|
@@ -1,3 +1,64 @@
|
|
|
+# docker: gpgit
|
|
|
+
|
|
|
+automatically pgp-encrypt mails
|
|
|
+
|
|
|
+## dovecot setup
|
|
|
+
|
|
|
+1. setup [pigeonhole](https://wiki.dovecot.org/Pigeonhole/Sieve/Configuration)
|
|
|
+ and enable [sieve_extprograms](https://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms)
|
|
|
+
|
|
|
+```
|
|
|
+# dovecot config
|
|
|
+protocol lmtp {
|
|
|
+ mail_plugins = $mail_plugins sieve
|
|
|
+}
|
|
|
+plugin {
|
|
|
+ sieve = file:~/sieve/scripts;active=~/sieve/active
|
|
|
+ sieve_plugins = sieve_extprograms
|
|
|
+ sieve_extensions = +vnd.dovecot.filter
|
|
|
+ sieve_filter_bin_dir = /some/path/sieve-filter-bin
|
|
|
+}
|
|
|
+# https://wiki.dovecot.org/Pigeonhole/Sieve/Troubleshooting
|
|
|
+#mail_debug = yes
|
|
|
+```
|
|
|
+
|
|
|
+2. start [gpgit](https://github.com/EtiennePerot/gpgit)
|
|
|
+
|
|
|
+```sh
|
|
|
+$ sudo docker run -d --name gpgit \
|
|
|
+ -e GNUPG_IMPORT="$(gpg -a --export me@domain.tld)" \
|
|
|
+ --restart always \
|
|
|
+ fphammerle/gpgit@sha256:see-git-tags
|
|
|
+```
|
|
|
+
|
|
|
+add `-p 127.0.0.1:6156:6156` if dovecot is not running in a container assigned to same network
|
|
|
+
|
|
|
+3. install filter script
|
|
|
+
|
|
|
+```sh
|
|
|
+#!/bin/sh
|
|
|
+# /some/path/sieve-filter-bin/gpgit
|
|
|
+(echo "$@"; cat) | socat -d -t24 - tcp:gpgit:6156
|
|
|
+```
|
|
|
+
|
|
|
+replace container name `gpgit` with `localhost` if dovecot is not running in a container assigned to same network
|
|
|
+
|
|
|
+```sh
|
|
|
+$ chmod +x /some/path/sieve-filter-bin/gpgit
|
|
|
+```
|
|
|
+
|
|
|
+4. configure sieve to encrypt incoming mails
|
|
|
+
|
|
|
+```
|
|
|
+# /some/where/mail_home/username/sieve/scripts/encrypt.sieve
|
|
|
+require [ "vnd.dovecot.filter" ];
|
|
|
+filter "gpgit" ["me@domain.tld"];
|
|
|
+```
|
|
|
+
|
|
|
+```sh
|
|
|
+$ ln -s scripts/encrypt.sieve /some/where/mail_home/username/sieve/active
|
|
|
+```
|
|
|
+
|
|
|
## known issues
|
|
|
|
|
|
### deltachat
|