table of contents
| GPG-MAIL-TUBE(1) | GNU Privacy Guard 2.6 | GPG-MAIL-TUBE(1) |
NAME¶
gpg-mail-tube - Encrypt rfc822 formatted mail in a pipeline
SYNOPSIS¶
gpg-mail-tube [options] recipients
DESCRIPTION¶
gpg-mail-tube takes RFC-822 formatted mail on stdin and turns it into a PGP/MIME encrypted mail which is then written to stdout.
The recipients must be plain mail addresses (e.g. foo@example.org) and should in general list the To and Cc addresses contained in the mail.
The tool needs to insert strings into the mails which can be configured using a plain text file. The installed default files for English (‘mail-tube.txt’) and German (‘mail-tube.de.txt’) can be copied to the system configuration directory and changed to local needs. Environment variables in these texts are expanded.
OPTIONS¶
gpg-mail-tube understands these options:
- --verbose
- -v
- Enable extra informational output.
- --quiet
- -q
- Try to be as quiet as possible.
- --log-file file
- Write log output to file. Use ‘socket://’ to log to a socket.
- --no-stderr
- Suppresses all output to stderr. This is useful for callers which don't distinguish stdout and stderr. To get diagnostics the option --log-file can be used.
- --header name=value
- Add the mail header "name: value" to the output.
- --setenv name=value
- Put the given environment string into the environment of this process and of the called gpg. This option is required if there is no other way to set the environemt.
- --as-attach
- -a
- Do not write a PGP/MIME mail but emit a simple body along with an attachment containing the encrypted body of the input mail. If the input was a plain text message a simple encrypted file will be attached. If the input was a multipart MIME message the encrypted file is of type message/rfc822.
- --gpg gpgcmd
- Use the specified command gpgcmd instead of gpg.
- --vsd
- Use the gpg from a GnuPG VS-Desktop® AppImage. The AppImage is started if it is not running. A symlink named ‘~/.gnupg-vsd/gnupg-vs-desktop.AppImage’ needs to link to the actually to be used AppImage.
- --version
- Print version of the program and exit.
- --help
- Display a brief help page and exit.
EXAMPLES¶
The following options can be used in a local transport rule of the Exim MTA which assumes that that check_local_user has been used in the router.
transport_filter = /usr/local/bin/gpg-mail-tube --setenv HOME=${home} \
--no-stderr -- $pipe_addresses
For a remote transport the use of size_addition and an explicit setting of the user and its home directory might be required. To avoid permission problems it is often better to use a service like userv to run the command under a different user. This can be done by using this transport_filter:
transport_filter = /usr/bin/userv -- foo gpg-mail-tube $pipe_addresses
With foo being the account name used by GnuPG. In that user's home directory you will install a file ‘~/.userv/rc’ with this content:
if ( glob service gpg-mail-tube
& glob calling-user Debian-exim
& glob service-user foo
)
reset
errors-to-syslog
no-suppress-args
execute /usr/local/bin/gpg-mail-tube \
-v --no-stderr \
--log-file /home/foo/logs/mail-tube.log \
--setenv HOME=/home/foo --
quit fi
Take care to have the trailing double dashes and adjust the log-file as needed. The errors-to-syslog statement makes sure that errors pertaining to the userv system (e.g. script errors) are directed to the syslog (facility is "user", level is "error"). If needed replace Debian-exim by the name of the user under which Exim is running.
DIAGNOSTICS¶
The program returns 0 on a successful encryption or a non-zero value on error. Note that on error some output might have already been written to stdout.
SEE ALSO¶
The full documentation for this tool is maintained as a Texinfo manual. If GnuPG and the info program are properly installed at your site, the command
info gnupg
should give you access to the complete manual including a menu structure and an index.
| 2025-10-21 | GnuPG 2.5.13 |