diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2020-03-02 17:11:38 +0100 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2020-03-04 09:42:35 +0100 |
| commit | 8e6e7c2cc58bf8468159310cd824897e46ddfd83 (patch) | |
| tree | 3cfe04fa8d2798072df2738c68b11feacac39884 | |
| parent | bc2b62bddab69ed42327997b6068738ccb878e16 (diff) | |
| download | remail-8e6e7c2cc58bf8468159310cd824897e46ddfd83.tar.gz | |
config: Introduce an enabled flag for S/MIME
This allows setups where there is no S/MIME. In some scenarios using just
GPG is fine and S/MIME might even be discouraged. Previously this required
to provide a dummy S/MIME key just to make remail happy. With this new flag
there is no need for that key if S/MIME is not required for the list.
Signed-off-by: Andreas Rammhold <andreas@rammhold.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
| -rw-r--r-- | Documentation/examples/conf/remail.yaml | 2 | ||||
| -rw-r--r-- | Documentation/man5/remail.config.rst | 5 | ||||
| -rw-r--r-- | remail/config.py | 1 | ||||
| -rw-r--r-- | remail/maillist.py | 16 |
4 files changed, 18 insertions, 6 deletions
diff --git a/Documentation/examples/conf/remail.yaml b/Documentation/examples/conf/remail.yaml index 4f9f094..05abbc4 100644 --- a/Documentation/examples/conf/remail.yaml +++ b/Documentation/examples/conf/remail.yaml @@ -13,6 +13,8 @@ use_smtp: True # S/MIME smime: + # Enable S/MIME + enabled: True # Verify CA certs. Only disable for troubleshooting verify: True diff --git a/Documentation/man5/remail.config.rst b/Documentation/man5/remail.config.rst index 43a3843..564ecf0 100644 --- a/Documentation/man5/remail.config.rst +++ b/Documentation/man5/remail.config.rst @@ -186,9 +186,14 @@ S/MIME options: .. code-block:: yaml smime: + enabled: True verify: True sign: True + enabled: + Enable S/MIME processing. If this option is set to False then no attempts + are made to process S/MIME mails or keys. + verify: When handling S/MIME encrypted mail then the validity of the senders key diff --git a/remail/config.py b/remail/config.py index d3ce5d5..f8400fe 100644 --- a/remail/config.py +++ b/remail/config.py @@ -189,6 +189,7 @@ class archive_config(object): print('%*s%-40s: %s' % (indent, '', 'plain_list', self.m_list)) smime_defaults = { + 'enabled' : True, 'verify' : True, 'sign' : True, } diff --git a/remail/maillist.py b/remail/maillist.py index 64fdfaf..9a95795 100644 --- a/remail/maillist.py +++ b/remail/maillist.py @@ -35,7 +35,9 @@ class maillist(object): self.enabled = listcfg.enabled self.use_smtp = use_smtp - self.smime = smime_crypt(self.config.smime, self.config.listaccount) + self.smime = None + if self.config.smime.enabled: + self.smime = smime_crypt(self.config.smime, self.config.listaccount) self.gpg = gpg_crypt(self.config.gpg, self.config.listaccount) self.tracking = account_tracking(self.config.tracking, logger) @@ -72,7 +74,7 @@ class maillist(object): Encrypt plain text message for the account ''' msg = msg_from_string(msg_plain.as_string()) - if account.use_smime: + if self.smime and account.use_smime: self.smime.encrypt(msg, account) else: self.gpg.encrypt(msg, account) @@ -143,7 +145,9 @@ class maillist(object): ''' msg_sanitize_incoming(msg) - msg_plain = self.smime.decrypt(msg) + msg_plain = None + if self.smime: + msg_plain = self.smime.decrypt(msg) if not msg_plain: msg_plain = self.gpg.decrypt(msg) return msg_plain @@ -303,10 +307,10 @@ class maillist(object): for account in self.config.subscribers.values(): if not account.enabled: continue - if not account.use_smime: - self.gpg.check_key(account) - else: + if account.use_smime and self.smime: self.smime.check_cert(account) + else: + self.gpg.check_key(account) class maillist_checker(object): ''' |