free
/
freedombone
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
瀏覽代碼

Encrypt incoming email

Bob Mottram 10 年之前
父節點
9a23775a8c
當前提交
de21cda292
共有 1 個檔案被更改,包括 43 行新增8 行删除
統一視圖 顯示文件統計
  1. 43
    8
      install-freedombone.sh

+ 43
- 8
install-freedombone.sh 查看文件

150
150
151 
 GPG_KEYSERVER="hkp://keys.gnupg.net"
 151 
 GPG_KEYSERVER="hkp://keys.gnupg.net"
152
152
153 
+# whether to encrypt all incoming email with your public key
154 
+GPG_ENCRYPT_STORED_EMAIL="yes"
155 
+
153 
 # gets set to yes if gpg keys are imported from usb
 156 
 # gets set to yes if gpg keys are imported from usb
154 
 GPG_KEYS_IMPORTED="no"
 157 
 GPG_KEYS_IMPORTED="no"
155
158
1339 
   echo 'configure_gpg' >> $COMPLETION_FILE
 1342 
   echo 'configure_gpg' >> $COMPLETION_FILE
1340 
 }
 1343 
 }
1341
1344
1345 
+function encrypt_incoming_email {
1346 
+  # encrypts incoming mail using your GPG public key
1347 
+  # so even if an attacker gains access to the data at rest they still need
1348 
+  # to know your GPG key password to be able to read anything
1349 
+  if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
1350 
+      return
1351 
+  fi
1352 
+  if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then
1353 
+      return
1354 
+  fi
1355 
+  if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
1356 
+      return
1357 
+  fi
1358 
+  if [ ! -f /usr/bin/gpgit.pl ]; then
1359 
+      apt-get -y --force-yes install git
1360 
+      cd $INSTALL_DIR
1361 
+      git clone https://github.com/mikecardwell/gpgit
1362 
+      cd gpgit
1363 
+      cp gpgit.pl /usr/bin
1364 
+  fi
1365 
+
1366 
+  # add a procmail rule
1367 
+  if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
1368 
+      echo '  :0 f' >> /home/$MY_USERNAME/.procmailrc
1369 
+      echo "  | /usr/bin/gpgit.pl $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/.procmailrc
1370 
+      chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
1371 
+  fi
1372 
+  echo 'encrypt_incoming_email' >> $COMPLETION_FILE
1373 
+}
1374 
+
1375 
+
1342 
 function email_client {
 1376 
 function email_client {
1343 
   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
 1377 
   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
1344 
       return
 1378 
       return
3198 
           echo "  if [ ! -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
 3232 
           echo "  if [ ! -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
3199 
           echo "    mkdir $USB_MOUNT/backup/owncloud" >> /usr/bin/$BACKUP_SCRIPT_NAME
 3233 
           echo "    mkdir $USB_MOUNT/backup/owncloud" >> /usr/bin/$BACKUP_SCRIPT_NAME
3200 
           echo '  fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
 3234 
           echo '  fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
3201 
-		  echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$OWNCLOUD_DOMAIN_NAME $USB_MOUNT/backup/owncloud ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3235 
+          echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$OWNCLOUD_DOMAIN_NAME $USB_MOUNT/backup/owncloud ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3202 
       fi
 3236 
       fi
3203 
   fi
 3237 
   fi
3204 
   # prosody
 3238 
   # prosody
3214 
           echo "  if [ ! -d $USB_MOUNT/backup/wiki-blog ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
 3248 
           echo "  if [ ! -d $USB_MOUNT/backup/wiki-blog ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
3215 
           echo "    mkdir $USB_MOUNT/backup/wiki-blog" >> /usr/bin/$BACKUP_SCRIPT_NAME
 3249 
           echo "    mkdir $USB_MOUNT/backup/wiki-blog" >> /usr/bin/$BACKUP_SCRIPT_NAME
3216 
           echo '  fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
 3250 
           echo '  fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
3217 
-		  echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$WIKI_DOMAIN_NAME $USB_MOUNT/backup/wiki-blog ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3251 
+          echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$WIKI_DOMAIN_NAME $USB_MOUNT/backup/wiki-blog ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3218 
       fi
 3252 
       fi
3219 
   fi
 3253 
   fi
3220 
   # microblog
 3254 
   # microblog
3240 
       echo "  if [ ! -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
 3274 
       echo "  if [ ! -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
3241 
       echo "    mkdir $USB_MOUNT/backup/dlna" >> /usr/bin/$BACKUP_SCRIPT_NAME
 3275 
       echo "    mkdir $USB_MOUNT/backup/dlna" >> /usr/bin/$BACKUP_SCRIPT_NAME
3242 
       echo '  fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
 3276 
       echo '  fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
3243 
-	  echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/cache/minidlna $USB_MOUNT/backup/dlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3277 
