aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fripost-docs.org52
1 files changed, 45 insertions, 7 deletions
diff --git a/fripost-docs.org b/fripost-docs.org
index 794705a..ea8a762 100644
--- a/fripost-docs.org
+++ b/fripost-docs.org
@@ -159,6 +159,9 @@ sudo aptitude install logcheck syslog-summary
# | There is no way to get rid of the warning `Fixed query_filter [...] is probably useless'.
# It is harmless in our case, since the search base is precise enough.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtpd|cleanup|trivial-rewrite|postmap)\[[0-9]+\]: warning: dict_ldap_open: /etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf: Fixed query_filter \(\&\(ObjectClass=virtualAliases\)\(mailLocalAddress=\)\(isActive=TRUE\)\) is probably useless$
+# | Untrusted connections should be taken care of on the client's side.
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: Untrusted TLS connection established from
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [._[:alnum:]-]+\[[0-9.:]+\]: (Unt|T)rusted: subject_CN=.*, issuer=.*, fingerprint=
** Configuring aptitude and friends
@@ -1473,8 +1476,16 @@ can be obtained by the command
echo -ne '\000user@fripost.org\000user' | openssl base64
+or slightly better (does not write password in your ~/.bash_history)
+
+ read U PW; echo -ne "\000$U\000$PW" | openssl base64
+
**** Anonymize the senders
+***** Overview
+
+Reference: https://we.riseup.net/debian/mail#getting-your-postfix-anonymized
+
If RoudCube automatically anonymize the sender (by simply shortening the
trace), it's not the case (by default) for SquirrelMail, or when clients
connect via ESMTP/ESMTPS/ESMTPA/ESMTPSA. Here are a couple of traces we want
@@ -1549,9 +1560,7 @@ valid certificate, and in case of an SMTP relay, the early part of the
trace (before it entered our Postfix sever) remains unchanged. For
example, the early part of the third trace would become:
- Received: from localhost (localhost [127.0.0.1])
- (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
- (Client CN "", Issuer "" (not verified))
+ Received: from [127.0.0.1] (localhost [127.0.0.1])
(Authenticated sender: username)
by fripost.org (Postfix) with ESMTPSA id 40284804F5
for <recipient@example.org>; Thu, 22 Mar 2012 14:48:01 +0100 (CET)
@@ -1563,10 +1572,10 @@ smtp_header_checks. In that case, the corresponding file would contain
the following rexep, forging the header by pretending that the client
has EHLO'ed from localhost:
- /^Received:\s+from (\S+)\s+\(\S+\s+\S+\)(.*\sby fripost\.org \(Postfix\)\s+with E?SMTP(S|A|SA)\W.*)$/
- REPLACE Received: from localhost (localhost [127.0.0.1])${2}
+ /^Received:\s+from\s+(\S+\s+\([-._[:alnum:]]+\s+\[[.[:digit:]]{7,15}\]\)).*?([[:space:]]+).*\(Authenticated sender:\s+([^)]+)\).*(by\s+smtp\.fripost\.org\s+\([^)]+\)\s+with\s+E?SMTPS?A?\s+id\s+[A-F[:digit:]]+.*)/
+ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$2(Authenticated sender: $3)${2}$4
-You can try out the regexp using "postmap -h -q - regexp:smtp_header_checks < email"
+You can try out the regexp using "postmap -h -q - regex:/etc/postfix/smtp_header_checks < email"
(where `email' may also be a bunch of traces).
DISCLAIMER: The regexp probably needs tests (especially for multiple hops,
@@ -1578,6 +1587,36 @@ responsability to masquerade it I suppose. In the same way, the CN and Issuer
of the client's certificate may help to track him/her down. Maybe we should
forge these as well?
+***** Install packages
+
+ apt-get install postfix-pcre
+
+***** Configure postfix
+
+ :: /etc/postfix/smtp_anonymize_sender.pcre
+
+ /^Received:\s+from\s+(\S+\s+\([-._[:alnum:]]+\s+\[[.[:digit:]]{7,15}\]\)).*?([[:space:]]+).*\(Authenticated sender:\s+([^)]+)\).*(by\s+smtp\.fripost\.org\s+\([^)]+\)\s+with\s+E?SMTPS?A?\s+id\s+[A-F[:digit:]]+.*)/
+ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$2(Authenticated sender: $3)${2}$4
+
+
+ :: /etc/postfix/main.cf
+
+ smtp_header_checks = pcre:$config_directory/smtp_anonymize_sender.pcre
+
+
+By default, postfix logs the header checks (or rewrites in our case).
+For privacy reasons, we drop these when they entery syslog:
+
+ :: /etc/rsyslog.conf
+
+ # Do not log our Postfix's header rewrites, that are meant to
+ # anonymize senders.
+ :msg, ereregex, "^ [[:alnum:]]+: replace: header Received: from" ~
+ [...]
+ auth,authpriv.* /var/log/auth.log
+ *.*;auth,authpriv.none -/var/log/syslog
+ [...]
+
** Configuring the webserver
sudo apt-get install apache2
@@ -1809,7 +1848,6 @@ mv hooks/post-update.sample hooks/post-update
echo "Mötesprotokoll" > fripost-meetings.git/description
-
** Logging
*** Overview
We want to limit how much we log for privacy reasons. At the same time we want