Tag Archives: project

Introducing the SMTP GPG Proxy

I frequently encounter software that allows me to send mails, but has no GPG support out of the box (sometimes not even using plugins). This annoys me greatly, especially if it is software like FusionInvoice, which may transport sensitive information in its mail messages. Since FusionInvoice (and many other programs) support SMTP for sending their mail, and since I had a few spare hours, I decided to see if I could hack something together to add GPG support to those programs. And the result was…

…the SMTP GPG Proxy

The SMTP GPG Proxy, besides having an awful name (name proposals welcome), is a Python program. It provides an SMTP Server and will accept incoming mail messages, encrypt / sign them according to its settings and magic strings in the mail subject, and then forward them to the upstream SMTP server.

Since the basic python smtpd-Module does not support encrypted connections, I used the modified “secure-smtpd”-Module by bcoe. It extends the basic smtpd with support for SSL-encrypted connections while providing an almost identical interface. For the encryption itself, I used the standard “python-gnupg”-wrapper, which isn’t ideal but gets the job done most of the time.

Setup

Setting up the SMTP GPG Proxy is quite easy. Just grab the latest version from the GitHub-Repository, install the dependencies, rename the config.py.example to config.py and fill in the settings (everything should be documented in there), and then launch the main program. Next, point your SMTP-speaking program at the IP and port you just configured (it is highly recommended to do this via localhost only, as incoming connections into the Proxy are, as of right now, not encrypted), and mail away.

Usage

To get the SMTP Proxy to encrypt a message, just send the mail and add the KeyIDs (including the “0x”) to the subject line, seperated by whitespaces. They will be automatically parsed and removed from the subject, so if you want to send a message with the subject “Invoice #23”, encrypted with 0x12345678 and 0x13374242, you would choose the subject “Invoice #23 0x12345678 0x13374242”. KeyIDs can be in short (8 characters) or long (16 characters) form, as well as full fingerprints (without whitespaces and prefixed by “0x”).

Depending on the settings, missing public keys will either lead to the message being rejected, sent unencrypted, or keyservers may be polled before rejecting or sending unencrypted if no public keys are found. You can also configure the program to GPG-sign all messages, or only encrypted messages, or no messages at all.

Development status

The program is currently in alpha, but it works very well for me. Still, as of right now there are some open issues with it, which I may or may not be working on. If you set up everything correctly, you should not encounter any problems. It is the border cases like incorrect SMTP passwords that are currently not dealt with very well.

Roadmap

If I find the time, I will keep developing the program, removing bugs, making it more stable, and adding more features like opportunistic encryption. However, I may not have the time to fully fix everything, and bugs that are annoying me will obviously be fixed faster than those I will never encounter in my usage.

However, as the program is open source and on GitHub, feel free to fork and submit pull requests. The code is, as of right now, shamefully undocumented, but as it has only about 200 lines, it should still be fairly easy to understand.

License

Like almost all my projects, I am releasing this program under the BSD 2-Clause License.

Introducing IssueBot, a Jabber MUC notification bot for GitHub

As part of a development team working on improving Enigmail, I recently found myself in need of a bot sending notifications to a Jabber multi-user chat (MUC) when the Issues of a GitHub-project receive an update (we already had a similar program for new commits in place, called commitbot). I searched for a while and did not find anything that fulfilled our requirements.

So, being a CS student and all that, I decided to write one.

Introducing IssueBot

IssueBot is a Python / Twisted bot, using the GitHub API to fetch information about the issues of a GitHub project. Those are then sent to a Jabber MUC. It can monitor multiple repositories at the same time, authenticate itself using an OAuth token (if you generate one manually) to increase the rate limit on the GitHub API, and will generate Notifications in the following conditions:

  • New ussue
  • Issue closed
  • One of the following has changed about the issue:
    • Title
    • State (open -> closed or vice versa)
    • Assignee
    • New comments

Development is still actively going on, with new features being planned and bugs being fixed, so keep an eye on the GitHub-Repository.

Configuration is done using a .tac-file (an example file is provided with the program). Just update the variables in it and you should be good to go. Instructions on how to use it can be found in the README.

As parts of the code are derived from the aforementioned commitbot, the Code is licensed under the GNU GPLv3. Feel free to fork, improve and send pull requests on the project page on GitHub.

The making of IssueBot

As it turns out, it is actually really easy to query the GitHub API. You send a request to a specific URL (for example, https://api.github.com/repos/octocat/hello-world/issues) and get a response with some JSON and some headers telling you how many requests you have remaining for the current hour (the API limit for unauthenticated users is 60 requests per hour).

Since it is pretty easy to do this in Python, and it has some nice support for JSON built-in using the standard json module, it was pretty easy to query the API, parse the result into a Python dictionary, and parse that into the local database. Then, the changes could be determined and notification messages generated. The only thing missing was the interface to Jabber.

For that, I decided to reuse some code from the commitbot project. This blew up the list of dependencies, but made it possible to somewhat painlessly work with Jabber MUCs. As an added bonus, one of the dependencies, Twisted, deamonizes the process automatically, saving me the trouble.

