mailx). If, when you type "mail user@site.dom", the mailer asks you + for a "Subject: " line, you are undoubtedly using UCBmail. If so, + you are in luck - it integrates very easily with premail. Just add + this line to your ~/.mailrc file: + + set sendmail=/your/path/to/premail + + Using premail with UCBmail is not very different from using premail + by itself, but you do get some handy features, such as including + files and using an editor on the mail. + +Command line + + Hopefully, you have integrated premail into your mail client, and + you won't have to invoke it from the command line. However, there + may still be times when it is convenient to use premail from the + command line. + + The most basic use of premail is as a replacement for sendmail. For + example, you can send mail directly from the command line, as + follows (here, the > represents the Unix prompt): + + > premail -t + To: raph@cs.berkeley.edu ((sign)) + Subject: premail bug report + + Here's a bug in premail: ... + . + > + + The -t option specifies that the recipients are extracted from the + header fields (To:, Cc:, Bcc:, and the Resent- variants of each). + As in sendmail, you can specify the recipients on the command line + instead of using the -t option. + + In addition, you can set configuration options from the command + line, using the +option=value syntax. This is especially useful + with the [37]debug option. For example, to show you what happens + when formatting mail for remailers, but not actually send the + message: + + + > premail +debug=ry -t + To: raph@cs.berkeley.edu ((chain=1)) + Subject: test of remailer + + test + . + Chose chain exon + /usr/lib/sendmail -oi remailer\@remailer\.nl\.com + + There is one configuration option that can only be set from the +command line in this fashion, which is the location of the preferences +file itself. The configuration option is preferences, and the +default value is ~/.premail/preferences. + + +Encryption + + Once you've got premail set up, actually using encryption is easy. + You simply add commands in double parentheses to the e-mail + addresses. The encrypt-pgp command (which can be abbreviated to + key) adds encryption to the outgoing mail, and the sign command + signs it. + + For example, to send me encrypted mail, you'd send it to + raph@cs.berkeley.edu ((encrypt-pgp)). You need to have a key with + this user id on your PGP public keyring, otherwise you'll get an + error message. If the user id on the key doesn't match the e-mail + address, you can specify it directly. For example, to send mail + directly to my workstation, but using the same public key as above, + use raph@kiwi.cs.berkeley.edu ((key=raph@cs.berkeley.edu)). + + Signing works much the same way. I can sign mail by adding + ((sign=raph@cs.berkeley.edu)) to the outgoing address. Actually, + because I set the signuser configuration option in my preferences + file, all I have to add is ((sign)). + + Doing both encryption and signing is just as easy. For example, to + send me signed, encrypted mail, use this line: + + To: raph@cs.berkeley.edu ((encrypt-pgp, sign)) + + Each recipient is treated separately - the double-paren commands + after an e-mail address apply to that recipient only. However, you + can add a Sign: header field to indicate that your message is + signed for all recipients. Example: + + To: vp@company, secretary@company, employees@company, + friend@outside ((encrypt-pgp)) + Subject: Important announcement + Sign: + + ... + + In this example, all recipients will get a signed message, and the + message to friend@outside will be encrypted as well. + +Decoding + + The basic way to decode encrypted messages is to use premail + -decode as a command line. You can either give a filename as an + argument, or premail will accept the encrypted message on its + standard input. In either case, the decoded message will be printed + on the standard output. + + The message can be a standard e-mail message (RFC 822 format), or + it can be an entire mailbox. In the latter case, premail will + decode each of the messages individually. If you don't have premail + directly integrated into your mailer, then here's a handy way to + view your mail: + + premail -decode $MAIL | more + + If the message is actually encrypted, then premail will need to + access the secrets file. If you are logged out of premail, then + premail will try to open an xterm window for you to type the + passphrase for the secrets file. If that doesn't succeed, premail + will print an error message. At that point, you might choose to log + in (i.e. premail -login) and then try the decoding again. + + If, as in many mailers, you have easy access to the body of the + message but not the header, then you can use premail -decode -body + on the body. This works well for plain PGP encrypted messages, but + unfortunately does not work for MIME-based message formats, because + important information is contained in the header. + + The results of the decoding (including signature verification) are + given in an X-Premail-Auth: header field. This header field is + protected against forgery; if the original message contains it, it + is changed to X-Attempted-Auth-Forgery. + +Anonymity + + The original reason for writing premail was to provide good support + for [38]anonymous remailers. If you're not interested in sending + anonymous mail, you can skip this section. + + Sending anonymous mail is very similar to sending encrypted mail. + Simply add the ((chain)) command to the recipient's e-mail address. + Alternatively, you can add a Chain: header field, and the mail will + be send anonymously to all recipients. + + Even though the chain command is simple, a lot is going on under + the surface. The default chain is 3, which asks that three "good" + remailers be chosen randomly. To make sure that it makes its choice + based on fresh, up-to-date information, premail downloads the + remailer list and a set of PGP public keys for the remailers from + the Web (the actual URLs are configuration options). After choosing + the remailers, the message is multiply encrypted with the PGP + public keys, and finally sent to the first remailer in the chain. + + The automatic chain selection process is very good. My tests + indicate that reliability is consistently above 99%. Further, the + chain selection process avoids some potential problems. For + example, some remailers are known not to work well in chains, + probably because of incorrectly configured "block lists." Also, + some remailers are "linked," in the sense of being hosted on the + same machine, or being administered by the same person. Choosing a + sequence of linked remailers wouldn't offer much security, so + premail doesn't. + + You can also choose the chain length. A shorter chain will be + faster and more reliable, but less secure, and conversely for + longer chains. For example, ((chain=5)) selects a chain of five + remailers. + + If this isn't enough control, you can specify the exact chain of + remailers by hand. For example, ((chain=replay;jam;exon)) bounces + the message around a few times outside the US. + + Mixmaster chains are specified inside an additional set of + parentheses. At the moment, there is no way to automatically select + a chain of Mixmaster remailers, so you have to do it by hand. For + example: ((chain=(replay;ecafe-mix;lcs))). You can even mix + Mixmaster and type-1 remailers; for example, + ((chain=(anon);1;(replay))) will sandwich one well-chosen remailer + between the two Mixmaster remailers. + + Extra header fields can be placed in the outgoing message by + prefixing the header with "Anon-". A particularly common usage is + an Anon-Reply-To: field, which specifies a reply-to address in the + mail delivered to the recipient. The Reply-To: header field is used + often enough that premail includes a default-reply-to configuration + option, which automatically adds it to all anonymous messages. + + The following header fields are passed through to the anonymized + message, even without the Anon- prefix: + + Mime-Version: + Content-Type: + Content-Transfer-Encoding: + Newsgroups: + X-Anon-To: + In-Reply-To: + References: + +Using nyms + + This section describes how to create and use _nyms_, which are + accounts for sending and receiving anonymous mail. There are two + types of nymservers: alpha (named after the now defunct + alpha.c2.org), and newnym. For the most part, the operation of the + two is similar. + + To create a new nym, type + + premail -makenym + + and follow the prompts. This command is also good for updating an + existing nym, which is important if one of the nym's remailers goes + down. + + You can also create or update a nym from the command line, as + follows: + + premail -makenym you@alias.cyberpass.net your@real.email.address + + When premail creates a nym, it chooses random passphrases (one for + each remailer in the chain). The passphrases and other details of + the nym are stored in the premail secrets file. Thus, the nym is + fairly secure (much more so than, say, anon.penet.fi). + + The decode mechanism handles responses to nyms, again looking up + the passphrases in the premail secrets file. + + You can also send mail from your nym, in one of two ways. Assume + for the sake of example that your nym is you@alias.cyberpass.net. + Then, you would use a chain of 2;cyber=you. Alternatively, you can + use a chain of 2;cyber and include this header field: + + Anon-From: you@alias.cyberpass.net (You Know Who) + + If you want the nymserver to send you a confirmation every time you + send mail from your nym, add a $config{'ack'} = 'yes'; line to your + preferences file. + + To delete a nym: + + premail -makenym you@alias.cyberpass delete + + Please delete nyms if you are not actually using them; this helps + free up disk space and prevents the nymservers from being + overloaded. + + As of version 0.46, premail now supports the newnym type of + nymserver. This nymserver is more richly featured than the alpha + type. You do have to answer a few more prompts when creating nyms + for the newnym type, including creating a new PGP key. It's worth + it, though. The newnym servers seem to be working a lot better than + the alpha ones ever did. For more information on newnym, see the + [39]nym.alias.net homepage. If you want to exchange nyms between + premail and other programs (or a manual setup), then take a look at + the -importnym and -exportnym commands, which are explained in the + documentation for the [40]patch that upgraded premail 0.44 to have + newnym capability. + +Posting to Usenet + + Even though some remailers can post directly to Usenet, premail + does not support that. Thus, if you want to post to Usenet, you + should use a mail-to-news gateway. + + To find a working mail-to-news gateway, check Don Kitchen's + [41]list. There are two basic kinds: sites that scan the header + fields, and sites that include the newsgroup in the address. + + Using the address-parsing kind, to post to alt.anonymous, you'd + just send mail to alt.anonymous@myriad.alias.net (assuming, of + course, that myriad.alias.net is still functioning). + + Using the header-scanning kind, send mail to + mail2news@myriad.alias.net, and include this header field: + + Newsgroups: alt.anonymous + + The header scanning kind has one advantage: you can cross-post to + multiple newsgroups using one mail message. + + One frequently asked question is: how can I follow up on a thread + while posting anonymously? This is easy. Find the Message-Id: + header field in the post you're responding to, and change it into a + References: field in your outgoing mail. + + Here's an example that ties it all together. Let's say you wanted + to reply to this post: + + From: Edward Brian Kaufman + Newsgroups: alt.privacy.anon-server, alt.anonymous + Subject: A few questions about anon posts + Message-ID: + + Hi, + + I'd like to know what the best/easiest way to do anon posts is and + how to do them. Thank you, + + Ed + + To post the reply anonymously, send this mail: + + To: mail2news@myriad.alias.net ((chain)) + Cc: Edward Brian Kaufman ((chain)) + Newsgroups: alt.privacy.anon-server, alt.anonymous + Subject: Re: A few questions about anon posts + References: + + If you have a Unix machine, using premail is the best way. To find + out how, read the manual. + +Address book + + Adding the extra encryption commands is not difficult, but it can + be tedious and potentially error prone. Thus, premail provides an + address book for specifying commands to be used with specific + e-mail addresses. + + For example, let's say that one of your correspondents tells you + that she prefers mail to be PGP encrypted. Then, instead of typing + ((encrypt-pgp)) every time you send her mail, you could add this + line to your addresses file: + + her@email.address: ((encrypt-pgp)) + + The addresses file is usually at ~/.premail/addresses, but the + location is a configurable option. + + Another example was the hackerpunks mailing list (now defunct), in + which all of the subscribers have alpha.c2.org nyms. Since + haqr@alpha.c2.org had this line in his addresses file, he was able + to post to the list with just "To: hpunks": + + hpunks: hackerpunks@alpha.c2.org ((chain=2;alpha=haqr)) + + An address book entry can also expand to a list of addresses. For + example: + + alice: alice@crypto.com ((encrypt-pgp)) + bob: bwhite@got.net ((key=bobw@netcom.com)) + eric: eric@ecsl.org ((encrypt-pgp)) + + friends: alice, bob, eric + + Sending mail to friends would then do what you'd expect: send + encrypted mail to each of alice, bob, and eric's full e-mail + addresses. + +S/MIME + + Version 0.46 of premail contains limited support for S/MIME + messages. Basic message formatting works, but there are problems + with creating usable certificates, and there is still no support + for an encryption algorithm interoperable with RC2. However, a few + hearty souls may wish to experiment with the S/MIME functionality + that is present. This section explains how to do it. + + First, you must install RIPEM 3.0b2 (or later). This is available + from the ripem export-controlled [42]FTP site. You'll need to get + an account on the server in order to download any of the + export-controlled code - the [43]GETTING_ACCESS file on the site + explains how. + + Once you have RIPEM installed (and the ripem configuration option + pointing to the executable), create a public key with this command: + + premail -ripemkey + + You will then be prompted for your e-mail address. Alternatively, + you can give your e-mail address as a command line argument to + premail -ripemkey. + + After your key is created, you can send signed messages by adding + the ((ssign)) command. If you send a signed message to another + premail user, they will have your public key, and can send you + mail, by using ((encrypt=your@user.id)). + + The default encryption is Triple-DES. If the recipient can't handle + it, then ((encrypt-des)) will fall back to plain DES, which most + users will be able to decrypt - probably including "export" + versions of S/MIME. Of course, the disadvantage of using plain DES + is that any competent spy organization will also be able to decrypt + the messages ;-). + + Unfortunately, RIPEM 3.0b2 has some significant differences from + other S/MIME implementations in the way it handles public key + certificates. These prevent you from getting a VeriSign certificate + you can use. It is, however, possible to accept VeriSign class 1 + beta certificates by running the following (prompts and messages + are in normal font, what you type is in boldface; you can find out + the password by looking in the secrets file): + + > _rcerts -u your@user.id_ + Enter password to private key: + E - Enable standard issuers... + _...other choices..._ + Enter choice: + _e_ + ...V - VeriSign something or other... + _v_ + Enter the number of months the certificate will be valid, or blank to canc +el: + _12_ + Enter choice: + _q_ + +Debugging + + If you run into trouble with premail, it might be of value to turn + on some of the debugging options. This can be done on the command + line, or in the .premailrc file. In the former case, add a + +debug=chvy argument to the command line. In the latter case, try: + + $config{'debug'} = 'chvy'; + + Here are the meanings of the debug options: + + c: Print command line invocation. + h: Print headers of input message. + l: Debug output goes to log instead of stdout. + p: Print finished message, do PGP. + r: Print chain chosen (useful in debugging chain selection). + y: Print finished message, don't do PGP. + v: Print all kinds of verbose info. + + Note that +debug=p puts the encrypted message on stdout. This may + be useful for constructing reply blocks, among other things. + + If there are problems with premail, then one of the best ways to + track them down is through the log. Try setting the debug + configuration option to chvl, setting the logfile configuration + option (for example, to ~/.premail/log), and then examining the + log. Also, if you're bringing bugs to my attention, it helps a lot + if you can send me relevant excerpts from the log. + +Technical notes + + This section covers a number of techincal notes related to the + operation of premail. This information should not be necessary for + ordinary use. + + Multiple recipients + + One of the tricky problems with mail encryption packages such as + premail is how to deal with multiple recipients. Based on + experience with previous versions, this version of premail tries + very hard to "get it right." However, as a consequence, the exact + behavior can sometimes be difficult to understand. + + The hard part is when some of the recipients have encryption + specified and others don't. What premail does is to split the + recipients up into groups. If two recipients can receive the same + actual message, they are in the same group, otherwise not. For + example, recipients getting an encrypted and an unencrypted message + cannot be in the same group. However, multiple recipients appearing + in To: and Cc: fields that use the same encryption method will be + in the same group. A single message, encrypted to multiple + recipients, will be sent, which is considerably more efficient than + encrypting separately for each recipient. + + One subtle point is the handling of Bcc: recipients. The semantics + of Bcc: specify that the mail be sent to each of the Bcc: + recipients, but that none of the other recipients be able to find + out their identity. However, encrypting to multiple recipients + would defeat this, because it is possible to indentify all of the + recipients of the encrypted message. Thus, each encrypted Bcc: + recipient gets its own group. + + Each recipient of an anonymous message also gets its own group, for + similar reasons. + + An attempt is made to make the headers in the message received by + the recipient be the same as if no encryption were used. + Specifically, the complete To: and Cc: header fields will be + present, but the Bcc: field will be missing. One exception to this + rule is anonymous messages, in which case the recipient can't see + any information about the other recipients. + + Error handling + + The goal is to handle errors in the same way as sendmail. Thus, the + exact handling depends on the setting of the -oe command line + option. The default (as in sendmail) is -oep, meaning that the + error message is printed to standard out, and the mail message is + appended to the dead letter file (the location of which is a + configuration option). + + Another choice is -oem, in which case the error message and the + mail message are packaged together and mailed back to the user. + This is appropriate when the mailer has no way to deal with error + messages returned from premail. + + One additional choice, not provided by sendmail, is -oed, which + prints the error message on standard out, but drops the mail + message. This is a good choice if the mailer can interpret a + non-zero return status code as indication of an error. This is the + mode used by Netscape (and is automatically selected when premail + is invoked as prezilla). + + Security issues + + In designing premail, usefulness and convenience were considered + more important than top security. Nonetheless, it can provide good + security, especially if you are aware of the security issues. + + One overriding assumption was that your machine is secure, and that + the serious threats were those of eavesdroppers on the network and + e-mail forgers. In general, premail handles passive attacks quite + well, while containing a number of vulnerabilities to active + attacks. + + Here are some potential security pitfalls with premail: + + * Stores secrets information on disk file. + * Stores (potentially sensitive) temporary files on disk. + * Does not check authenticity of remailer list, remailer public key + ring, or Mixmaster information gotten from the Web. + * Accessing the Web signals when anonymous mail is about to be sent, + perhaps aiding traffic analysis. + * Does not evaluate the trustworthiness of public keys used for + encryption and signature checking. + + Useless features + + Over the years, premail has accumulated a number of features of + dubious value. One of them is support for MOSS, a nice encryption + protocol that nevertheless failed to catch on. If you feel the urge + to use it, documentation is available in the [44]release notes for + version 0.43. + + One potentially cool feature is a server for decoding e-mail. This + _would_ be a useful feature if there were any mailers which used + it. The protcol for the server was designed to be fast (much, much + faster than invoking premail -decode separately for each message), + as well as "crypto-neutral," meaning that it doesn't contain any + features designed just for crypto, and that it could be used for + other tasks, for example converting image formats or character + sets. Thus, a client designed to use this protocol would like be + fully exportable from the US. If you're interested in integrating + support for this protocol into a popular e-mail client, please get + in touch with me. + +Related documents + + * The [45]README file for premail version 0.33a. + * [46]Release notes for version 0.43 of premail. + + _________ + + [47]premail home + +References + + 1. http://www.c2.net/~raph/premail/ + 2. http://kiwi.cs.berkeley.edu/~raph/ + 3. file://localhost/home/raph/premail/doc-0.46.html#install + 4. file://localhost/home/raph/premail/doc-0.46.html#secrets + 5. file://localhost/home/raph/premail/doc-0.46.html#pref + 6. file://localhost/home/raph/premail/doc-0.46.html#netscape + 7. file://localhost/home/raph/premail/doc-0.46.html#pine + 8. file://localhost/home/raph/premail/doc-0.46.html#other + 9. file://localhost/home/raph/premail/doc-0.46.html#command + 10. file://localhost/home/raph/premail/doc-0.46.html#encrypt + 11. file://localhost/home/raph/premail/doc-0.46.html#decode + 12. file://localhost/home/raph/premail/doc-0.46.html#anon + 13. file://localhost/home/raph/premail/doc-0.46.html#nyms + 14. file://localhost/home/raph/premail/doc-0.46.html#usenet + 15. file://localhost/home/raph/premail/doc-0.46.html#address + 16. file://localhost/home/raph/premail/doc-0.46.html#smime + 17. file://localhost/home/raph/premail/doc-0.46.html#debug + 18. file://localhost/home/raph/premail/doc-0.46.html#notes + 19. file://localhost/home/raph/premail/doc-0.46.html#docs + 20. http://www.c2.net/~raph/pgpmime.html + 21. http://www.tis.com/docs/Research/moss.html + 22. http://www.rsa.com/rsa/S-MIME/ + 23. http://www.cs.berkeley.edu/~raph/remailer-list.html + 24. http://www.cac.washington.edu/pine/ + 25. http://www.smartpages.com/faqs/mh-faq/part1/faq.html + 26. http://www.perl.com/perl/index.html + 27. http://web.mit.edu/network/pgp-form.html + 28. ftp://ripem.msu.edu/pub/crypt/ripem/ + 29. http://www.tis.com/docs/Products/tismoss.html + 30. http://www.obscura.com/~loki/ + 31. http://www.ukans.edu/about_lynx/about_lynx.html + 32. http://kiwi.cs.berkeley.edu/premail-form.html + 33. ftp://ftp.hacktic.nl/pub/replay/pub/remailer/ + 34. file://localhost/home/raph/premail/doc-0.46.html#pref + 35. file://localhost/home/raph/premail/doc-0.46.html#debug + 36. file://localhost/home/raph/premail/doc-0.46.html#address + 37. file://localhost/home/raph/premail/doc-0.46.html#debug + 38. http://www.cs.berkeley.edu/~raph/remailer-list.html + 39. http://kiwi.cs.berkeley.edu/~raph/n.a.n.html + 40. http://kiwi.cs.berkeley.edu/~raph/n.a.n.premail-info + 41. http://students.cs.byu.edu/~don/mail2news.html + 42. ftp://ripem.msu.edu/pub/crypt/ripem/ + 43. ftp://ripem.msu.edu/pub/crypt/ripem/GETTING_ACCESS + 44. http://www.c2.net/~raph/premail/premail.notes.0.43 + 45. file://localhost/home/raph/premail-readme.html + 46. file://localhost/home/raph/premail/premail.notes.0.43 + 47. file://localhost/home/raph/premail.html --- premail-0.46.orig/preferences +++ premail-0.46/preferences @@ -4,6 +4,8 @@ # Raph Levien # 4 Jul 1996 # +# And as modified to v. 0.46 in Raph's current package +# # To change a setting, remove the # before the $config, and edit the # value after the = sign. For example, to set pgppath to # ~/remailerkeys, change the line @@ -19,8 +21,8 @@ # almost always /usr/lib/sendmail, but if not, set it here. If you're # installing premail as /usr/lib/sendmail, then it's a better idea to # set it within the premail file itself, so that it doesn't depend on -# reading this ~/.premailrc file. Also, if you're installing premail -# as /usr/lib/sendmail, then make sure that none of the ~/.premailrc +# reading this preferences file. Also, if you're installing premail +# as /usr/lib/sendmail, then make sure that none of the preference # files have config{'sendmail'} set to premail -- this will cause a # nasty loop. # @@ -165,7 +167,9 @@ # URL's for information about the remailers. If these URL's are set to # blank, then that disables the process of getting the files from the -# Web. +# Web. The URL's shown below are longer valid and are included for +# historical interest and as an example. Please see +# http://www.noreply.org/allpingers/ for current stats and keyrings. # # $config{'rlist-url'} = 'http://kiwi.cs.berkeley.edu/rlist'; # $config{'pubring-url'} = 'http://kiwi.cs.berkeley.edu/pubring.pgp'; --- premail-0.46.orig/premail +++ premail-0.46/premail @@ -1,11 +1,13 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl +#!