NAME
Mail::SpamAssassin::Plugin::OpenPGP - A SpamAssassin plugin that validates OpenPGP signatures.
VERSION
Version 1.0.0
SYNOPSIS
Install this module by running:
cpan Mail::SpamAssassin::Plugin::OpenPGPConfigure SpamAssassin to use it by putting the following (from this module's etc/26_openpgp.cf) in a configuration file (see http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo)
loadplugin Mail::SpamAssassin::Plugin::OpenPGP
ifplugin Mail::SpamAssassin::Plugin::OpenPGP
rawbody OPENPGP_SIGNED eval:check_openpgp_signed()
describe OPENPGP_SIGNED OpenPGP: message body is signed
rawbody OPENPGP_ENCRYPTED eval:check_openpgp_encrypted()
describe OPENPGP_ENCRYPTED OpenPGP: message body is encrypted
rawbody OPENPGP_SIGNED_GOOD eval:check_openpgp_signed_good()
describe OPENPGP_SIGNED_GOOD OpenPGP: message body is signed with a valid signature
tflags nice
rawbody OPENPGP_SIGNED_BAD eval:check_openpgp_signed_bad()
describe OPENPGP_SIGNED_BAD OpenPGP: message body is signed but the signature is invalid, or doesn't match with email's date or sender
endif # Mail::SpamAssassin::Plugin::OpenPGPSet up some rules to your liking, for example:
score OPENPGP_SIGNED -1
# this will total to -2
score OPENPGP_SIGNED_GOOD -1
# this will total to 0
score OPENPGP_SIGNED_BAD 1DESCRIPTION
This uses Mail::GPG which uses Gnu Privacy Guard
Make sure the homedir you use for gnupg has something like this in its gpg.conf (and that the directory & files are only readable by owner)
keyserver-options auto-key-retrieve
# any keyserver will do
keyserver x-hkp://random.sks.keyserver.penguin.deSo that it will automatically fetch public keys
To ensure that your local public keys don't get out of date, you should probably set up a scheduled job to delete pubring.gpg regularly
For project information, see http://konfidi.org
USER SETTINGS
gpg_executable /path/to/gpg
gpg_homedir /var/foo/gpg-homedir-for-spamassassinTOKENS
The following per-message SpamAssassin "tokens" are set. (Is "token" the right word? They're set directly on instances of PerMsgStatus)
openpgp_checked
Set to 1 after the email has been checked for an OpenPGP signature
openpgp_signed
Set to 1 if the email has an OpenPGP signature
openpgp_signed_good
Set to 1 if the email has a "good" OpenPGP signature
openpgp_encrypted
Set to 1 if the email is encrypted with OpenPGP
AUTHOR
Dave Brondsema, <dave at brondsema.net>
BUGS
If an email is signed with a subkey, OPENPGP_SIGNED_BAD is returned. We need to use the master key's fingerprint and mail aliases instead of the subkey's.
If only part of a PGP/MIME message is signed (for example, a mailing list added a footer outside of the main content & signature) then it is not considered signed. If any part of a message is signed inline, it is considered signed. A future version will probably use OPENPGP_PART_SIGNED, and have checks to verify that the unsigned part is at the end and that the signed part is not very short (to prevent spammers from having a small signed part accompanied by a large spammy part).
Please report any bugs or feature requests to bug-mail-spamassassin-plugin-OpenPGP at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Mail-SpamAssassin-Plugin-OpenPGP. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Mail::SpamAssassin::Plugin::OpenPGPYou can also look for information at:
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
http://cpanratings.perl.org/d/Mail-SpamAssassin-Plugin-OpenPGP
RT: CPAN's request tracker
http://rt.cpan.org/NoAuth/Bugs.html?Dist=Mail-SpamAssassin-Plugin-OpenPGP
Search CPAN
http://search.cpan.org/dist/Mail-SpamAssassin-Plugin-OpenPGP
ACKNOWLEDGEMENTS
COPYRIGHT & LICENSE
Copyright 2006 Dave Brondsema, all rights reserved.
This program is released under the following license: Apache License, Version 2.0