So with Gmail's recent deployment of IMAP to various accounts, I've got a reason to use my Gmail account now. Since I don't want anyone able to read any of my mail (including google) I've setup my Gmail account to store encrypted backup copies of messages from my main mail accounts. My main mailserver is fine the way it is, and has rsnapshot backups of everything on another server, but just in case, some more transparent remote redundancy would be nice.
4.5gb of IMAP accessible email space is a very large amount of free redundant storage--and I intend to use it in as unencumbered a manner as possible. Here's how to take advantage of Google's "free" service to store GPG encrypted backups of each message you receive on your primary email account. You'll need a few things first:
1) A Gmail account. Signup here if you don't have one.
2) A GPG key. I use KGPG since I'm a KDE user. There is lots of documentation online to help with creating and signing keys.
3) A mailserver with procmail installed. Preferably one that permits per user .procmailrc files. Otherwise, editing a global /etc/procmailrc for each user who wants to setup their encryption/forwarding filter would be very time consuming indeed.
4) A mailclient that supports GPG keys. I use KMail, Thunderbird with the Enigmail extension should work as well.
First enable IMAP in your Gmail account.
Once you've done that and can connect to your Gmail account via your mail client, you need a key with which to encrypt each message as it hits your mailserver.
Take a look at Gnu Privacy Guard (GnuPG) Mini Howto for a good reference on creating and signing keys.
Once you have a key, it needs to be on your mailserver. Copy your public key onto your mailserver, and make sure you have it imported via gnupg-agent there, else your procmail filter won't have anything to use to encrypt each message.
Place the following in your .procmailrc file at the top:
###########################################
## f for filter (fifo), b for body only ##
## w wait for filter check it's exitcode ##
## fail if not successful; finally ##
## encrypt body, send a copy to gmail ##
###########################################
:0
* ^X-Original-To: me@example.com
{
:0fbw
| gpg --encrypt -r 0x01234567 --armor --output -
:0c
! me@gmail.com
}
Now send a test message to your primary account. You should end up with two encrypted messages, one on your local mailserver, and one on gmail's server. Logging in via Gmail will only show the encrypted ASCII armoured text, but logging in via IMAP will allows KGPG or Enigmail to kick in and decrypt the message on the fly.
Gmail IMAP, procmail, and GPG
Your procmail recipe is too simple:
1. It doesn't check if the mail is already encrypted
2. It should change the content-type and content-disposition headers (otherwise, at least mutt will not automatically invoke gpg on it).
I found a perl script that seems to do (2) here: http://platon.sk/cvs/cvs.php/___checkout___/scripts/perl/mail-gnupg/mail...
Kind regards,
Hans
Thanks!
You're right, I've only been using it with GUI mail clients. Moreover, any attachment doesn't get encrypted with my recipe either. So thanks for pointing out that script :)
Thanks!
I found this very helpful -- I'm using it to back up an encrypted copy of order confirmations etc to a Gmail account I created just for this purpose.
Regarding Hans's comment:
The perl script didn't work for me. I personally am also hesitant to implement perl scripts, since I don't understand them :)
I was able to solve his point No 2 by adding another procmail recipe just before the encrpytion:
:0fhw
| formail -i "Content-Type: application/pgp; format=text; x-action=encrypt"
Now mutt auto-decrypts the message.
Admittedly, encrypted attachments would be nice, but the mails that I need encrypted automatically in this way fortunately rarely have attachments.
Post new comment