/usr/bin/perl -w <--- It's just to buggy for this :-( # # premail, an e-mail privacy package # +use FileHandle; -$version = '0.449'; +$version = '0.46'; -# Copyright 1996 Raph Levien +# Copyright 1996,1997 Raph Levien # All rights reserved. # # This program is free for commercial and non-commercial use as long as @@ -62,6 +64,16 @@ # other packages. This implementation was a non-trivial and unpaid # effort. +# Both of the following is needed to have secure tempfiles. -Joey +use IO::Handle; + +# Added to make PGPPASSFD pipe work with perl-5.6 stk-12/27/00 +#use Fcntl; + +unless (defined(&O_RDWR)) { + require Fcntl; + import Fcntl qw/O_RDWR O_CREAT O_EXCL/; +} # default configuration options @@ -85,18 +97,25 @@ $config{'rlist-valid'} = 300; -$config{'rlist-url'} = 'http://kiwi.cs.berkeley.edu/rlist'; -$config{'pubring-url'} = 'http://kiwi.cs.berkeley.edu/pubring.pgp'; -$config{'type2-list-url'} = 'http://www.jpunix.com/type2.html'; -$config{'pubring-mix-url'} = 'http://www.jpunix.com/pubring.html'; +$config{'rlist-url'} = ''; +$config{'pubring-url'} = ''; +$config{'type2-list-url'} = ''; +$config{'pubring-mix-url'} = ''; $config{'charset'} = 'iso-8859-1'; $config{'encrypt'} = 'yes'; +my @RELAYS; +#@RELAYS = ('anon.lcs.mit.edu'); + # the following config options are for testing only! #$config{'debug'} = 'chvy'; - +$config{'debug'} = ''; # Turns off troublesome warnings -- bfulgham 7/1/99 + # This is a hack, suggested by Ewen McNeill to handle + # some valid error messages that would take too much + # effort to fix ATM. These errors should not impact + # day-to-day use of the program. # Global state %cmdline_configs = (); # config options set from command line @@ -112,6 +131,7 @@ $editfile = ''; # name of file to edit $dashoi = 0; # -oi on cmd line $more_input = 1; +$in_active=0; # IN handler opened $header_sep = ''; $in_body = ''; # the filename of the input message body $prezilla = 0; # special mode for Netscape Navigator 2.1 @@ -308,6 +328,12 @@ if ($1 =~ /^[mwpqe]$/) { push (@sendmail_args, $_); } } elsif (/^\-od(.)$/) { push (@sendmail_args, $_); + } elsif (/^\-[BNRV].+$/) { + push (@sendmail_args, $_); + } elsif (/^\-[BNRV]$/) { + if ($#_ < 0) { &error ("$_ option needs an argument\n"); } + push (@sendmail_args, $_); + push (@sendmail_args, shift); } elsif (/^\-f$/) { if ($#_ < 0) { &error ("$_ option needs an argument\n"); } shift; # discard @@ -363,7 +389,8 @@ &apply_cmdline_configs (); if ($config{'preferences'}) { $preferences = &tilde_expand ($config{'preferences'}); - open (PREF, $preferences); + + if (open (PREF, $preferences)) { while () { if (/^\s*\$config\{\"([^\"]+)\"\}\s*\=\s*\"([^\"]*)\"/ || /^\s*\$config\{\'([^\']+)\'\}\s*\=\s*\'([^\']*)\'/) { @@ -371,20 +398,29 @@ } } close (PREF); + } } &apply_cmdline_configs (); if ($config{'addresses'}) { - open (ADDR, &tilde_expand ($config{'addresses'})); - while () { - if (/^([\w\-\_\+\.\@\!]+)\:\s*(.*)$/) { - $recip = &strip_address ($1); - $alias{$recip} = $2; - } + + # 7-3-98 BAF -- Check file was opened before using it + if (open (ADDR, &tilde_expand ($config{'addresses'}))) { + while () { + if (/^([\w\-\_\+\.\@\!]+)\:\s*(.*)$/) { + $recip = &strip_address ($1); + $alias{$recip} = $2; + } + } + close (ADDR); + } else { + warn "Note: Assuming you don't want to use an address file.\n"; } - close (ADDR); + } if ($config{'logfile'}) { - open (LOG, '>>'.&tilde_expand_mkdir ($config{'logfile'})); + # 7-3-98 BAF -- Check file was opened before using it + open (LOG, '>>'.&tilde_expand_mkdir ($config{'logfile'})) || + die "Error: Can't open logfile for writing: $!"; } foreach (keys %config) { &pdv ("\$config\{\'$_\'\} = \'$config{$_}\'\;\n"); @@ -413,6 +449,7 @@ if (!open (IN, $editfile)) { &error ("cannot open edit file $editfile\n"); } + $in_active = 1; return 1; } elsif ($dashbs) { # do simple SMTP @@ -463,7 +500,9 @@ @in_headers = (); for ($lineno = 0;;$lineno++) { - $line = &get_line_body ($body); + if (! defined($line = &get_line_body ($body))) { + last; + } if ($handle_from && $lineno == 0 && $line =~ /^From /) { return $line; } @@ -495,16 +534,16 @@ my $line; if ($edit || $post) { - $line = ; + $line = if ($in_active); } elsif ($dashbs) { $line = ; - if ($line eq ".\n") { return undef; } + if (!defined $line || $line eq ".\n") { return undef; } $line =~ s/^\.\./\./; } else { $line = ; if (!defined $line || !$dashoi && $line eq ".\n") { return undef; } } - $line =~ s/\r$//; + $line =~ s/\r$// if defined $line; return $line; } @@ -516,6 +555,7 @@ # } if ($edit || $post) { close (IN); + $in_active = 0; } elsif ($dashbs) { print "250 Message accepted for delivery\n"; $more_input = 1; @@ -530,7 +570,8 @@ if ($body eq '-' && $n > 1) { $new_body = &tmp_filename (); - open (TMP, '>'.$new_body); + open (TMP, '>'.$new_body) || + die "Error: Cannot create temporary files: $!"; &open_body ($body); while ($line = &get_line_body ($body)) { print TMP $line; @@ -1045,7 +1086,8 @@ ."\n ".'protocol="application/pgp-encrypted"'."\n"); $body = $new_body; $new_body = &tmp_filename (); - open (NEW, '>'.$new_body); + open (NEW, '>'.$new_body) || + die "Couldn't open file: $!"; print NEW "This message is in PGP/MIME format, according to the" ." Internet Draft\n"; print NEW "draft-elkins-pem-pgp-04.txt. For more information, see:\n"; @@ -1157,7 +1199,8 @@ 'Content-Type: multipart/encrypted; boundary="'.$boundary.'";' ."\n ".'protocol="application/moss-keys"'."\n"); $new_body = &tmp_filename (); - open (NEW, '>'.$new_body); + open (NEW, '>'.$new_body) || + die "Couldn't open file: $!"; print NEW "--$boundary\n"; print NEW "Content-Type: application/moss-keys\n"; print NEW "Content-Transfer-Encoding: quoted-printable\n"; @@ -1209,7 +1252,8 @@ $invoc .= ' > '.$errfile.' 2>&1'; open (MOSS, "|$invoc"); $new_body = &tmp_filename (); - open (NEW, '>'.$new_body); + open (NEW, '>'.$new_body) || + die "Couldn't open file: $!"; $boundary = &random (80); push (@deliver_headers, 'MIME-Version: 1.0'."\n", @@ -1268,11 +1312,11 @@ my ($body, @the_recips) = @_; my ($key_type, $key); my (@keys); - my ($new_body, $err, $line); + my ($err, $line); my (@mime_fields, $prefix, $boundary); my ($sign_type, $sign); my ($invoc, $errfile); - my ($in_body, $sig_body, $new_body); + my ($in_body, $sig_body); my ($user); @keys = (); @@ -1315,7 +1359,8 @@ if ($status) { &error ("RIPEM error\n$err"); } &pdv ($err); $new_body = &tmp_filename (); - open (NEW, '>'.$new_body); + open (NEW, '>'.$new_body) || + die "Couldn't open file: $!"; $boundary = &random (80); push (@deliver_headers, 'MIME-Version: 1.0'."\n", @@ -1354,11 +1399,11 @@ my ($body, @the_recips) = @_; my ($key_type, $key); my (@keys); - my ($new_body, $err, $line); + my ($err, $line); my (@mime_fields, $prefix); my ($sign_type, $sign); my ($invoc, $errfile); - my ($in_body, $new_body); + my ($in_body); my ($user); @keys = (); @@ -1431,7 +1476,8 @@ my ($new_body); $new_body = &tmp_filename (); - open (FORCE, '>'.$new_body); + open (FORCE, '>'.$new_body) || + die "Couldn't open file: $!"; print FORCE &canonicalize_line_enc ($prefix); &open_body ($body); while (defined ($line = &get_line_body ($body))) { @@ -1449,7 +1495,8 @@ if ($body ne '-') { return $body; } $new_body = &tmp_filename (); - open (FORCE, '>'.$new_body); + open (FORCE, '>'.$new_body) || + die "Couldn't open file: $!"; &open_body ($body); while (defined ($line = &get_line_body ($body))) { print FORCE $line; @@ -1487,6 +1534,16 @@ } else { $num_shuf = 3; } + if ($config{"reliability-threshold"}) { + $rel_thres = $config{"reliability-threshold"}; + } else { + $rel_thres = 100; + } + if ($config{"latency-threshold"}) { + $lat_thres = $config{"latency-threshold"}; + } else { + $lat_thres = 0; + } foreach $hop (@chain) { if ($hop =~ /^\d+$/) { for ($i = 0; $i < $hop; $i++) { @@ -1498,8 +1555,14 @@ || &member ('eric', @options))) { next; } - $score = $reliability{$remailer}; - $score -= $latency{$remailer} * 1e-5; + if ($reliability{$remailer}>=$rel_thres ) { + $score = 100; + } else { + $score = $reliability{$remailer}; + } + if ($latency{$remailer}>=$lat_thres) { + $score -= $latency{$remailer} * 1e-5; + } if ($config{'encrypt'} && (&member ('pgp', @options) || &member ('pgp.', @options))) { @@ -1511,7 +1574,8 @@ || &member ('pgponly', @options)) { next; } if ($config{'no-middle'} && &member ('middle', @options)) { next; } - if (&member ('reord', @options)) { $score += 0.1; } + if (&member ('reord', @options) + && $rel_thres==100) { $score += 0.1; } if (&member ('filter', @options)) { $score -= 10; } if (&member ('mon', @options)) { $score -= 10; } if ($#new_chain < 0 && !$erb @@ -1593,7 +1657,8 @@ &getfile_from_web_html (&tilde_expand_mkdir ($config{'pubring'}), $config{'pubring-url'}); } - open (REMAILERS, $remailers_file); + open (REMAILERS, $remailers_file) || + die "Configuration error: Can't open Remailers file: $!"; while () { if (/^\s*\$remailer\{\"([^\"]+)\"\}\s*\=\s*\"([^\"]*)\"/ || /^\s*\$remailer\{\'([^\']+)\'\}\s*\=\s*\'([^\']*)\'/) { @@ -1635,7 +1700,8 @@ my ($file, $url) = @_; if (&open_web ($url)) { - open (PUT, '>'.$file); + open (PUT, '>'.$file) || + die "Couldn't open file: $!"; while () { print PUT; } @@ -1662,7 +1728,8 @@ if (&open_web ($url)) { while () { if (!$yup && !$inpre && /^\s*\\s*$/i) { - open (PUT, '>'.$file); + open (PUT, '>'.$file) || + die "Couldn't open file: $!"; $put_open = 1; $inpre = 1; } elsif ($inpre && /^\s*\<\/pre\>\s*$/i) { @@ -1678,7 +1745,8 @@ } else { push (@window, $_); if ($#window + 1 == 5) { - open (PUT, '>'.$file); + open (PUT, '>'.$file) || + die "Couldn't open file: $!"; $put_open = 1; print PUT @window; $yup = 1; @@ -1687,7 +1755,7 @@ } } if ($put_open) { close (PUT); } - close (GET); + close (WWW); } } @@ -1715,7 +1783,8 @@ if (!-e $type2_list) { &error ("Cannot find type2.list; not at $type2_list\n"); } - open (LIST, "$type2_list"); + open (LIST, "$type2_list") || + die "Couldn't open file: $!"; $num = 0; while () { if (/^(\S+)\s+(\S+)\s/) { @@ -1817,7 +1886,7 @@ } } push (@deliver_headers, "To\: $new_to\n"); - if ($addl =~ /\.(encrypt\-key\:\s*[^\.]+)(\.|$)/i) { + if (defined $addl && $addl =~ /\.(encrypt\-key\:\s*[^\.]+)(\.|$)/i) { $hash = "$1\n".$hash; $body = &cat_tail ($body, "\*\*\n"); } @@ -1867,7 +1936,8 @@ my ($outfile, $line); $outfile = &tmp_filename (); - open (OUT, '>'.$outfile); + open (OUT, '>'.$outfile) || + die "Couldn't open file: $!"; open_body ($body); while (defined ($line = &get_line_body ($body))) { print OUT $line; @@ -2209,12 +2279,13 @@ } else { $tmpfile = &tmp_filename (); } - open (DELIVER, '>'.$tmpfile); + open (DELIVER, '>'.$tmpfile) || + die "Couldn't open file: $!"; } else { # we know it's sendmail $invoc = &bin_sendmail (); if ($#sendmail_args >= 0) { - $invoc .= ' '.join (' ', $sendmail_args); + $invoc .= ' '.join (' ', @sendmail_args); } $invoc .= ' -oi'; foreach $recip (@the_recips) { @@ -2226,11 +2297,13 @@ $invoc .= ' << -eof-'; if (!$deliver_debug) { open (DELIVER, '>>' - .&tilde_expand_mkdir ($config{'storefile'})); + .&tilde_expand_mkdir ($config{'storefile'})) || + die "Couldn't open file: $!"; } &deliver_line ($invoc."\n"); } else { - open (DELIVER, '|'.$invoc); + open (DELIVER, '|'.$invoc) || + die "Couldn't open file: $!"; } } foreach (@deliver_headers) { @@ -2252,16 +2325,19 @@ &close_body ($body); if ($post) { close (DELIVER); - $post = &tilde_expand ($config{'post'}); - if ($post eq '') { - $post = "/usr/lib/mh/post"; + my $ppost = &tilde_expand ($config{'post'}); + # bfulgham 7/1/99 -- another EDM fix, checks for undefined + # value on return + if (!defined($ppost) || $ppost eq '') { + $ppost = "/usr/lib/mh/post"; } - system ($post, @post_args, $tmpfile); + system ($ppost, @post_args, $tmpfile); unlink $tmpfile; } elsif ($edit && !$prezilla) { close (DELIVER); if ($editfile eq '-') { - open (CAT, $tmpfile); + open (CAT, $tmpfile) || + die "Couldn't open file: $!"; while () { print; } close (CAT); &delete_tmpfile ($tmpfile); @@ -2388,9 +2464,13 @@ } else { $addr .= $token; } } - $addr =~ s/^\s+//s; - $addr =~ s/\s+$//s; - if ($addr ne '') { push (@addrs, $addr); } + # bfulgham, 7-1-99: EDM suggestion -- check for + # a defined $addr before manipulating + if (defined($addr)) { + $addr =~ s/^\s+//s; + $addr =~ s/\s+$//s; + if ($addr ne '') { push (@addrs, $addr); } + } return (@addrs); } @@ -2441,6 +2521,7 @@ } $strip =~ s/^\s+//s; $strip =~ s/\s+$//s; + return ($strip, '') if ($config{'no-caret'}); return ($strip, $caret); } @@ -2639,7 +2720,8 @@ "Mime-Version: 1.0\n", "Content-Type: multipart/mixed; boundary=\"_\"\n"); $new_body = &tmp_filename (); - open (NEW, '>'.$new_body); + open (NEW, '>'.$new_body) || + die "Couldn't open file: $!"; print NEW "--_\n"; print NEW "\n"; print NEW $error_msg; @@ -2670,7 +2752,8 @@ print STDERR $error_msg; $dead_letter = &tilde_expand ($config{'dead-letter'}); print STDERR "Saving message in $dead_letter\n"; - open (DEAD, '>>'.$dead_letter); + open (DEAD, '>>'.$dead_letter) || + die "Couldn't open a dead letter file: $!"; print DEAD (("From $ENV{'USER'} ".localtime)."