Micael Valeri was so kind to translate this page into italian:|
For the german folks, Markus Reuß did a translation as well:
|Relay sockets to servers...|
First you have to enter the relay-server-sockets on you machine.|
both, for smtp- and pop3-relaying!
Then start the Servers!
Some little words about sockets: Sockets are the Endpoints of Internet-Communication. This endpoint can also be completely local (and GPGrelay takes advantage of this fact to do it's work, look at Setting up your Email-Client !), so it doesn't require the internet to be between these endpoints.
Each Endpoint is specified by it's IP-Address and Port, and thus it needs to be uniquely identified to get routable.
Keep in mind that any multiuser-environment normally shares one IP-Address, so you cannot setup the same port for multiple users at once (this addresses mainly Windows XP where multiple users can be logged in at the same time -- although it's not recommended to use GPGrelay in such an environment).
Maybe your POP3-Server allows connecting using the alternative authentification-command "APOP" (used instead of the two standard POP3-Commandos USER/PASS), and maybe your Mail-Client (eg. Outlook Express) doesn't know that commando, so you can give GPGrelay a little hint so USER/PASS will be transformed in the background into a single APOP-Commando.
Note: Not all POP3-Servers know that commando (eg. the one of my provider; they answered lapidarily: it's not stringent neccessary...), but you should give it a try, as the Password isn't sent in Plain-Text with this kind of authentification (another bit of additional security).
|Relay sockets to servers (XP)|
Thanks to Per Tunedal for providing this information:|
If you have a multiple user environment eg Windows XP it is important to use different ports for different users. It is not possible to share a port although the users might have the same e-mail provider.
eg. If your e-mailprovider is PROVIDER, you might set up a POP3-server for the user ADAM called PROVIDER RECEIVE ADAM with the local port 32110 and an SMTP-server called PROVIDER SEND FOR ADAM with the local port 32025.
When finished log in as user BERT and set up new servers. A POP3-server called PROVIDER RECEIVE BERT with the local port 33110 and an SMTP-server called PROVIDER SEND FOR BERT with the local port 33025.
|Setting up your Email-Client|
GPGrelay is listening on those local ports you specify for the servers (see screenshots above).|
It waits there until your email-client connects to it, and then GPGrelay connects to the real SMTP- or POP3-Servers, to complete the required bridge to deliver the emails
This requires that your email-client doesn't connect to the SMTP- and POP3-Servers directly! It has to connect to GPGrelay on the local ports instead.
So you have to enter
Maybe some email-clients have special boxes where you have to enter the ports (eg. Outlook Express has a Extended-Tab where you can enter the port), so your servers are both 127.0.0.1 and they have the ports as specified in the GPGrelay-Servers.
There may be some poorly written email-clients in use that require SMTP to be on Port 25 and POP3 on Port 110; if this is the case with your email-client, you can only have one forwarding relay-server on your local port 25 (SMTP) and one on local port 110 (POP3).
And to finally make this as clear as possible:
The real SMTP- and POP3-Servernames shouldn't appear anymore in your Email-Client, except you want to bypass GPGrelay.
|Instructions for Email-Client-Setup|
Thanks to the contributors of these step-by-step-tutorials!|
(Hope there are more to come..!)
Then you must specify what to do with the relayed mails, this has to be independently set for each email
leading to a key (say each known recipient).|
<Default-Profile> is a special profile which you cannot delete!
It specifies the default-behaviour that is used to send mails to anyone you don't have a key for - that's also the reason why you can only sign outgoing mails with this profile.
And this also means that you have to create at least one new Profile if you want to encrypt something for any user.
Secret Keys also need a passphrase, this can be entered in plain-text here (and it's also saved in plaintext in the Registry!) or you can let GPGrelay ask you a passphrase and remember it for a special amount of seconds...
And it's now also possible to let GPGrelay ask you the passphrases whenever it starts instead of when the passphrase is actually required. With this option it surely does not make much sense to have a short remember-time!
It's now also possible to directly specify which Subkey to use for encryption and if secret keys are available you can also specify which subkey to use for creating signatures!
The "Purge cache"-button will erase all entered passphrases for all keys immediately (except the "Always-Use"-Passphrases) - so you can tell GPGrelay when it's time to forget the passphrases without having to restart GPGrelay...
The "Passphrase"-button allows you to change the passphrase of the secret key
For secret keys there is an advanced options dialog, which allows to add special header-fields when sending out an email.
|Specify Profiles (completing the Keyrules)...|
With the profiles you can select how mails to a recipient should be handled.
The Default-Profile is also used for anybody who is not inside your keyring, so only signing is possible with it and you need at least one new profile if you want to send something encrypted.
I think, best choice is to choose Prefix-Controlled; you can also leave one Prefix-Field blank meaning, this is the default if the others don't match (Actually always the longest match wins, which means, you can also have concurrent Prefixes (whether or not this makes sense...))
Some explainations about the "No PGP-MIME"-Checkbox
If your email-partner uses the PGP-Plugin and cannot handle PGP-MIME (eg. when the recipient uses Outlook Express), you can tell GPGrelay to simply put the encrypted mail into the normal mailbody (just like the PGP-Plugin does).
It's best to stay with PGP-MIME unless your email-partner really can not handle this at all!
The prefix-control became kind of redundant now, but anyway...
If no prefix match then the default will take place. Also any empty prefix-field overrides the default!
Special note about the "Can attach alias"-Checkbox: Whenever a profile has this one checked, it will only allow to sign outgoing and it will also become visible in the Alias-Tab, allowing to attach aliases there.
This is useful for Mailinglists where you don't have any public-key to hook up a keyrule. Former GPGrelay-Versions offered special predefined Alias-Profiles for this purpose, now it uses this a lot more flexible and really configurable profile-approach.
As GPGrelay identifies key-rules by matching their email-addresses, it is possible that you may want to send somebody
a mail to an account, which is on another host than specified inside the public-key by it's UserIDs.|
To let this be known in GPGrelay you have to enter the appr. aliases for the concerning keys...
"Learn from POP3" means, that good signatures of incoming mails will be matched against the key-/alias-database, and if they don't match an existing key or alias then the email-address of the sender will become a new alias for the key used for signing...
There is a problem with keys that have multiple UserIDs assigned: There it becomes more or less a semi-automatic Alias-Lerning as you have to explicitely select which UserID should be the one the new Alias should lead to.
If this becomes too annoying for you, simply uncheck it.
|Special SMTP-/POP3-Relay behaviour...|
You can setup some global features, depending on your personal favour...|
"Always trust keys" will encrypt always, no matter which trust-value is calculated for a key (otherwise you'll be prompted to confirm).
"X-Keep-Alive" is kind of a ping to your email-client to eliminate timeouts when receiving large mails on a slow line (due to the fact that GPGrelay must buffer emails completely to do it's work).
Some email-clients (eg. Outlook Express) measure the timeout as the delay between two complete lines, others simply use socket-timeouts, so it is enough to ping with single chars (which produces smaller overhead). And then there are some very uncritical clients that don't have timeouts at all.
All logging is done inside, this means, no logfile required!|
You can get a copy of the log on the clipboard in the config-dialog.
And there is now also an option (push the Config-Button) to log to a file, but this is really meant to be used for debugging only as anything you see in the log-window is also written to that file!
GPGrelay adds a few options to the system-menu (left-click on the GPGrelay-Icon in the Window-Captionbar)
which might be interesting for you too.|
GPGrelay saves it's settings whenever it shuts down normally, but you can save settings immediately using the system-menu.
And you can always restore last settings! This is the main reason why GPGrelay doesn't save it's settings whenever they're changed, as this will give you some (very limited) Undo-Possibility.
There is also an option to manually remove the keyring-cache-file (so GPGrelay has to reload the keys the next time it starts up, in case you don't want to do a reload-keys immediately), and finally there is an option to export the settings from the Registry to a .reg-File for easier backup of GPGrelay- Settings (this option simply calls RegEdit.exe to do the export, so it's in fact like a batch-file).
If you have set anything up correctly, GPGrelay will be ready!|
For further information you may try the forums at
You can also join the GPGrelay-Mailinglist to get support from experienced users
SourceForge-Mailinglist : GPGrelay-talk