sending automated GPG signed mails from batch job

Jan Eden tech at eden.one
Tue May 21 07:20:10 UTC 2024


Hi Matthias,

On 2024-05-21 07:45, Matthias Apitz wrote:

> Hello,
> 
> Our Library Management System sends mails to patrons and media vendors
> which are assembled in a shell script with all data (Subject, body, To,
> attachments, etc) by a call to the MUA mutt 2.1.1 which pipes the mail
> to sendmail:
> 
> #!/bin/sh
> #
> # $Id: sisis2mail.sh 381380 2020-11-06 07:49:50Z apitzm $
> #
> # filter mails ensuring mails sent are RFC compilant
> # the mutt program (installed by sisis-pap) assists in that
> # usage: sisis2mail.sh [ --cat [ file ]          |
> #                        --body-as-text          |
> #                        --body-as-html          |
> #                        --body-as-text-and-html |
> #                        --body-as-attachment    |
> #                        --attach-file filename  |
> #                        --inline-images dirname ] [ file]
> #
> # input may be a file or stdin
> # output goes to stdout
> ...
> 
> How could we expand this for signing mails on the fly?
> 
> Kevin, I saw your reply in 
> http://lists.mutt.org/pipermail/mutt-users/Week-of-Mon-20210412/002737.html
> ...
> On Mon, Apr 12, 2021 at 09:50:59AM +0200, Tom wrote:
> >I am trying to use a GnuPG key without a passphrase to send *signed* 
> >mails from a cron job for some non-critical, internal reporting. 
> >Searching the archives did not give me the answer.
> 
> Sorry, cryptographic operations are disabled in batch mode.
> 
> I thought I had added a note to the manual about this, but I only see it 
> in the "batch composition flow" section (in git).  I'll add a note to 
> the "encryption and signing" section too.
> 
> -- 
> Kevin J. McCarthy
> 
> Is this still the case, that cryptographic operations are disabled in
> batch mode? I could not locate it in the man pages of mutt and muttrc.
> 
> What other options do we have outside of mutt on Linux?

This is what I do (in Python):

==================================================
import os
import datetime
import __main__ as main
import smtplib
from email.message import Message
from email.mime.multipart import MIMEMultipart
from email import charset
from email.utils import make_msgid
import keyring
import gnupg
import socket

smtp_server = 'mail.example.com'
smtp_user = 'mailuser at example.com'
port = 587
localhost = 'my.local.host'
pgp_entry = 'PGP-NoReply'
pgp_user = pgp_entry

def send_message(subject, body):
	now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
	subject = f'{os.path.basename(main.__file__)}: {subject}'
	body = f'{body}\n\n{now}'

	base_charset = charset.Charset('utf-8')
	base_charset.body_encoding = charset.QP
	basemsg = Message()
	basemsg.set_payload(body, charset=base_charset)

	gpg = gnupg.GPG(gpgbinary='/opt/homebrew/bin/gpg')
	basetext = basemsg.as_string().replace('\n', '\r\n')
	pgp_passphrase = keyring.get_password(pgp_entry, pgp_user)
	signature = str(gpg.sign(basetext, keyid='AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', passphrase=pgp_passphrase, detach=True))

	signmsg = Message()
	signmsg['Content-Type'] = 'application/pgp-signature; name="signature.asc"'
	signmsg['Content-Description'] = 'OpenPGP digital signature'
	signmsg.set_payload(signature)

	msg = MIMEMultipart(_subtype="signed", micalg="pgp-sha512", protocol="application/pgp-signature")

	msg.attach(basemsg)
	msg.attach(signmsg)

	msg['From'] = 'Script Status <noreply at example.com>'
	msg['To'] = 'Admin <admin at example.com>'
	msg['Subject'] = subject
	msg['Message-ID'] = make_msgid(domain=localhost)

	smtp_password = keyring.get_password(smtp_server, smtp_user)
	print('Sending email message... ', end='')
	try:
		s = smtplib.SMTP(host=smtp_server, local_hostname=localhost, port=port)
		s.starttls()
		s.login(smtp_user, smtp_password)
		s.send_message(msg)
		print('sent.')
	except socket.gaierror:
		print('failed (no internet connection).')
	del msg
==================================================

- Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-users/attachments/20240521/c5aa710d/attachment-0001.asc>


More information about the Mutt-users mailing list