Secure forwarding of root’s mail through GPG encryption

If you’re administering several machines, chances are you’re willing to receive in your mailbox (copies of) mails sent to the administrator by various daemons and applications (or users complaining for instance to webmaster@yourhost, etc.).

One way to do so is to forward these emails on another host.

But sometime these emails may contain sensitive data that you wouldn’t like to be sent as cleartext on the networks.

To avoid that, one solution would be to retrieve your mail on the remote hosts periodically (fetchmail may be helpful, via pop, imap or ssh+imapd maybe) : polling.

Another way is to use push (as long as you trust your network enough to think that all emails will reach you), by forwarding these emails, but first encrypt them for your eyes only with gnupg. For non confidential data, you may only wish to forward them, but want to be sure no-one will have modified them. So forwarding a gnupg-signed copy may be useful too.

One may think as a command to be executed in a procmail forward rule involving gpg… But it appears this is no trivial task if you want to produce nice attachments that your MUA will be able to decode in a friendly way.
A gentleman named Szabolcs GYURIS (his scripts page at : http://linux.oregpreshaz.hu/script.html) has written a tool named mail_out.sh which I’ve used for some time now, which
will do the job (see the README for more details). Great. Many thanks for that tool.
I’ve even recently improved it somehow, mainly in order to rewrite some elements in english so that users will be able to inspect its code and use it more (my improved version is hosted on the original author’s site, thanks. And here’s my gpg signature of the improved version). Confidence is important in this matter, I think, and one sould easily audit such a script 😉

Hope you’ll find it usefull too.
Oh, and I’ve just seen there’s a new version which I’ll try to merge with my translation too. Stay tuned, but in the meantime, this version should work well at least with evolution 😉

3 thoughts on “Secure forwarding of root’s mail through GPG encryption”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.