mailcryptoinfo

package module

v0.0.0-...-51b7634 Latest Latest Go to latest Published: Nov 29, 2022 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

git.scc.kit.edu/heiko.reese/mailcryptoinfo

Links

Open Source Insights

README ¶

Simple heuristic daemon to classify email cryptography

This daemon was written to collect statistics of email cryptography usage using exim. It uses a simple heuristic to detect if an email was signed or encrypted using S/MIME (CMS) or PGP.

Installation

Building

Install go (tested with versions 1.4 and 1.7.1). Run

go build

Copy mailcryptoinfo to /usr/local/bin (or choose another location and adjust the systemd-unit accordingly).

Configure exim

To use this in parallel to clamd, set this globally:

av_scanner = $acl_m0

Then add this to your clamd ACLs:

    set acl_m0 = clamd:/var/run/clamav/clamd.ctl

Add something like this to your acl_smtp_data ACL:

warn
    set acl_m0 = sock:127.0.0.1 48879:%s:(RESULT):RESULT (.*)\$
    malware = *
    log_message = mailcrypto found $malware_name

To prevent counting messages more than one, consider implementing something like this

system configuration

Use your distribution's prefered method to start this daemon before exim. A (debian specific) systemd file is included here:

cp systemd/mailcryptinfo.service /etc/systemd/system/
systemctl daemon-reload
systemctl start mailcryptinfo.service
systemctl status mailcryptinfo.service
systemctl enable mailcryptinfo.service

FAQ

Q: Why not use exim to implement your heuristic?

Because exim does not give me access to then Content-Header's options. Plus I am considering adding signature validation which can't be done in native exim.

Documentation ¶

Index ¶

Variables
func ScanMailfile(filename string) string
type ConditionalLogger
type CryptoInfo
- func NewCryptoInfo(e EMail) *CryptoInfo
type EMail
type HandlerMessage
type Logger
type MailAnalyzer
type MailFile
- func NewMailFile(filename string) (*MailFile, error)
- func (mf *MailFile) Filename() string
- func (mf *MailFile) Parsed() *mail.Message
type Service
- func NewService() *Service
- func (s *Service) Serve(listener *net.TCPListener)
- func (s *Service) Stop()

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	EmptyCryptoInfo = &CryptoInfo{}
)

View Source

var (
	EmptyMailFile = &MailFile{}
)

Functions ¶

func ScanMailfile ¶

func ScanMailfile(filename string) string

Types ¶

type ConditionalLogger ¶

type ConditionalLogger interface {
	Enable()
	Disable()
	Println(...interface{})
	Printf(string, ...interface{})
}

type CryptoInfo ¶

type CryptoInfo struct {
	// contains filtered or unexported fields
}

CryptoInfo implements MailAnalyzer

func NewCryptoInfo ¶

func NewCryptoInfo(e EMail) *CryptoInfo

NewCryptoInfo creates a new crypto analysis from an email

func (*CryptoInfo) Result ¶

func (ci *CryptoInfo) Result() map[string]string

Result returns a result map

func (*CryptoInfo) Set ¶

func (ci *CryptoInfo) Set(key, value string)

set/overwrite a key/value pair in the result map

func (*CryptoInfo) String ¶

func (ci *CryptoInfo) String() string

type EMail ¶

type EMail interface {
	Filename() string
	Parsed() *mail.Message
}

EMail represents a parsed email file

type HandlerMessage ¶

type HandlerMessage struct {
	Action  int
	Message string
}

type Logger ¶

type Logger struct {
	// contains filtered or unexported fields
}

var Debug Logger = Logger{
	// contains filtered or unexported fields
}

func (*Logger) Disable ¶

func (l *Logger) Disable()

func (*Logger) Enable ¶

func (l *Logger) Enable()

func (*Logger) Printf ¶

func (l *Logger) Printf(s string, r ...interface{})

func (*Logger) Println ¶

func (l *Logger) Println(s ...interface{})

type MailAnalyzer ¶

type MailAnalyzer interface {
	Result() map[string]string
}

MailAnalyzer models a map of result of an analysis

type MailFile ¶

type MailFile struct {
	// contains filtered or unexported fields
}

MailFile holds an email filename and a parsed version

func NewMailFile ¶

func NewMailFile(filename string) (*MailFile, error)

NewMailFile creates a new MailFile from a file

func (*MailFile) Filename ¶

func (mf *MailFile) Filename() string

Filename returns the email filename

func (*MailFile) Parsed ¶

func (mf *MailFile) Parsed() *mail.Message

Parsed returns the parsed representation

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

func NewService ¶

func NewService() *Service

func (*Service) Serve ¶

func (s *Service) Serve(listener *net.TCPListener)

Accept connections and spawn a goroutine to serve each one. Stop listening if anything is received on the service's quit channel.

func (*Service) Stop ¶

func (s *Service) Stop()

Stop the service by closing the service's channel. Block until the service is really stopped.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
daemon
testclient

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL