Tag Archives: mail

Introducing the SMTP GPG Proxy

I frequently encounter software that allows me to send mails, but has no GPG support out of the box (sometimes not even using plugins). This annoys me greatly, especially if it is software like FusionInvoice, which may transport sensitive information in its mail messages. Since FusionInvoice (and many other programs) support SMTP for sending their mail, and since I had a few spare hours, I decided to see if I could hack something together to add GPG support to those programs. And the result was…

…the SMTP GPG Proxy

The SMTP GPG Proxy, besides having an awful name (name proposals welcome), is a Python program. It provides an SMTP Server and will accept incoming mail messages, encrypt / sign them according to its settings and magic strings in the mail subject, and then forward them to the upstream SMTP server.

Since the basic python smtpd-Module does not support encrypted connections, I used the modified “secure-smtpd”-Module by bcoe. It extends the basic smtpd with support for SSL-encrypted connections while providing an almost identical interface. For the encryption itself, I used the standard “python-gnupg”-wrapper, which isn’t ideal but gets the job done most of the time.


Setting up the SMTP GPG Proxy is quite easy. Just grab the latest version from the GitHub-Repository, install the dependencies, rename the config.py.example to config.py and fill in the settings (everything should be documented in there), and then launch the main program. Next, point your SMTP-speaking program at the IP and port you just configured (it is highly recommended to do this via localhost only, as incoming connections into the Proxy are, as of right now, not encrypted), and mail away.


To get the SMTP Proxy to encrypt a message, just send the mail and add the KeyIDs (including the “0x”) to the subject line, seperated by whitespaces. They will be automatically parsed and removed from the subject, so if you want to send a message with the subject “Invoice #23”, encrypted with 0x12345678 and 0x13374242, you would choose the subject “Invoice #23 0x12345678 0x13374242”. KeyIDs can be in short (8 characters) or long (16 characters) form, as well as full fingerprints (without whitespaces and prefixed by “0x”).

Depending on the settings, missing public keys will either lead to the message being rejected, sent unencrypted, or keyservers may be polled before rejecting or sending unencrypted if no public keys are found. You can also configure the program to GPG-sign all messages, or only encrypted messages, or no messages at all.

Development status

The program is currently in alpha, but it works very well for me. Still, as of right now there are some open issues with it, which I may or may not be working on. If you set up everything correctly, you should not encounter any problems. It is the border cases like incorrect SMTP passwords that are currently not dealt with very well.


If I find the time, I will keep developing the program, removing bugs, making it more stable, and adding more features like opportunistic encryption. However, I may not have the time to fully fix everything, and bugs that are annoying me will obviously be fixed faster than those I will never encounter in my usage.

However, as the program is open source and on GitHub, feel free to fork and submit pull requests. The code is, as of right now, shamefully undocumented, but as it has only about 200 lines, it should still be fairly easy to understand.


Like almost all my projects, I am releasing this program under the BSD 2-Clause License.

Coding Project of the Day: attmail

(I have no idea if there are any projects out there that are named attmail. No copyright violations intended, it’s just my woking title 😉 )

Today, I had to get a backup script running on the server of my company. One part of the script should send an eMail with the backup attached every week.

Easy thing, right? I’ve got SSH access, so I can use just about anything a Linux Server has to offer.

Yeah, as it turns out, sending mails with attachments is actually not that easy if you can’t install your own stuff on the machine. The only (working) eMail solution available was Sendmail, and for that, you need to basically provide the whole eMail, encoded and everything. And, to make matters even worse, I had no access to uuencode. At least, I had Base64, so I knew that, somehow, it had to be possible.

Luckily, I found this thread, explaining how to send Base64-encoded attachments via sendmail. Bingo.

Being the computer science student that I am, I was not satisfied with the script (I am never satisfied with scripts that have everything fixed. I like my parameters). So, I set out to rework the script to make it more dynamic.

Now, about 3 hours later, I finally have a working solution (and have learned a lot about bash scripting). I know that any experienced Linux guy will probably claw his eyes out on seeing this code, but I’ll post it nontheless.

The Code on Pastebin (including usage instructions)

This Project on GitHub, in the unlikely case you want to fork and modify it.

It should be obvious that the code requires a working installation of sendmail to work correctly.

As always, feel free to comment with suggestions on how to improve the code, report any bugs (Untested usage scenarios include full path to attachment file (should work, I think), Filenames with Spaces or special characters except for .-_, and more). The code works for the scenario I intended it for, and that’s all I wanted. If it helps you, even better, but I will not offer too much in the way of support, due to time constraints and other problems.

Thanks, and have a nice day 😉