+      echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/cache/minidlna $USB_MOUNT/backup/dlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3244 
   fi
 3278 
   fi
3245 
   echo 'else' >> /usr/bin/$BACKUP_SCRIPT_NAME
 3279 
   echo 'else' >> /usr/bin/$BACKUP_SCRIPT_NAME
3246 
   echo '  echo "Please insert a USB drive to create the backup."' >> /usr/bin/$BACKUP_SCRIPT_NAME
 3280 
   echo '  echo "Please insert a USB drive to create the backup."' >> /usr/bin/$BACKUP_SCRIPT_NAME
3286 
   # email
 3320 
   # email
3287 
   if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
 3321 
   if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
3288 
       echo "  if [ -d $USB_MOUNT/backup/Maildir ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
 3322 
       echo "  if [ -d $USB_MOUNT/backup/Maildir ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
3289 
-	  echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/Maildir /home/$MY_USERNAME/Maildir ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3290 
-	  echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/gpg /home/$MY_USERNAME/.gnupg ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3323 
+      echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/Maildir /home/$MY_USERNAME/Maildir ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3324 
+      echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/gpg /home/$MY_USERNAME/.gnupg ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3291 
       echo "    cp -f $USB_MOUNT/backup/gpg/.muttrc /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
 3325 
       echo "    cp -f $USB_MOUNT/backup/gpg/.muttrc /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
3292 
       echo "    cp -f $USB_MOUNT/backup/gpg/.procmailrc /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
 3326 
       echo "    cp -f $USB_MOUNT/backup/gpg/.procmailrc /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
3293 
       echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
 3327 
       echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3314 
   if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
 3348 
   if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
3315 
       if [ $OWNCLOUD_DOMAIN_NAME ]; then
 3349 
       if [ $OWNCLOUD_DOMAIN_NAME ]; then
3316 
           echo "  if [ -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
 3350 
           echo "  if [ -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
3317 
-		  echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3351 
+          echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3318 
           echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
 3352 
           echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3319 
       fi
 3353 
       fi
3320 
   fi
 3354 
   fi
3328 
   if ! [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
 3362 
   if ! [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
3329 
       if [ $WIKI_DOMAIN_NAME ]; then
 3363 
       if [ $WIKI_DOMAIN_NAME ]; then
3330 
           echo "  if [ -d $USB_MOUNT/backup/wiki-blog ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
 3364 
           echo "  if [ -d $USB_MOUNT/backup/wiki-blog ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
3331 
-		  echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/wiki-blog /var/www/$WIKI_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3365 
+          echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/wiki-blog /var/www/$WIKI_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3332 
           echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
 3366 
           echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3333 
       fi
 3367 
       fi
3334 
   fi
 3368 
   fi
3353 
   # dlna
 3387 
   # dlna
3354 
   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
 3388 
   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
3355 
       echo "  if [ -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
 3389 
       echo "  if [ -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
3356 
-	  echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/minidlna /var/cache/minidlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3390 
+      echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/minidlna /var/cache/minidlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3357 
       echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
 3391 
       echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3358 
   fi
 3392 
   fi
3359 
   echo 'else' >> /usr/bin/$RESTORE_SCRIPT_NAME
 3393 
   echo 'else' >> /usr/bin/$RESTORE_SCRIPT_NAME
3420 
 #spam_filtering
 3454 
 #spam_filtering
3421 
 configure_imap
 3455 
 configure_imap
3422 
 configure_gpg
 3456 
 configure_gpg
3457 
+encrypt_incoming_email
3423 
 email_client
 3458 
 email_client
3424 
 configure_firewall_for_email
 3459 
 configure_firewall_for_email
3425 
 folders_for_mailing_lists
 3460 
 folders_for_mailing_lists