\n"); foreach $line (@in_headers) { print DEAD $line; @@ -2801,6 +2884,7 @@ # (@new_dict) = &delete_field ($key, @dict) my ($key, @dict) = @_; my (@new_dict); + my ($field_key, $field_val); @new_dict = (); foreach $field (@dict) { @@ -2843,6 +2927,10 @@ # Expand filenames of the form ~/file. Also expand $< sequence (uid). my ($file_name) = @_; + # bfulgham, 7-1-99: Another EDM fix. If file_name is undefined, + # return immediately to avoid error messages. + return $file_name unless defined($file_name); + if ($file_name =~ /^\~[^\/]/) { &error ("premail can't handle ~user/ form in $file_name, use ~/ or\n". "full path name instead\n"); @@ -2917,16 +3005,22 @@ # Return the name for a new temp file (and add to @open_tmpfiles). # Reference count is set to one. my ($suffix) = @_; + my $base; my $fn; $tmpfile_count++; - $fn = &tilde_expand ($config{'tmpdir'}); - $fn =~ s/([^\/])$/$1\//; - $fn .= 'premail.'.$$.'.'.$tmpfile_count; + $base = &tilde_expand ($config{'tmpdir'}); + $base =~ s/([^\/])$/$1\//; + $base .= 'premail.'.$$.'.'; + $fn = $base . $tmpfile_count; $fn .= $suffix if $suffix; -# Dangerous: this next command assumes Unix file deletion semantics. It -# was not present in 0.44 and, I believe, can be safely removed. - unlink ($fn); + while (!sysopen(TMPFH,$fn,&O_RDWR|&O_CREAT|&O_EXCL,0600) && $tmpfile_count < 32000) { + $tmpfile_count++; + $fn = $base . $tmpfile_count; + $fn .= $suffix if $suffix; + } + die "Can't open temp file: $!\n" if ($tmpfile_count >= 32000); + close (TMPFH); push (@open_tmpfiles, $fn); $tmpfile_refcnt{$fn} = 1; return $fn; @@ -2972,8 +3066,8 @@ $data = ''; if (open (ERRFILE, $file)) { - print $_; while () { + # print $_; # Removed 9-7-1999 BFulgham to allow filter use $data .= $_; } close (ERRFILE); @@ -2989,13 +3083,13 @@ my ($file) = @_; my ($c); - open (F, $file); + open (F, $file) || die "Can't open $file: $!"; seek (F, (-s $file) - 1, 0); sysread (F, $c, 1); close (F); # print "Trailing character is really ".unpack ('c', $c)."\n"; if ($c ne "\n") { - open (F, '>>'.$file); + open (F, '>>'.$file) || die "Can't open file: $!"; print F "\n"; close F; } @@ -3015,6 +3109,7 @@ # this interface). # # $err is the string returned. + print "I'm going into pgp now\n"; my ($body, $prefix, $sign, $signuser, $pubring, @keys) = @_; my ($outfile, $errfile); my ($invoc, $status, $line, $pass, $pr, $sr); @@ -3040,7 +3135,9 @@ $pass = ''; } if ($pubring) { $invoc .= ' +pubring='.&shell_quote ($pubring); } - $invoc .= ' +comment= -feat'; + + # TEMP FIX -- Language support. Will be updated for others + $invoc .= ' +language=en +comment= -feat'; if ($sign) { $invoc .= 's -u '.&shell_quote ($signuser); &load_secrets (); @@ -3083,7 +3180,7 @@ my ($outfile, $keys, $line); $outfile = &tmp_filename (); - open (OUT, '>'.$outfile); + open (OUT, '>'.$outfile) || die "Couldn't open file: $!"; if ($sign) { $sign = " (sign $signuser)"; } @@ -3126,7 +3223,9 @@ $signuser = '0x'; $pass = ''; } - $invoc .= ' +comment= -fats +clearsig=on'; + + # TEMP FIX for language -- will be updated + $invoc .= ' +language=en +comment= -fats +clearsig=on'; $invoc .= ' -u '.&shell_quote ($signuser); unless (defined $pass) { if (defined $pgppass{$signuser}) { @@ -3162,6 +3261,7 @@ # for obtaining the password lies below this interface). # # $err is the string returned. + print "I'm using the mime-pgp signing routine.\n"; my ($body, $prefix, $signuser, $sign_type) = @_; my ($outfile, $errfile, $mimefile); my ($invoc, $status, $line, $pass, $boundary); @@ -3182,7 +3282,9 @@ $signuser = '0x'; $pass = ''; } - $invoc .= ' +comment= -fabst'; + + # TEMP FIX for language -- will be updated + $invoc .= ' +language=en +comment= -fabst'; $invoc .= ' -u '.&shell_quote ($signuser); unless (defined $pass) { if (defined $pgppass{$signuser}) { @@ -3197,7 +3299,7 @@ $status = &open_pgp ($invoc, $pass, 'w'); if (!$status) { &error ("Error invoking PGP!\n"); } &open_body ($body); - open (NEW, '>'.$mimefile); + open (NEW, '>'.$mimefile) || die "Couldn't open file: $!"; print NEW "This message is in PGP/MIME format, according to the" ." Internet Draft\n"; print NEW "draft-elkins-pem-pgp-04.txt. For more information, see:\n"; @@ -3238,7 +3340,7 @@ return ($mimefile, $err, $boundary); } -my $PUBRING, $SECRING; +my ($PUBRING, $SECRING); sub pgp_decrypt { # ($out_body, $err) = &pgp_decrypt ($body, $pass) # Try to decrypt $body using passphrase $pass. $out_body is null on error. @@ -3251,7 +3353,9 @@ $outfile = &tmp_filename (); $errfile = &tmp_filename (); $invoc = &tilde_expand ($config{'pgp'}); - $invoc .= ' +batchmode=on'; + + # TEMP FIX for language -- will be updated + $invoc .= ' +language=en +batchmode=on'; $invoc .= " +pubring=$PUBRING" if $PUBRING; $invoc .= " +secring=$SECRING" if $SECRING; # if ($pass =~ /^RING$;/) { @@ -3299,16 +3403,18 @@ $errfile = &tmp_filename (); $invoc = &tilde_expand ($config{'pgp'}); - $invoc .= ' +batchmode=on '; + + # TEMP FIX for language -- will be updated + $invoc .= ' +language=en +batchmode=on '; $invoc .= ' '.$pgp_file; $invoc .= ' '.$signed_file; $invoc .= ' > '.$errfile.' 2>&1'; &pdv ("Invoking PGP as $invoc\n"); $status = &open_pgp ($invoc, '', ''); $err = &read_and_delete ($errfile); - if (!$status) { - &error ("Error in PGP verification!\n$err"); - } +# if (!$status) { +# &error ("Error in PGP verification!\n$err"); +# } &pdv ($err); return ($err); } @@ -3329,6 +3435,7 @@ # special PGP temp subdirectory, on a per-process basis (this assumes # that each process invokes only one PGP at a time, which is safe given # the relentless file-file orientation of this version of premail). + my ($invoc, $pass, $mode) = @_; if ($mode eq 'r') { $invoc = $invoc.'|'; } @@ -3344,6 +3451,8 @@ $ENV{'TMP'} = $pgp_tmpdir; if ($pass) { pipe (READER, WRITER); + # Added to make PGPPASSFD pipe work with perl-5.6 stk-12/27/00 + fcntl(READER, F_SETFD, 0) or die "Can't fcntl: $!\n"; $ENV{'PGPPASSFD'} = fileno(READER); } $status = open (PGP, $invoc); @@ -3390,7 +3499,9 @@ $chars_needed = 2 + sprintf ("%d", $bits / 8); &pdv ($config{'pgp'}." +makerandom=$chars_needed $outf" ." >/dev/null 2>&1\n"); - $status = system $config{'pgp'}." +makerandom=$chars_needed $outf" + + # TEMP FIX for language -- will be updated + $status = system $config{'pgp'}." +language=en +makerandom=$chars_needed $outf" ." >/dev/null 2>&1"; &pdv ($status."\n"); if (!$status) { @@ -3416,7 +3527,7 @@ ."generate randomness!\n"); } $inf = &tmp_filename (); - open (INF, '>'.$inf); + open (INF, '>'.$inf) || die "Couldn't open file: $!"; for ($i = 0; $i < 256; $i++) { print INF (rand ())."\n"; } @@ -3425,7 +3536,7 @@ ($inf, '', '', '', '', $config{'signuser'}); print "$outf\n"; &delete_tmpfile ($inf); - open (OUTF, $outf); + open (OUTF, $outf) || die "Couldn't open output file: $!"; @window = (); while () { if (/^[A-Za-z0-9\+\/]/) { push (@window, $_); } @@ -3449,6 +3560,7 @@ # This routine needs to do a lot more. # # Sets the global variables $secrets_loaded and $premail_secrets + my ($ps_pgp); if (!defined $secrets_loaded) { @@ -3458,7 +3570,8 @@ &do_login (!$interactive); } if (-e $premail_secrets) { - open (SECRETS, $premail_secrets); + open (SECRETS, $premail_secrets) || + die "Couldn't open secrets file: $!"; while () { if (/^\s*\$pgppass\{\'([^\']+)\'\}\s*\=\s*\'([^\']*)\'/) { $pgppass{$1} = $2; @@ -3498,9 +3611,15 @@ &error ("Need to log in to access secrets\n"); } if (!-e $premail_secrets) { - open (TOUCH, '>'.$premail_secrets); + if (!sysopen(TOUCH,$premail_secrets,&O_WRONLY|&O_CREAT|&O_EXCL,0600)) { + &error ("Can't open secrets file for writing\n"); + } &pfi ("Creating secrets file $premail_secrets\n"); close (TOUCH); + } else { + if (!-o $premail_secrets) { + &error ("Secrets file owned by wrong user.\n"); + } } $secret_backup = $premail_secrets.'~'; rename ($premail_secrets, $secret_backup); @@ -3586,10 +3705,18 @@ sub getpass { # $pass = &getpass ($x) # Get the premail passphrase, either from X or from stdin. + my ($x) = @_; my ($pass); if ($x) { + # if ($ENV{'DISPLAY'}) { + # require Gtk; + # $pass = create_entry(); + # } + + # This doesn't seem to work right with Debian's latest + # security fixes. Above is a Gtk interface. if ($ENV{'DISPLAY'}) { pipe (READER, WRITER); system 'xterm -geometry 42x4-5-5 -e perl -e \'' @@ -3615,7 +3742,8 @@ print "\n"; system "stty echo"; } - chop $pass; + # We might not always have a newline -- use chomp! + chomp $pass; return $pass; } @@ -3626,11 +3754,16 @@ $errfile = &tmp_filename (); $invoc = &tilde_expand ($config{'pgp'}); - $invoc .= ' +batchmode=on -f'; + + # TEMP FIX for language -- will be updated + $invoc .= ' +language=en +batchmode=on -f'; $invoc .= ' < '.$ps_pgp; $invoc .= ' > '.$ps; $invoc .= ' 2> '.$errfile; &pdv ("Invoking PGP as $invoc\n"); + if(-e $ps) { + &error ("Premail secrets file already exists\n"); + } $status = &open_pgp ($invoc, $pass, ''); $err = &read_and_delete ($errfile); &pdv ($err); @@ -3910,7 +4043,7 @@ &replace_field ('Content-Type: text/plain; charset=' .$config{'charset'}."\n", @deliver_headers); - } elsif ($charset =~ /^iso-8859-\d$/i && !$non_ascii) { + } elsif (($charset =~ /^iso-8859-\d$/i || $charset =~ /^koi8-r$/i) && !$non_ascii) { # Should we detect other charsets which are supersets of us-ascii? if (!$mv_present) { push (@deliver_headers, 'MIME-Version: 1.0'."\n"); @@ -3923,7 +4056,7 @@ } } # must deal with existing cte, charset, etc. - if ($non_ascii || $ctrl || $other) { + if ((($non_ascii || $ctrl) && (!$cte_present || lc $cte_val ne '8bit')) || $other) { # Do the QP &pdv ("Doing QP encoding!\n"); if (!$mv_present) { @@ -3933,7 +4066,7 @@ &replace_field ('Content-Transfer-Encoding: quoted-printable'."\n", @deliver_headers); $new_body = &tmp_filename (); - open (NEW, '>'.$new_body); + open (NEW, '>'.$new_body) || die "Couldn't open file: $!"; &open_body ($body); while (defined ($line = &get_line_body ($body))) { print NEW &encode_qp ($line, $type); @@ -4000,7 +4133,7 @@ my ($val, $present, $param_val); my ($type_base, @type_params); - open (MNBIN, $infile); + open (MNBIN, $infile) || die "Couldn't open file: $!"; $newfile = ''; @sepstack = (); $blocksize = 1024; @@ -4073,7 +4206,7 @@ } elsif ($newfile eq '') { $newfile = &tmp_filename (); # print STDERR "newfile = $newfile\n"; - open (MNBOUT, '>'.$newfile); + open (MNBOUT, '>'.$newfile) || die "Couldn't open file: $!"; } print MNBOUT (join ('', @header)); } elsif ($eof) { @@ -4210,8 +4343,8 @@ print "\n"; print " premail -ripemkey\n"; print " Generate S/MIME key\n"; - print "\n"; - print "Please see http://www.c2.net/~raph/premail/ for more info.\n"; + #print "\n"; + #print "Please see http://www.c2.net/~raph/premail/ for more info.\n"; exit 0; } @@ -4225,7 +4358,7 @@ close (WWW); if ($pubring ne '') { $pubring_fn = &tilde_expand_mkdir ($config{'pubring'}); - open (PUB, '>'.$pubring_fn); + open (PUB, '>'.$pubring_fn) || die "Couldn't open file: $!"; print PUB $pubring; close (PUB); } @@ -4291,7 +4424,7 @@ print $line; $state = 0; $msg_body = &tmp_filename (); - open (MSG, '>'.$msg_body); + open (MSG, '>'.$msg_body) || die "Couldn't open file: $!"; while (defined ($line = &get_line ())) { if ($line =~ /^From / && $state == 1) { close (MSG); @@ -4300,7 +4433,7 @@ print $line; push (@open_tmpfiles, $msg_body); $tmpfile_refcnt{$msg_body} = 1; - open (MSG, '>'.$msg_body); + open (MSG, '>'.$msg_body) || die "Couldn't open file: $!"; $state = 0; } elsif ($state == 0 && $line eq "\n") { $state = 1; @@ -4336,6 +4469,8 @@ exit 0; } +use vars qw($SAVE_BODY); + sub decode_msg { # &decode_msg ($msg) # This is possibly the ugliest function in all of premail. Most of it is @@ -4350,12 +4485,12 @@ my ($msg_body, $new_msg, $save_select); if ($msg ne '-') { - open (SAVE_BODY, "<&BODY"); &open_body ($msg); + open (SAVE_BODY, "<&BODY") || die "Can't open a save file: $!"; } &get_header ($msg); $msg_body = &tmp_filename (); - open (MSG_BODY, '>'.$msg_body); + open (MSG_BODY, '>'.$msg_body) || die "Can't open a message file: $!"; while (defined ($line = &get_line_body ($msg))) { print MSG_BODY $line; } @@ -4372,7 +4507,7 @@ } @deliver_headers = @new_headers; $new_msg = &tmp_filename (); - open (NEW_MSG, '>'.$new_msg); + open (NEW_MSG, '>'.$new_msg) || die "Couldn't open file: $!"; $save_select = select NEW_MSG; select NEW_MSG; &decode_body ($msg_body, '', 0); @@ -4387,7 +4522,7 @@ &close_body ($new_msg); if ($msg ne '-') { &close_body ($msg); - open (BODY, "<&SAVE_BODY"); + open (BODY, "<&SAVE_BODY") || die "Couldn't open file: $!"; } } @@ -4456,7 +4591,7 @@ $encrypted = 1; } $pgp_body = &tmp_filename (); - open (DEC, '>'.$pgp_body); + open (DEC, '>'.$pgp_body) || die "Couldn't open file: $!"; $body_open = 1; foreach $l (@window) { print DEC $l; @@ -4767,7 +4902,7 @@ || $protocol eq 'application/x-pkcs7-signature' || $protocol eq 'application/pkcs7-signature')){ $body[$part] = &tmp_filename (); - open (NEW, '>'.$body[$part]); + open (NEW, '>'.$body[$part]) || die "Couldn't open file: $!"; $body_open = 1; $state = 1; $canon = ($protocol eq 'application/pgp-signature' @@ -4779,13 +4914,16 @@ || $part == 2) { $body[$part] = &tmp_filename (); if ($cte eq '' || &mossbin('mossdecode', 1) eq '') { - open (NEW, '>'.$body[$part]); + open (NEW, '>'.$body[$part]) || + die "Couldn't open file: $!"; } elsif ($cte eq 'quoted-printable') { open (NEW, '|'.&mossbin ('mossdecode') - .' -qp > '.$body[$part]); + .' -qp > '.$body[$part]) || + die "Couldn't open file: $!"; } elsif ($cte eq 'base64') { open (NEW, '|'.&mossbin ('mossdecode') - .' -b64 > '.$body[$part]); + .' -b64 > '.