Sign outgoing mails automatically with postfix (S/MIME)

postfixsmime

I want to sign outgoing mails automatically with postfix. I've found a script and integrated it into postfix. That works mostly like expected, but it has two bugs and I hope you can help me to fix those.

/home/xxx/sign.sh

#!/bin/bash
WORKDIR="/tmp"
SENDMAIL="/usr/sbin/sendmail -G -i"
EX_UNAVAILABLE=69
SENDER="$2"; RECIPIENT="$4"

MESSAGEFILE="$WORKDIR/message.$$"
trap "rm -f $MESSAGEFILE; rm -f $MESSAGEFILE.signed" 0 1 2 3 15
umask 077
cat > $MESSAGEFILE || { echo Cannot save mail to file; exit $EX_UNAVAILABLE;}
SUBJECT=$(reformail -x "Subject:" < $MESSAGEFILE)
openssl smime -sign -in $MESSAGEFILE -out $MESSAGEFILE.signed -from $SENDER -to $RECIPIENT -subject "$SUBJECT" -signer /home/xxx/sign.crt -inkey /home/xxx/sign_key.crt -text || { echo Problem signing message; exit $EX_UNAVAILABLE; }
$SENDMAIL "$@" < $MESSAGEFILE.signed
exit $?

This is the implementation into postfix:

smtp      inet  n       -       -       -       -       smtpd
  -o content_filter=spamassassin
  -o content_filter=meinfilter:dummy

meinfilter      unix    -       n       n       -       2       pipe
  flags=Rq user=xxx null_sender=
  argv=/home/xxx/sign.sh -f ${sender} -- ${recipient}

The bugs are

  • the subject line is always empty this is caused by missing software dependencies
  • the delivered message has the header doubled (in the normal header and in the message)

Here the raw email header and body. You can notice the double header below

To: xxx
From: xxx
Subject: Testsubject
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----2466B05A8CF1ACF5CD6D9B7B8AE72747"

This is an S/MIME signed message

------2466B05A8CF1ACF5CD6D9B7B8AE72747
Content-Type: text/plain

Return-Path: <xxx>
Received: from [127.0.0.1] (xxx [xxx])
    by xxx (Postfix) with ESMTPSA id xxx
    for <xxx>; Fri, 13 Sep 2013 02:49:22 +0000 (UTC)
Message-ID: <xxx>
Date: Fri, 13 Sep 2013 04:49:21 +0200
From: xxx
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: xxx
Subject: Testsubject
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

Testmessage

------2466B05A8CF1ACF5CD6D9B7B8AE72747
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY
LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY
LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY
...
LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY
LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY
LONGTEXTLONGTEXTWITHPUBLICKEYLONGTEXTLONGTEXTWITHPUBLICKEY

How could these two problems this problem be solved?

Best Answer

If you do not want the plain text headers added to your signed email remove the -text option from the openssl command in the sign.sh script. As stated here

-text this option adds plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs.

To only sign outgoing email, I think what you'll want to do is enable the submission port (587) or smtps (465) in your master.cf and move the -o content_filter=meinfilter:dummy to that port only

#submission
submission inet n - n - - smtpd
-o content_filter=meinfilter:dummy

That means only mail that is submitted on that port, which is usually associated with TLS and authentication, will be signed by your script. You might also want to ensure that only authenticated, TLS encrypted connections are allowed to relay through your server.

Related Topic