Deploying Schleuder
Introduction
Schleuder is an encrypted mailing list manager with features for secure group communication. It enables mailing lists where all traffic is automatically encrypted and can optionally resend messages with the list’s key, providing anonymity and privacy for list members.
Built with security-conscious organizations in mind, Schleuder supports GPG encryption, keyword-based commands, and flexible access control. It’s used by activists, journalists, and organizations that need confidential group communication while maintaining the simplicity of email.
Key highlights of Schleuder:
- GPG Encryption: End-to-end encrypted mailing list traffic
- Remailer Mode: Forward messages with list’s signature
- Keyword Commands: Manage lists via email
- Member Management: Add, remove, and manage subscribers
- Access Control: Configurable send and admin permissions
- Key Management: Automatic key handling and distribution
- MIME Support: Handle attachments securely
- REST API: Programmatic list management
- Web Interface: Optional web-based administration
- Integration: Works with standard MTAs
This guide walks through deploying Schleuder on Klutch.sh using Docker, configuring encrypted mailing lists, and managing secure communications.
Why Deploy Schleuder on Klutch.sh
Deploying Schleuder on Klutch.sh provides several advantages for secure communication:
Simplified Deployment: Klutch.sh builds your Schleuder configuration automatically.
Persistent Storage: Attach volumes for keyrings and list data.
HTTPS by Default: Secure access to the web interface.
GitHub Integration: Version control your configuration.
Reliable Delivery: Always-on for consistent email processing.
Prerequisites
Before deploying Schleuder on Klutch.sh, ensure you have:
- A Klutch.sh account
- A GitHub account with a repository
- Basic familiarity with Docker and GPG
- SMTP server for sending email
- MX records pointing to your deployment
- Understanding of GPG key management
Deploying Schleuder on Klutch.sh
- Select HTTP as the traffic type
- Set the internal port to 4443
Create Your Repository
Create a new GitHub repository for your deployment. Add a Dockerfile:
FROM ruby:3.1-slim
RUN apt-get update && apt-get install -y \ gnupg \ build-essential \ libsqlite3-dev \ && rm -rf /var/lib/apt/lists/*
RUN gem install schleuder schleuder-web
WORKDIR /var/lib/schleuder
ENV SCHLEUDER_CONFIG=/etc/schleuder/schleuder.yml
EXPOSE 4443
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \ CMD curl -fsk https://localhost:4443/status || exit 1
CMD ["schleuder-api-daemon", "-p", "4443"]Create Configuration
Add schleuder.yml:
lists_dir: /var/lib/schleuder/listsplugins_dir: /var/lib/schleuder/plugins
api: host: 0.0.0.0 port: 4443
smtp_settings: address: smtp.example.com port: 587 domain: example.com authentication: plain user_name: schleuder@example.com password: your_smtp_password enable_starttls_auto: truePush to GitHub
Commit and push your files.
Create a New Project on Klutch.sh
Navigate to the Klutch.sh dashboard and create a new project.
Create a New App
Connect your GitHub repository.
Configure HTTP Traffic
In the deployment settings:
Set Environment Variables
Configure settings:
| Variable | Value |
|---|---|
SCHLEUDER_API_KEY | Secure API key |
SMTP_PASSWORD | SMTP password |
Attach Persistent Volumes
Add volumes:
| Mount Path | Recommended Size | Purpose |
|---|---|---|
/var/lib/schleuder | 10 GB | Lists and keyrings |
/etc/schleuder | 100 MB | Configuration |
Deploy Your Application
Click Deploy to build.
List Management
Creating Lists
Create new encrypted lists:
schleuder-cli lists new mylist@example.com admin@example.comAdding Subscribers
Add members with their public keys:
schleuder-cli subscriptions new mylist@example.com member@example.com --key member.ascList Configuration
Configure list behavior:
# /var/lib/schleuder/lists/mylist@example.com/list.confsend_encrypted_only: truereceive_encrypted_only: truereceive_signed_only: trueEmail Commands
Keyword Interface
Manage lists via email:
| Command | Description |
|---|---|
X-LIST-NAME | Specify target list |
X-SUBSCRIBE | Subscribe address |
X-UNSUBSCRIBE | Remove subscription |
X-LIST-KEYS | List public keys |
X-ADD-KEY | Add subscriber key |
Example Command Email
To: mylist-request@example.comSubject: Commands
X-LIST-NAME: mylist@example.comX-SUBSCRIBE: newmember@example.comKey Management
List Key
Each list has a GPG keypair:
- Generated on list creation
- Signs outgoing messages
- Decrypts incoming messages
Subscriber Keys
Manage member keys:
# Add keyschleuder-cli subscriptions set-key mylist@example.com member@example.com key.asc
# List keysschleuder-cli subscriptions list mylist@example.comKey Distribution
Share list public key:
- Include in welcome message
- Publish on web
- Keyserver upload
Security Features
Encryption Options
Configure encryption requirements:
| Option | Description |
|---|---|
send_encrypted_only | Only send encrypted |
receive_encrypted_only | Require encrypted input |
receive_signed_only | Require signatures |
Remailer Mode
Enable anonymous forwarding:
resend_encrypted_only: trueinclude_list_headers: falseAccess Control
Restrict sending:
send_admin_only: falsesubscribers_only: trueWeb Interface
Schleuder Web
Deploy web management:
require 'schleuder-web'run SchleuderWeb::AppFeatures
Web interface provides:
- List management
- Subscriber editing
- Key management
- Configuration
MTA Integration
Postfix
Configure Postfix integration:
schleuder_destination_recipient_limit = 1
# /etc/postfix/master.cfschleuder unix - n n - - pipe user=schleuder argv=/usr/bin/schleuder work ${recipient}Transport Maps
Route to Schleuder:
mylist@example.com schleuder:mylist-request@example.com schleuder:API Usage
REST API
Programmatic management:
curl -H "Authorization: Bearer API_KEY" \ https://schleuder.example.com/lists.jsonAPI Operations
Available endpoints:
- Lists: create, update, delete
- Subscriptions: manage members
- Keys: key operations
Troubleshooting
Delivery Issues
- Check SMTP configuration
- Verify MX records
- Review mail logs
- Test encryption
Key Problems
- Verify key validity
- Check key trust
- Import missing keys
- Update expired keys
API Errors
- Verify API key
- Check SSL certificates
- Review API logs
Additional Resources
- Schleuder Official Website
- Schleuder Documentation
- Schleuder Repository
- Klutch.sh Persistent Volumes
- Klutch.sh Deployments
Conclusion
Deploying Schleuder on Klutch.sh enables secure, encrypted mailing lists for confidential group communication. With GPG encryption, remailer features, and flexible access control, Schleuder provides the privacy tools needed for sensitive communications. Combined with Klutch.sh’s reliable hosting, you get a trusted platform for secure group email.