$body[$part]) || + die "Couldn't open file: $!"; } else { &error ("Unknown Content-Transfer-Encoding: $cte\n"); } @@ -4878,7 +5016,7 @@ $| = 1; $new_body = &tmp_filename (); - open (NEW, '>'.$new_body); + open (NEW, '>'.$new_body) || die "Couldn't open file: $!"; &open_body ($body); $state = 0; while (defined ($line = &get_line_body ($body))) { @@ -5046,7 +5184,9 @@ $movemail = &tilde_expand ($config{'movemail'}); $status = system "$movemail $in $out"; if ($status) { exit $status >> 8; } - open (MOVE_OUT, '>'.$move_work_fn); + if (!sysopen(MOVE_OUT,$move_work_fn,&O_WRONLY|&O_CREAT|&O_EXCL,0600)) { + &error ("Can't open $move_work_fn for writing\n"); + } select MOVE_OUT; &decode ($out); } @@ -5129,7 +5269,7 @@ &load_secrets (); foreach (keys %pgpring) { my ($tpr, $tsr) = &makerings ($pgpring{$_}); - system ("$PGP +batchmode +verbose=0 -kx 0x $pr $tpr > /dev/null"); + system ("$PGP +language=en +batchmode +verbose=0 -kx 0x $pr $tpr > /dev/null"); #filecat ($tpr, $pr); filecat ($tsr, $sr); &delete_tmpfile ($tpr); @@ -5157,12 +5297,14 @@ # &pdv ('&makerings ("'.join ('", "', @_)."\")\n"); foreach ([$pr, $pk], [$sr, $sk]) { open TMP, ">$$_[0]"; - print TMP $$_[1]; + print TMP $$_[1] if defined $$_[1]; close TMP; } my $PGP = &tilde_expand ($config{'pgp'}); foreach $id (@pubkeys) { - my $invoc = "$PGP +batchmode +force +verbose=0 -kx " + + # TEMP FIX for lanuage -- will be updated + my $invoc = "$PGP +language=en +batchmode +force +verbose=0 -kx " . "$id $pr $pubring 2>&1"; &pdv ("$invoc > /dev/null\n"); system "$invoc > /dev/null"; @@ -5189,7 +5331,9 @@ $outfile = &tmp_filename (); $errfile = &tmp_filename (); $invoc = &tilde_expand ($config{'pgp'}); - $invoc .= ' +batchmode +force +verbose=0 '; + + # TEMP FIX for language -- will be updated + $invoc .= ' +language=en +batchmode +force +verbose=0 '; $invoc .= " +pubring=$pr +secring=$sr "; $invoc .= $cmd; $invoc .= ' < ' . $infile if $infile; @@ -5248,7 +5392,8 @@ EOF ; - if (system ("$PGP -kg +pubring=$pr +secring=$sr +verbose=0")) { + # TEMP FIX for language -- will be updated + if (system ("$PGP +language=en -kg +pubring=$pr +secring=$sr +verbose=0")) { print STDERR "\nKey generation failed.\n"; &killbaks ($pr, $sr); &delete_open_tmpfiles (); @@ -5272,7 +5417,9 @@ foreach $a ("$kid $pr", "$remid $pr " . &tilde_expand ($config{'pubring'}), "$kid $sr $defsr") { - my $invoc = "$PGP +batchmode +force +verbose=0 -kx $a 2>&1"; + + # TEMP FIX for language -- will be updated + my $invoc = "$PGP +language=en +batchmode +force +verbose=0 -kx $a 2>&1"; # print STDERR "+ $invoc\n"; my $result = `$invoc`; unless ($result =~ /^Key extracted/m) { @@ -5300,7 +5447,8 @@ EOF ; - my $invoc = "$PGP +secring=$sr -ke $kid $pr"; + # TEMP FIX for language -- will be updated + my $invoc = "$PGP +language=en +secring=$sr -ke $kid $pr"; # print STDERR "+ $invoc\n"; if (system ($invoc)) { print STDERR "Edit failed.\n"; @@ -5495,6 +5643,7 @@ } } } + $signsend = 'n' unless $signsend; if ($#args >= 1) { $to = $args[1]; } elsif ($#args < 0) { @@ -5542,7 +5691,7 @@ if ($to eq 'delete') { $prefix .= 'New-Password:'."\n\n"; $replyblock_fn = &tmp_filename (); - open (TMP, '>'.$replyblock_fn); + open (TMP, '>'.$replyblock_fn) || die "Couldn't open file: $!"; close (TMP); } else { $prefix .= 'Reply-Block:'."\n"; @@ -5609,7 +5758,6 @@ $fullname = &query ('Full name of pseudonym (not just ' . 'E-mail address)', $fullname); $fullname =~ s/[\'\^\n]//g; # kludge for secrets file - $signsend = 'n' unless $signsend; $signsend = &query ('Sign mail with (R)emailer key, ' . '(P)seudonym key or (N)o key?', $signsend); @@ -5629,7 +5777,7 @@ $prefix .= join ('', @rbs); } $replyblock_fn = &tmp_filename (); - open (TMP, '>'.$replyblock_fn); + open (TMP, '>'.$replyblock_fn) || die "Couldn't open file: $!"; close (TMP); } # print $prefix; @@ -5731,7 +5879,7 @@ my ($replyblock_fn); $replyblock_fn = &tmp_filename (); - open (REPLY, '>'.$replyblock_fn); + open (REPLY, '>'.$replyblock_fn) || die "Couldn't open file: $!"; print REPLY "To: $to\n"; print REPLY "Chain: $chain \n" if $chain; print REPLY "\n"; @@ -5771,6 +5919,7 @@ if (!open (IN, $body)) { &error ("Internal error opening replyblock\n"); } + $in_active = 1; @in_headers = ("To: $to\n"); push (@in_headers, "Chain: $chain\n") if $chain; $header_sep = "\n"; @@ -5784,6 +5933,7 @@ } &send_group ($groups[0]); close (IN); + $in_active = 0; } sub find_nym { @@ -5814,7 +5964,7 @@ if ($all || $test eq 'ek') { $replyblock_fn = &make_reply_block ($target, $remailer.'.Encrypt-Key: test'); - open (RB, ">>$replyblock_fn"); + open (RB, ">>$replyblock_fn") || die "Couldn't open file: $!"; print RB "Test of ek functionality of $remailer." ." This line must be encrypted.\n"; # print RB "**\n"; @@ -5897,8 +6047,8 @@ my ($file1, $file2) = @_; my ($l2); - open (F1, $file1); - open (F2, $file2); + open (F1, $file1) || die "Couldn't open F1: $!"; + open (F2, $file2) || die "Couldn't open F2: $!"; while () { $l2 = ; if ($_ ne $l2) { close (F1); close (F2); return 1; } @@ -5997,7 +6147,7 @@ # The main loop $quit = 0; - $inoef = 0; + $ineof = 0; while (!$quit) { $rin = $win = $ein = ''; vec ($rin, fileno(STDIN), 1) = 1 unless $ineof; @@ -6315,9 +6465,9 @@ # Open a Web connection for the file as file handle WWW. my ($url) = @_; my ($host, $port, $suf); - my ($fqdn, $aliases, $type, $len, $thataddr); + my ($fqdn, $aliases, $type, $len); my ($name, $proto); - my ($that, $thataddr); + my ($that); my ($savesel, $gotsep); # my ($thishost, $this, $thisaddr); @@ -6330,7 +6480,7 @@ $host = $1; $port = $2; $suf = $3; - if ($port =~ /^\:(\d+)$/) { $port = $1; } + if (defined $port && $port =~ /^\:(\d+)$/) { $port = $1; } else { $port = 80; } ($fqdn, $aliases, $type, $len, $thataddr) = gethostbyname ($host); return &pdv ("Host not found: $host\n") if ($thataddr eq ''); @@ -6345,7 +6495,7 @@ unpack ('C4', $thataddr), $port)); eval { $SIG{'ALRM'} = sub { die "Timeout error on $url\n" }; - alarm (5); + alarm (10); # bind(WWW, $this) || &die_disarm ("bind: $!\n"); # &pdv ("bound the socket...\n"); connect(WWW, $that) || &die_disarm ("connect: $!\n"); @@ -6356,7 +6506,7 @@ ."User-Agent: premail/$version (perl; unix)\n" ."\n"; $response = ; - if ($response !~ /^HTTP\/1\.0 200/) { + if ($response !~ /^HTTP\/1\.\d 200/) { &die_disarm ("Remote server error: $response"); } $gotsep = 0; @@ -6368,6 +6518,21 @@ }; if ($@) { return &pdv ($@); } return &pdv ("No response from server\n") unless $gotsep; + } elsif ($url =~ /^finger:(.*)$/) { + my $target = @RELAYS ? $1 . '@' . $RELAYS[time % @RELAYS] : $1; + &error("'$target' contains no hostname\n") unless ($target =~ /(.*)@([^@]+)/); + my ($user, $host, $port, $ipaddr, $sin) = ($1, $2); + return &pdv ("Unknown host: $host\n") unless ($ipaddr = inet_aton($host)); + &error ("Internal error: unknown service finger\n") + unless $port = getservbyname('finger', 'tcp');; + socket (WWW, PF_INET, SOCK_STREAM, getprotobyname ('tcp')) || + return &pdv ("socket: $!\n"); + $sin = sockaddr_in ($port, $ipaddr); + connect (WWW, $sin) || return &pdv("S! while connecting to $host\n"); + &pdv ("connected to the socket...\n"); + select ((select(WWW), $|=1)[0]); + + print WWW "$user\r\n"; } else { &error ("Misformed URL: $url\n"); } @@ -6380,3 +6545,79 @@ $SIG{'ALRM'} = "IGNORE"; die @_; } + +# Commented out so that we don't depend on GTK, Steve Kostecke 02/27/2000 +# sub create_entry { +# # For some reason, the xterm hack for the passphrase doesn't work +# # on the latest Debian release (2.0Beta). So, I have modified some +# # code from the libgtk-perl package (test.pl program) to pop up a +# # Gtk box to ask for the passphrase. +# # 7/4/98 -- Brent Fulgham +# +# my($box1, $box2, $entry, $button, $separator, $pass_phrase, $label); +# +# init Gtk; +# +# if (not defined $entry_window) { +# $entry_window = new Gtk::Window -toplevel; +# $entry_window->signal_connect("destroy",\&destroy_window,\$entry_window); +# $entry_window->signal_connect("delete_event",\&destroy_window,\$entry_window); +# $entry_window->set_title("Passphrase Entry"); +# $entry_window->border_width(0); +# $box1 = new Gtk::VBox(0,0); +# $entry_window->add($box1); +# show $box1; +# +# $box2 = new Gtk::VBox(0,10); +# $box2->border_width(10); +# $box1->pack_start($box2, 1, 1, 0); +# show $box2; +# +# $entry = new Gtk::Entry; +# $entry->set_usize(0,25); +# $entry->set_visibility(0); +# $entry->select_region(0, length($entry->get_text)); +# $box2->pack_start($entry, 1, 1, 0); +# show $entry; +# +# $separator = new Gtk::HSeparator; +# $box1->pack_start($separator, 0, 1, 0); +# show $separator; +# +# $box2 = new Gtk::VBox(0,10); +# $box2->border_width(10); +# $box1->pack_start($box2,0,1,0); +# show $box2; +# +# $button = new Gtk::Button "Finished"; +# $button->signal_connect("clicked", sub { +# $pass_phrase = $entry->get_text; +# +# destroy_window ($entry_window); +# }); +# $box2->pack_start($button, 1, 1, 0); +# $button->can_default(1); +# $button->grab_default; +# show $button; +# +# $label = new Gtk::Label "Note: No output will appear"; +# $box2->pack_start($label, 1, 1, 0); +# show $label; +# +# } +# if (!visible $entry_window) { +# show $entry_window; +# } +# else { destroy $entry_window }; +# +# main Gtk; +# +# return $pass_phrase; +# } +# +# sub destroy_window { +# my($widget, $windowref, $w2) =@_; +# $$windowref = undef; +# $w2 = undef if defined $w2; +# Gtk->main_quit; +# } --- premail-0.46.orig/premail.1 +++ premail-0.46/premail.1 @@ -0,0 +1,1209 @@ +'\"macro stdmacro +.TH \f4premail\fP 1 "22 Aug 1997" "Premail Manual" "Premail Manual" +.ds OK [\| +.ds CK \|] +.SH NAME +premail \- An E\-Mail Privacy Package. Easy E\-Mail Encryption, Decryption, Signing and Anonymization. +.SH SYNOPSIS +.SS Command Line Invocations +.B \f4premail\fP +[ +.B -sendmail_options +] +.br +.B \f4premail\fP +.B -decode +[ +.B -body +] [ +.IR file +] +.br +.B \f4premail\fP +.B -makenym +[ +.IR nym@server .\|.\|.\| +] +.br +.B \f4premail\fP +.B -login +.br +.B \f4premail\fP +.B -logout +.br +.B \f4premail\fP +.B -setpass +.br +.B \f4premail\fP +.B -ripemkey +.br +.B \f4premail\fP +.B -importnym +[ +.IR nym@server .\|.\|.\| +] +.br +.B \f4premail\fP +.B -exportnym +[ +.IR nym@server +[ +.IR you@your.address +] ] +.SS Command Reference + +These are the things you put between the '((','))' on the To: line. +Note that all of these, at least in theory, can also be used as their own +header (first letter capitalized, of course). + +.TP +\f4encrypt-pgp\fP +Encrypts the message for the person(s) on the To: line. Synonymous with +\f4key\fP. \f4encrypt-pgp\fP = +.I name +encrypts for recipient +.I name. +.TP +\f4chain\fP +Chains through a number of remailers (default 3, if you want a different +number use \f4chain\fP = +.IR num +). If individual remailers are specified, they are placed +after the '=' rather than +.I num +and separated by ';'. A special case of this is +.I nym_server += +.I name +which chains through your +.I name@nym_server +pseudonym. Mixmaster remailers are specified by having one or more separated +by ';' enclosed in an extra set of parentheses. Mimaster remailers cannot be +chained automagically yet. +.TP +\f4sign\fP +Signs your message, either with your default signature id (See "Preferences" +below) or with the user id given after an '='. +.TP +\f4Anon- Headers\fP +Not really a command, but any header in your message named Anon- +.I Foo +will come out of the last of a chain of remailers as +.I Foo +instead (i.e. the information will be preserved and the Anon- stripped). + + +.SH DESCRIPTION +.LP +The main function of \f4premail\fP is adding support for encrypted e-mail +to your mailer, using plain PGP, PGP/MIME, MOSS, or +S/MIME. + +In addition, \f4premail\fP provides a seamless, transparent interface to +the anonymous remailers, including full support for Mixmaster +remailers and the nymservers. Nymservers provide cryptographically +protected, fully anonymous accounts for both sending and receiving +e-mail. These are known as pseudonyms or persistent anonymous accounts. + +While \f4premail\fP can be used as a stand-alone application, it works +best when integrated with your mailer. Currently, \f4premail\fP is +integrated completely seamlessly and transparently only with +Netscape 3.0's built-in mailer. It works fairly well with Pine +3.94 or later, as well (plain PGP is supported, but decryption of +MIME-based e-mail encryption protocols is still missing). +Transparent integration of outgoing mail only is supported for any +mailer in which the mail sending program can be configured, +including Berkeley mail, most emacs mailers, MUSH, and MH. For these +mailers, you can decode messages with a single command. + +To integrate with your mailer, \f4premail\fP places itself between the +mailer and the actual mail transport. For outgoing mail, premail +masquerades as sendmail. You configure your mailer to call premail +instead of sendmail. Then, \f4premail\fP performs the encryption or +signing, and invokes sendmail to actually send the message. + +For mailers that call a command to receive incoming mail (including +Netscape 3.0), the situation is similar. Netscape, for example, can +be configured to call movemail to get incoming mail. To integrate +premail, you'd configure Netscape to call \f4premail\fP instead, which +would in turn call movemail to actually get the mail, then would +decode it. + +.SS Requirements + +You need the following software in order to effectively use +\f4premail\fP: + +.RS 2 + * Unix. Unfortunately, \f4premail\fP does not work on Mac or Windows. + * Perl 5.000 or later. + * PGP (version 2.6.2 recommended). + * RIPEM 3.0b3 or later (optional, for S/MIME support) + * TIS/MOSS 7.1 (optional, for MOSS support) + * Mixmaster (optional, for higher security anonymous mail) + * Lynx (only if you're behind a firewall) +.RE + +.SH USAGE + +.SS Command Line Invocation + +Hopefully, you have integrated premail into your mail client, and +you won't have to invoke it from the command line. However, there +may still be times when it is convenient to use premail from the +command line. + +The most basic use of premail is as a replacement for sendmail. For +example, you can send mail directly from the command line, as +follows (here, the > represents the Unix prompt): + + > premail -t + To: raph@cs.berkeley.edu ((sign)) + Subject: premail bug report + + Here's a bug in premail: ... + . + > + +The -t option specifies that the recipients are extracted from the +header fields (To:, Cc:, Bcc:, and the Resent- variants of each). +As in sendmail, you can specify the recipients on the command line +instead of using the -t option. + +In addition, you can set configuration options from the command +line, using the +option=value syntax. This is especially useful +with the debug option. For example, to show you what happens +when formatting mail for remailers, but not actually send the +message: + + + > premail +debug=ry -t + To: raph@cs.berkeley.edu ((chain=1)) + Subject: test of remailer + + test + . + Chose chain exon + /usr/lib/sendmail -oi remailer\@remailer\.nl\.com + +There is one configuration option that can only be set from the +command line in this fashion, which is the location of the preferences +file itself. The configuration option is preferences, and the +default value is ~/.premail/preferences. You could, of course, +alias premail to have this option always set. + + +.SS Encryption + +Once you've got premail set up, actually using encryption is easy. +You simply add commands in double parentheses to the e-mail +addresses. The encrypt-pgp command (which can be abbreviated to +key) adds encryption to the outgoing mail, and the sign command +signs it. + +For example, to send me encrypted mail, you'd send it to +raph@cs.berkeley.edu ((encrypt-pgp)). You need to have a key with +this user id on your PGP public keyring, otherwise you'll get an +error message. If the user id on the key doesn't match the e-mail +address, you can specify it directly. For example, to send mail +directly to my workstation, but using the same public key as above, +use raph@kiwi.cs.berkeley.edu ((key=raph@cs.berkeley.edu)). + +Signing works much the same way. I can sign mail by adding +((sign=raph@cs.berkeley.edu)) to the outgoing address. Actually, +because I set the signuser configuration option in my preferences +file, all I have to add is ((sign)). + +Doing both encryption and signing is just as easy. For example, to +send me signed, encrypted mail, use this line: + + To: raph@cs.berkeley.edu ((encrypt-pgp, sign)) + +Each recipient is treated separately - the double-paren commands +after an e-mail address apply to that recipient only. However, you +can add a Sign: header field to indicate that your message is +signed for all recipients. Example: + + To: vp@company, secretary@company, employees@company, + friend@outside ((encrypt-pgp)) + Subject: Important announcement + Sign: + + ... + +In this example, all recipients will get a signed message, and the +message to friend@outside will be encrypted as well. + +.SS Decoding + +The basic way to decode encrypted messages is to use premail +-decode as a command line. You can either give a filename as an +argument, or premail will accept the encrypted message on its +standard input. In either case, the decoded message will be printed +on the standard output. + +The message can be a standard e-mail message (RFC 822 format), or +it can be an entire mailbox. In the latter case, premail will +decode each of the messages individually. If you don't have premail +directly integrated into your mailer, then here's a handy way to +view your mail: + + premail -decode $MAIL | more + +If the message is actually encrypted, then premail will need to +access the secrets file. If you are logged out of premail, then +premail will try to open an xterm window for you to type the +passphrase for the secrets file. If that doesn't succeed, premail +will print an error message. At that point, you might choose to log +in (i.e. premail -login) and then try the decoding again. + +If, as in many mailers, you have easy access to the body of the +message but not the header, then you can use premail -decode -body +on the body. This works well for plain PGP encrypted messages, but +unfortunately does not work for MIME-based message formats, because +important information is contained in the header. + +The results of the decoding (including signature verification) are +given in an X-Premail-Auth: header field. This header field is +protected against forgery; if the original message contains it, it +is changed to X-Attempted-Auth-Forgery. + +.SS Anonymity + +The original reason for writing premail was to provide good support +for anonymous remailers. If you're not interested in sending +anonymous mail, you can skip this section. + +Sending anonymous mail is very similar to sending encrypted mail. +Simply add the ((chain)) command to the recipient's e-mail address. +Alternatively, you can add a Chain: header field, and the mail will +be send anonymously to all recipients. + +Even though the chain command is simple, a lot is going on under +the surface. The default chain is 3, which asks that three "good" +remailers be chosen randomly. To make sure that it makes its choice +based on fresh, up-to-date information, premail downloads the +remailer list and a set of PGP public keys for the remailers from +the Web (the actual URLs are configuration options). After choosing +the remailers, the message is multiply encrypted with the PGP +public keys, and finally sent to the first remailer in the chain. + +The automatic chain selection process is very good. My tests +indicate that reliability is consistently above 99%. Further, the +chain selection process avoids some potential problems. For +example, some remailers are known not to work well in chains, +probably because of incorrectly configured "block lists." Also, +some remailers are "linked," in the sense of being hosted on the +same machine, or being administered by the same person. Choosing a +sequence of linked remailers wouldn't offer much security, so +premail doesn't. + +You can also choose the chain length. A shorter chain will be +faster and more reliable, but less secure, and conversely for +longer chains. For example, ((chain=5)) selects a chain of five +remailers. + +If this isn't enough control, you can specify the exact chain of +remailers by hand. For example, ((chain=replay;jam;exon)) bounces +the message around a few times outside the US. + +Mixmaster chains are specified inside an additional set of +parentheses. At the moment, there is no way to automatically select +a chain of Mixmaster remailers, so you have to do it by hand. For +example: ((chain=(replay;ecafe-mix;lcs))). You can even mix +Mixmaster and type-1 remailers; for example, +((chain=(anon);1;(replay))) will sandwich one well-chosen remailer +between the two Mixmaster remailers. + +Extra header fields can be placed in the outgoing message by +prefixing the header with "Anon-". A particularly common usage is +an Anon-Reply-To: field, which specifies a reply-to address in the +mail delivered to the recipient. The Reply-To: header field is used +often enough that premail includes a default-reply-to configuration +option, which automatically adds it to all anonymous messages. + +The following header fields are passed through to the anonymized +message, even without the Anon- prefix: + + Mime-Version: + Content-Type: + Content-Transfer-Encoding: + Newsgroups: + X-Anon-To: + In-Reply-To: + References: + +.SS Using Nyms + +This section describes how to create and use _nyms_, which are +accounts for sending and receiving anonymous mail. There are two +types of nymservers: alpha (named after the now defunct +alpha.c2.org), and newnym. For the most part, the operation of the +two is similar. + +To create a new nym, type + + premail -makenym + +and follow the prompts. This command is also good for updating an +existing nym, which is important if one of the nym's remailers goes +down. + +You can also create or update a nym from the command line, as +follows: + + premail -makenym you@alias.cyberpass.net your@real.address chain fakechains + +Note that chain is the number of remailers to use. + +When premail creates a nym, it chooses random passphrases (one for +each remailer in the chain). The passphrases and other details of +the nym are stored in the premail secrets file. Thus, the nym is +fairly secure (much more so than, say, anon.penet.fi). + +The decode mechanism handles responses to nyms, again looking up +the passphrases in the premail secrets file. + +You can also send mail from your nym, in one of two ways. Assume +for the sake of example that your nym is you@alias.cyberpass.net. +Then, you would use a chain of 2;cyber=you. Alternatively, you can +use a chain of 2;cyber and include this header field: + + Anon-From: you@alias.cyberpass.net (You Know Who) + +If you want the nymserver to send you a confirmation every time you +send mail from your nym, add a $config{'ack'} = 'yes'; line to your +preferences file. + +To delete a nym: + + premail -makenym you@alias.cyberpass delete + +Please delete nyms if you are not actually using them; this helps +free up disk space and prevents the nymservers from being +overloaded. + +As of version 0.45, premail now supports the newnym type of +nymserver. This nymserver is more richly featured than the alpha +type. You do have to answer a few more prompts when creating nyms +for the newnym type, including creating a new PGP key. It's worth +it, though. The newnym servers seem to be working a lot better than +the alpha ones ever did. For more information on newnym, see the +nym.alias.net homepage. If you want to exchange nyms between +premail and other programs (or a manual setup), then take a look at +the -importnym and -exportnym commands, which are explained in the +documentation for the patch that upgraded premail 0.44 to have +newnym capability. + +From the patch documentation: + +.RS 3 +There are two new premail commands for dealing with "newnym"-style +nyms (such as those on nym.alias.net), "-importnym" and "-exportnym". + +If you have an existing nym on nym.alias.net and you want to switch +over to premail for managing that nym, run the command "premail +-importnym". This will behave like "premail -makenym" except that it +will use a PGP key already on your PGP keyring rather than creating a +new PGP-key for the nym. Be aware, however, that premail will change +your remailer chain and shared-key encryption passwords, so you will +have to decrypt all subsequent mail you receive with premail. (The +PGP key won't change, so if you don't like premail, you can always +change back by manually mailing in a new reply-block.) + +Finally, if you created a nym with premail but would like to switch to +something else, you can export your nym's PGP key by running "premail +-exportnym". This will put your nym's public and private keys in the +/tmp directory. The private key is not protected by a password, so +you will probably want to edit it with "pgp -ke" before adding it to +your private keyring. +.RE + +.SS Posting To Usenet + +Even though some remailers can post directly to Usenet, premail +does not support that. Thus, if you want to post to Usenet, you +should use a mail-to-news gateway. + +To find a working mail-to-news gateway, check Don Kitchen's +list. There are two basic kinds: sites that scan the header +fields, and sites that include the newsgroup in the address. + +Using the address-parsing kind, to post to alt.anonymous, you'd +just send mail to alt.anonymous@myriad.alias.net (assuming, of +course, that myriad.alias.net is still functioning). + +Using the header-scanning kind, send mail to +mail2news@myriad.alias.net, and include this header field: + + Newsgroups: alt.anonymous + +The header scanning kind has one advantage: you can cross-post to +multiple newsgroups using one mail message. If you post to multiple +newsgroups, make sure you don't put a space between the newsgroups, +only a comma. Otherwise, the articles will bounce. + +One frequently asked question is: how can I follow up on a thread +while posting anonymously? This is easy. Find the Message-Id: +header field in the post you're responding to, and change it into a +References: field in your outgoing mail. + +Here's an example that ties it all together. Let's say you wanted +to reply to this post: + +.RS 2 + From: Edward Brian Kaufman + Newsgroups: alt.privacy.anon-server,alt.anonymous + Subject: A few questions about anon posts + Message-ID: + + Hi, + + I'd like to know what the best/easiest way to do anon posts is and + how to do them. Thank you, + + Ed +.RE + +To post the reply anonymously, send this mail: + +.RS 2 + To: mail2news@myriad.alias.net ((chain)) + Cc: Edward Brian Kaufman ((chain)) + Newsgroups: alt.privacy.anon-server, alt.anonymous + Subject: Re: A few questions about anon posts + References: + + If you have a Unix machine, using premail is the best way. To find + out how, read the manual. +.RE + +.SS S/MIME + +Version 0.45 of premail contains limited support for S/MIME +messages. Basic message formatting works, but there are problems +with creating usable certificates, and there is still no support +for an encryption algorithm interoperable with RC2. However, a few +hearty souls may wish to experiment with the S/MIME functionality +that is present. This section explains how to do it. + +First, you must install RIPEM 3.0b2 (or later). This is available +from the ripem export-controlled FTP site. You'll need to get +an account on the server in order to download any of the +export-controlled code - the GETTING_ACCESS file on the site +explains how. + +Once you have RIPEM installed (and the ripem configuration option +pointing to the executable), create a public key with this command: + + premail -ripemkey + +You will then be prompted for your e-mail address. Alternatively, +you can give your e-mail address as a command line argument to +premail -ripemkey. + +After your key is created, you can send signed messages by adding +the ((ssign)) command. If you send a signed message to another +premail user, they will have your public key, and can send you +mail, by using ((encrypt=your@user.id)). + +The default encryption is Triple-DES. If the recipient can't handle +it, then ((encrypt-des)) will fall back to plain DES, which most +users will be able to decrypt - probably including "export" +versions of S/MIME. Of course, the disadvantage of using plain DES +is that any competent spy organization will also be able to decrypt +the messages ;-). + +Unfortunately, RIPEM 3.0b2 has some significant differences from +other S/MIME implementations in the way it handles public key +certificates. These prevent you from getting a VeriSign certificate +you can use. It is, however, possible to accept VeriSign class 1 +beta certificates by running the following (prompts and messages +are in normal font, what you type is in boldface; you can find out +the password by looking in the secrets file): + + > _rcerts -u your@user.id_ + Enter password to private key: + E - Enable standard issuers... + \f2...other choices...\fP + Enter choice: + \f2e\fP + ...V - VeriSign something or other... + \f2v\fP + Enter the number of months the certificate will be valid, or blank to + cancel: + \f212\fP + Enter choice: + \f2q\fP + +.SH SETUP + +.SS Installation + +First, you need to get premail. The source code is available from +an export-control Web server. You may also be able to find a +copy on the Hacktic FTP site in the Netherlands. In either +case, you want to get the file premail-0.45.tar.gz. + +After you've gotten the file, unpack it. This command should do it: + + gzip -dc premail-0.45.tar.gz | tar xvf - + +The unpacking process will create a subdirectory called +premail-0.45, containing the following files: + +.TP +README +A short description of the contents +.TP +premail +The premail program itself +.TP +preferences +A skeletal preferences file +.TP +doc.txt +This document in ASCII format. +.TP +doc.html +This document in html format. + +.LP +Test to see if you can run premail. These commands should print a +usage summary: + + cd premail-0.45 + ./premail + +If you get an error message reading "command not found," then you +will have to edit the first line of premail to refer to the actual +pathname of the perl5 interpreter. One good way to find out the +pathname is to do "which perl5" or "which perl". + +On the other hand, if you get a string of syntax errors, then the +problem is probably that you are running perl4, while premail needs perl5. +Try to see if you can find perl5 on your machine. Otherwise, you +may need to install perl5 yourself. + +If you will be using premail from the command line frequently, then +you may want to copy (or symlink) the premail program into a +location in your $PATH. For example, if you have permission to add +files into /usr/local/bin, then you may consider running this +command: + + cp -p premail /usr/local/bin + +An easier way may simply be to make a directory $HOME/bin, put premail +in there, and add that to your $PATH. You could, of course, also try +bugging the sysadmin at your site to install it for you into a pulically +available location (like /usr/local/bin as above). + +At this point, you are ready to test whether premail actually +works. We are assuming that you already have PGP installed and have +generated your own public key. Type this command, substituting in +your own e-mail address: + +.RS 2 + ./premail -t + To: your@own.email.addr ((encrypt-pgp)) + Subject: Test + + Does this really work? + . +.RE + +If all goes well, you should be back at the command line within a +couple of seconds. If it seems to hang without any disk or net +activity, try typing randomly for a minute, under the assumption +that PGP needs random keystrokes. This shouldn't happen if PGP is +already set up correctly (including having generated your own +public key), but on the chance that it isn't, hanging while waiting +for random keystrokes is one of the more common failure modes. + +This is also the point at which you may get a PGP error. Two common +problems are that premail can't find the PGP program, in which case +you will want to add a line to your preferences file (see +"Preferences" below), or that it can't find the public key corresponding to +your e-mail address. + +If the test was successful then you should now have a PGP-encrypted message in +your mailbox. + +.SS The Secrets File + +To create signatures, decrypt messages, or use nyms, you need to +set up a "premail secrets" file. If you will only be using premail +to encrypt outgoing mail, you can skip this section. + +The default filename is /tmp/.premail-secrets.$< , where $< is +equal to your numeric user id. To change the filename, use a +preferences line such as this one: + + $config{'premail-secrets'} = '/mnt/cryptdisk/premail-secrets'; + +If you don't know your numeric user id, you can find it by running +"echo $uid" (from csh or tcsh), "echo $UID" (from sh or bash), or: + + perl -e 'print "$<\n"' + +The premail secrets file has this format: + +.RS 2 + $pgppass{'user'} = 'PGP passphrase for user'; + $pgppass{'alternate'} = 'PGP passphrase for alternate'; +.RE + +However, make sure your premail secrets file has restrictive +permissions, so other people on your system can't read your +passphrases! This command is well recommended (substituting your +actual user id, of course): + + chmod 600 /tmp/.premail-secrets.7437 + +.SS Logging In and Out of Premail + +Generally, premail stores its secrets file in the /tmp directory. +In some cases, this is good enough security. In other cases, it +might be better to store the file encrypted most of the time, and +only decrypt it when necessary. To use this capability of premail, +first set a passphrase with: + + premail -setpass + +You will be prompted for a passphrase. You can use the same +passphrase as for your PGP key, or a different one, depending on +how many passphrases you want to remember. This command leaves you +logged in with the new passphrase set. + +To log out: + + premail -logout + +You might consider adding this command to your .logout file, so +that it occurs automatically every time you log out of your +account. + +To log in again: + + premail -login + +If you are running on a system with X, then premail will +automatically pop up a window to log in whenever the secrets are +needed. If you are not running X, and the secrets are needed, you +will get an error. In this case, you can log in manually and try +the command again. + +.SS Preferences + +While premail's default configuration is designed to be sufficient +for the the most common cases, you may want to change some of the +configuration options. This is done by adding lines to the +preferences file. + +The default location for the preferences file is +~/.premail/preferences, where ~ represents your home directory. The +premail distribution comes with a skeleton preferences file, but it +does not automatically copy it into the ~/.premail directory. You +might choose to do that yourself, or you might create one from +scratch. + +The format of the preferences file is a sequence of lines such as +the following: + + $config{'option'} = 'value'; + +All other lines (including those beginning with #) are considered +to be comments and are ignored. Here's a typical preferences file +(actually, the one on my home machine): + +.RS 3 +$config{'logfile'} = '/home/raph/premail/log'; +$config{'debug'} = 'chvl'; +$config{'movemail'} = '/home/raph/bin/movehome'; +$config{'ripem'} = '/home/raph/install/ripem/main/ripem'; +$config{'pgp'} = '/usr/local/bin/pgp'; +.RE + +As you can see, a major use for the preferences file is to specify +full pathnames for the helper programs. In addition, I've set it up +to produce a full log, which I find useful, because I'm constantly +tracking down bugs :-) + +Here's a table of all the configuration options, their defaults, +and a very brief description. More complete descriptions are found +in the preferences file included in the premail distribution. + +.TP +Option, Default +Explanation +.TP +pgp, pgp +The location of the PGP executable. +.TP +sendmail, /usr/lib/sendmail +The location of the sendmail executable. +.TP +mixmaster, mixmaster +The location of the Mixmaster executable (useful for more +secure anonymous mail). +.TP +movemail, movemail +The location of the movemail executable (useful for +integrating Netscape 3.0). +.TP +ripem, ripem +The location of the ripem executable (needed for S/MIME +messages). +.TP +mossbin, +The directory containing the TIS/MOSS executables (needed for MOSS +messages). +.TP +post, post +The location of the MH post executable (needed for MH +integration). +.TP +geturl, +A command for getting files from the Web. Use "lynx -source" if +behind a firewall. +.TP +dead-letter, ~/dead.letter +The file where premail stores undeliverable mail. +.TP +logfile, +The location where premail stores its log, if the l debug flag is +set. +.TP +storefile, +If set, the location where premail stores outgoing mail, instead of +calling sendmail. +.TP +tmpdir, /tmp +Where premail stores its temporary files. +.TP +charset, iso-8859-1 +The default charset for outgoing 8-bit messages. +.TP +encrypt, yes +Set to blank to disable PGP encryption to remailers. +.TP + ack, +If set, nymservers will send acknowledgements for all outgoing mail. +.TP +extrablank, +If set, premail adds an extra blank on remailer messages. Useful if +behind a broken mail proxy. +.TP +debug, +Debugging flags (see section on debugging). +.TP +signuser, +The user id of the default PGP secret key used to sign messages. +.TP +default-reply-to, +Adds a Reply-To: header field with this address when sending +anonymous e-mail. +.TP +addresses, ~/.premail/addresses +The file containing your addresses. +.TP +rlist, ~/.premail/rlist +The file where premail stores the remailer list. +.TP +pubring, ~/.premail/pubring.pgp +The file where premail stores the public +keyring for the remailers. +.TP +premail-secrets-pgp, ~/.premail/secrets.pgp +The file where premail stores the encrypted +secrets file. +.TP +premail-secrets, /tmp/premail-secrets.$< +The location of your secrets file +.TP +rlist-url, http://kiwi.cs.berkeley.edu/rlist +The URL for the remailer list. +.TP +pubring-url, http://kiwi.cs.berkeley.edu/pubring.pgp +The URL for the remailer +public keyring. +.TP +type2-list-url, http://www.jpunix.com/type2.html +The URL for the Mixmaster type2 +list. +.TP +pubring-mix-url, http://www.jpunix.com/pubring.html +The URL for the Mixmaster +pubring. + +.SS Address Book + +Adding the extra encryption commands is not difficult, but it can +be tedious and potentially error prone. Thus, premail provides an +address book for specifying commands to be used with specific +e-mail addresses. + +For example, let's say that one of your correspondents tells you +that she prefers mail to be PGP encrypted. Then, instead of typing +((encrypt-pgp)) every time you send her mail, you could add this +line to your addresses file: + + her@email.address: ((encrypt-pgp)) + +The addresses file is usually at ~/.premail/addresses, but the +location is a configurable option. + +Another example was the hackerpunks mailing list (now defunct), in +which all of the subscribers have alpha.c2.org nyms. Since +haqr@alpha.c2.org had this line in his addresses file, he was able +to post to the list with just "To: hpunks": + + hpunks: hackerpunks@alpha.c2.org ((chain=2;alpha=haqr)) + +An address book entry can also expand to a list of addresses. For +example: + +.RS 3 +alice: alice@crypto.com ((encrypt-pgp)) +bob: bwhite@got.net ((key=bobw@netcom.com)) +eric: eric@ecsl.org ((encrypt-pgp)) +.br +friends: alice, bob, eric +.RE + +Sending mail to friends would then do what you'd expect: send +encrypted mail to each of alice, bob, and eric's full e-mail +addresses. + +.SH INTEGRATION + +This section discusses integrating premail with various remailers. + +.SS Netscape + +Create symbolic links to premail called "prezilla" and +"premailmove". To do this, make sure you are in the same directory +as premail itself, and type: + + ln -s premail prezilla + ln -s premail premailmove + +Find a working movemail. If you have emacs installed, then you +most likely have one in /usr/lib/emacs/etc/movemail or a similar +location. If you don't already have one, then the source (or +possibly binary) for one is included in the Netscape Navigator +distribution and you can build it (no need if a binary is +included). Then, make sure premail can find it by adding a line +such as this one to your preferences file: + + $config{'movemail'} = '/usr/lib/emacs/etc/movemail'; + +This usage assumes that you get your mail from a mail spool, as +opposed to POP or some such. You may be able to get it to work for +POP as well, but you need to figure out how to invoke movemail to +move the mail from your mailbox to a file (specified as the second +argument to the movemail script). + +Add this line to your .cshrc, assuming your shell is csh or +tcsh: + + setenv NS_MSG_DELIVERY_HOOK /your/path/to/prezilla + +Also run this command from the shell so it takes effect +immediately. The syntax is slightly different if your shell is sh +or bash _(note: is this right? Yes, it is.)_: + + NS_MSG_DELIVERY_HOOK=/your/path/to/prezilla + export NS_MSG_DELIVERY_HOOK + +Start Netscape (exit first if it's already running). Go to the +Options|Mail and News Preferences dialog, select the Servers tab. +Click on "External Movemail" and set the value to +/your/path/to/premailmove. + +Try sending yourself mail, and clicking on "Get Mail" from the +Netscape Mail window. The mail should show up in the Inbox, +correctly decoded. + +To view the X-Premail-Auth: header field to see the result of +signature checking, select Options|Show All Headers from the +Netscape Mail window. + +Note: as of Netscape v3.0, there is still a bug in the handling of +the Bcc: header field, which causes it to be ignored. Do not use +this field. Hopefully, this will be fixed in a future version of +Netscape. + +Note: some 3.0 beta versions modify the PATH environment variable. +If premail seems to work correctly from the command line, but not +from Netscape, try setting absolute pathnames for the programs used +by premail. + +.SS Pine + +As of Pine 3.94, premail integrates both outgoing mail and the +decryption of plain PGP incoming mail. Unfortunately, decryption of +MIME-based mail is not yet supported. + +Two Pine configuration options need to be set to integrate premail +(i.e. from the main Pine screen, S for setup, then C for +configure). First, sendmail-path should be set to a value similar +to this (substituting the actual path to premail): + + /your/path/to/premail -oem -t -oi + +Second, display_filters should be set to a value similar to this: + +.RS 3 +_BEGINNING("-----BEGIN PGP")_ /your/path/to/premail -decode -body +.RE + +If you have trouble finding these options in the setup screen, then +you can edit the .pinerc file directly. + +One caveat when using Pine: it usually tries to be "smart" and +remove comments from e-mail addresses, which includes the +double-paren commands such as ((encrypt-pgp)). There are a few ways +to deal with this problem: + +.RS 2 + * Use "( )" instead of (( )). _Note: I think this works, but I +haven't tested it._ + * Use the alternative caret syntax. These two lines mean the same +thing: + + To: raph@cs.berkeley.edu ((encrypt-key, sign)) + To: raph@cs.berkeley.edu^encrypt-key^sign + * Avoid setting the encryption options on the command line +altogether, and set them in the addresses file instead (see +"The Address File"). You could also use the header forms. +.RE + +.SS MUSH + +Premail integrates well with the Mail User's Shell. Add the following lines to your .mushrc: + +.RS 3 +set sendmail='premail -oem -i -t #Comment' +cmd decode 'pipe !* premail -decode >>$MAIL;delete !*' +.RE + +Outgoing mail will be handled automatically. Note that if you are sending +anything with a ';' on the mush command line, it must be enclosed in "'". For +example: + +.RS 3 +mail user@host ((chain=replay;hacktic)) +mail 'user@host ((chain=replay;hacktic))' +.RE + +The first line above will fail, use the second line instead. + +For outgoing mail, simply type 'decode [msg-list]'. It will decode those +messages, append them to the end of your mailbox. You will be notified of the +new mail. Note that this occurs even with those messages in the list that +premail does nothing to. Since no update has been done, you can use +undelete to look at the old (pre-premail) versions of the messages, +but when you quit they'll be tossed. + + +.SS Other mailers + +This section describes how to integrate premail with MH, emacs, and +UCBMail. With these mailers, premail will only handle outgoing mail +automatically. To decode incoming mail, you still need to invoke +premail -decode by hand. + +.SS Integrating premail with Emacs + +To add premail support to emacs, just add this line to your .emacs +file: + + (setq sendmail-program "/your/path/to/premail") + +.SS Integrating premail with MH + +In whatever directory you keep the premail executable, create a +symbolic link as follows: + + ln -s premail prepost + +Under the name "prepost", premail will masquerade as MH's post +program rather than sendmail. You can get MH to call premail +instead of post by adding this line to your .mh_profile: + + postproc: /your/path/to/prepost + +One thing to keep in mind is that premail's processing is done +before that of post. Thus, if you have MH aliases, they will get +expanded after the call to premail. If you use only premail +aliases, only MH aliases, or neither, this won't be a problem. + +Alternatively, if you have appropriate privileges, you can add this +line to /usr/lib/mh/mtstailor: + + sendmail: /your/path/to/premail + +You may also have to configure MH to call sendmail locally rather +than connecting to an SMTP server. Don't do both the mtstailor and +mh_profile methods -- that would run premail twice. + +.SS Installing premail with UCBmail + +UCBmail is a simple mailer front-end (also known as Mail and +mailx). If, when you type "mail user@site.dom", the mailer asks you +for a "Subject: " line, you are undoubtedly using UCBmail. If so, +you are in luck - it integrates very easily with premail. Just add +this line to your ~/.mailrc file: + + set sendmail=/your/path/to/premail + +Using premail with UCBmail is not very different from using premail +by itself, but you do get some handy features, such as including +files and using an editor on the mail. + +.SH NOTES + +This section covers a number of techincal notes related to the +operation of premail. This information should not be necessary for +ordinary use. + +.SS Multiple recipients + +One of the tricky problems with mail encryption packages such as +premail is how to deal with multiple recipients. Based on +experience with previous versions, this version of premail tries +very hard to "get it right." However, as a consequence, the exact +behavior can sometimes be difficult to understand. + +The hard part is when some of the recipients have encryption +specified and others don't. What premail does is to split the +recipients up into groups. If two recipients can receive the same +actual message, they are in the same group, otherwise not. For +example, recipients getting an encrypted and an unencrypted message +cannot be in the same group. However, multiple recipients appearing +in To: and Cc: fields that use the same encryption method will be +in the same group. A single message, encrypted to multiple +recipients, will be sent, which is considerably more efficient than +encrypting separately for each recipient. + +One subtle point is the handling of Bcc: recipients. The semantics +of Bcc: specify that the mail be sent to each of the Bcc: +recipients, but that none of the other recipients be able to find +out their identity. However, encrypting to multiple recipients +would defeat this, because it is possible to indentify all of the +recipients of the encrypted message. Thus, each encrypted Bcc: +recipient gets its own group. + +Each recipient of an anonymous message also gets its own group, for +similar reasons. + +An attempt is made to make the headers in the message received by +the recipient be the same as if no encryption were used. +Specifically, the complete To: and Cc: header fields will be +present, but the Bcc: field will be missing. One exception to this +rule is anonymous messages, in which case the recipient can't see +any information about the other recipients. + +.SS Error handling + +The goal is to handle errors in the same way as sendmail. Thus, the +exact handling depends on the setting of the -oe command line +option. The default (as in sendmail) is -oep, meaning that the +error message is printed to standard out, and the mail message is +appended to the dead letter file (the location of which is a +configuration option). + +Another choice is -oem, in which case the error message and the +mail message are packaged together and mailed back to the user. +This is appropriate when the mailer has no way to deal with error +messages returned from premail. + +One additional choice, not provided by sendmail, is -oed, which +prints the error message on standard out, but drops the mail +message. This is a good choice if the mailer can interpret a +non-zero return status code as indication of an error. This is the +mode used by Netscape (and is automatically selected when premail +is invoked as prezilla). + +.SS Security issues + +In designing premail, usefulness and convenience were considered +more important than top security. Nonetheless, it can provide good +security, especially if you are aware of the security issues. + +One overriding assumption was that your machine is secure, and that +the serious threats were those of eavesdroppers on the network and +e-mail forgers. In general, premail handles passive attacks quite +well, while containing a number of vulnerabilities to active +attacks. + +Here are some potential security pitfalls with premail: + +.RS 2 + * Stores secrets information on disk file. + * Stores (potentially sensitive) temporary files on disk. + * Does not check authenticity of remailer list, remailer public key +ring, or Mixmaster information gotten from the Web. + * Accessing the Web signals when anonymous mail is about to be sent, +perhaps aiding traffic analysis. + * Does not evaluate the trustworthiness of public keys used for +encryption and signature checking. +.RE + +.SS Useless Features + +Over the years, premail has accumulated a number of features of +dubious value. One of them is support for MOSS, a nice encryption +protocol that nevertheless failed to catch on. If you feel the urge +to use it, documentation is available in the release notes for +version 0.43. + +One potentially cool feature is a server for decoding e-mail. This +_would_ be a useful feature if there were any mailers which used +it. The protocol for the server was designed to be fast (much, much +faster than invoking premail -decode separately for each message), +as well as "crypto-neutral," meaning that it doesn't contain any +features designed just for crypto, and that it could be used for +other tasks, for example converting image formats or character +sets. Thus, a client designed to use this protocol would likely be +fully exportable from the US. If you're interested in integrating +support for this protocol into a popular e-mail client, please get +in touch with me. + +.SH Debugging + +If you run into trouble with premail, it might be of value to turn +on some of the debugging options. This can be done on the command +line, or in the .premailrc file. In the former case, add a ++debug=chvy argument to the command line. In the latter case, try: + + $config{'debug'} = 'chvy'; + +Here are the meanings of the debug options: + + c: Print command line invocation. + h: Print headers of input message. + l: Debug output goes to log instead of stdout. + p: Print finished message, do PGP. + r: Print chain chosen (useful in debugging chain selection). + y: Print finished message, don't do PGP. + v: Print all kinds of verbose info. + +Note that +debug=p puts the encrypted message on stdout. This may +be useful for constructing reply blocks, among other things. + +If there are problems with premail, then one of the best ways to +track them down is through the log. Try setting the debug +configuration option to chvl, setting the logfile configuration +option (for example, to ~/.premail/log), and then examining the +log. Also, if you're bringing bugs to my attention, it helps a lot +if you can send me relevant excerpts from the log. + +.SH SEE ALSO + +This document is available online at +http://www.c2.net/~raph/premail/. + +This is the documentation for premail 0.45. +