In the end, it took me about three hours to hack together the current version of the program. Most of the time was spent trying to figure out how to get Twisted to work with my main loop, which was actually non-trivial until I stumbled upon the LoopingCall-Instruction provided by Twisted.internet.task. As Twisted has some rather… interesting views on how it should be used, and my use case did not quite fit into that pattern, I found documentation on how to use it hard to find.

The program is now happily running on my server, spitting out the occasional notification into our chat, and works like a charm.

Drinking games in Vatican: Implementing the SSH RandomArt-Algorithm in Javascript

I recently read an article about the algorithm used to generate the RandomArt-Images used for SSH keys (the “drunken bishop” algorithm). I looked around for a bit and did not find an implementation in Javascript, so I quickly hacked one together.

The algorithm is explained really well in the article I linked above, so I’ll not go over it again. The algorithm is pretty easy to implement, the main parts of this algorithm are:

  • Representing the field the bishop moves on (easy enough with a 2D array of integers)
  • Converting Hex to binary (surprisingly, there is no builtin function for that, but there is a good answer on StackOverflow to that)
  • Isolating the bit-pairs (by iterating through two-character substrings of the words)
  • Checking if moves are valid (by checking if the target coordinates are within the limits of the array)
  • Showing the results (by writing them into a div with a monospaced font set)

So, all in all, it was mostly an exercise in javascript and nothing really fancy, but it was fun to implement it, debug it (too much python, forgetting semicolons all over the place), get the whitespaces to work properly (there are about one million kinds of white spaces, and appearently only one does what I want), and finally testing it.

No effort was made to keep this code simple, efficient, or beautiful to look at. It was a proof of concept and some exercise for my rusty JavaScript skills, mixed with a general interest on how the RandomArt algorithm works.

You can take a look at the code in action at jsfiddle, or just look at the horrible code in the gist on github and make fun of me in the comments.

Coding Project of the day: seinfeld.sh

Today, I was looking for a command line program that implements the seinfeld calendar / seinfeld chain. As it turns out, there are a lot of programs on GitHub that do something like that, but none that did exactly what I was looking for (actually, that’s wrong. One Project did pretty much exactly what I wanted, but it refused to install).

Well, building a simple seinfeld chain tracker is not hard, so I quickly hacked together a small shell script that did exactly that. Introducing seinfeld.sh.

Now, the script is pretty simple, as I said, and probably has a bunch of bugs as well (and, frankly, some horrible code). At the moment, it does not even automatically detect new days, so I helped myself by copying the script on my server, putting the text file the script used into my dropbox, and triggering the “newday” routine via a cronjob on the server every day at midnight.

Current Features of the script:

  • seinfeld.sh do [project]: Mark a project as “done” for the day (represented by a “#”)
  • seinfeld.sh undo [project]: Mark a project as “not done” for the day (represented by a “-“)
  • seinfeld.sh newday: Add a new day to every project (represented by appending a “-“)
  • seinfeld.sh ls: Show the current chains
  • The script will ignore lines beginning with a “#”, so use that for comments
  • Update May 15th: Chain links are now color coded (green for “done”, yellow for “not done”)
  • Please read the instruction on the GitHub-Page

Feel free to clone the code, make improvements and send a pull request.

Find this Project on GitHub

Coding Project of the Day: attmail

(I have no idea if there are any projects out there that are named attmail. No copyright violations intended, it’s just my woking title 😉 )

Today, I had to get a backup script running on the server of my company. One part of the script should send an eMail with the backup attached every week.

Easy thing, right? I’ve got SSH access, so I can use just about anything a Linux Server has to offer.

Yeah, as it turns out, sending mails with attachments is actually not that easy if you can’t install your own stuff on the machine. The only (working) eMail solution available was Sendmail, and for that, you need to basically provide the whole eMail, encoded and everything. And, to make matters even worse, I had no access to uuencode. At least, I had Base64, so I knew that, somehow, it had to be possible.

Luckily, I found this thread, explaining how to send Base64-encoded attachments via sendmail. Bingo.

Being the computer science student that I am, I was not satisfied with the script (I am never satisfied with scripts that have everything fixed. I like my parameters). So, I set out to rework the script to make it more dynamic.

Now, about 3 hours later, I finally have a working solution (and have learned a lot about bash scripting). I know that any experienced Linux guy will probably claw his eyes out on seeing this code, but I’ll post it nontheless.

The Code on Pastebin (including usage instructions)

This Project on GitHub, in the unlikely case you want to fork and modify it.

It should be obvious that the code requires a working installation of sendmail to work correctly.

As always, feel free to comment with suggestions on how to improve the code, report any bugs (Untested usage scenarios include full path to attachment file (should work, I think), Filenames with Spaces or special characters except for .-_, and more). The code works for the scenario I intended it for, and that’s all I wanted. If it helps you, even better, but I will not offer too much in the way of support, due to time constraints and other problems.

Thanks, and have a nice day 😉