The server can host lots of users. Every user belongs to exactly one group.
The server can host lots of groups. Every group can have one or more administrators. Any user can be administrator of zero, one or many groups.
The site administrator can change any setting.
A group adminstrator can change the settings of his own account and of all the users that are in his group, including the creation and deletion of users.
A user can change most (but not all) of his account's parameters. Example: the POP3 password to use can be changed by the user. Her group membership can not be set by her.
For full use, the PGP Forwarding Server needs to run on a site with continues internet access (dedicated line).
Any E-Mail to the PGP Forwarding Server can be in plaintext or encrypted with the public key of the server. The server has both a PGP2 key (also called RSA key) and a PGP5/PGP6/GnuPG key (also called DSS key).
E-Mail to the command processor (e.g. to hub@public.org) must be signed. The user identity is based on the cryptographically strong signature, not on the used e-mail address. This is because anyone can forge e-mail addresses.
Certain commands only work when the e-mail the PGP Forwarding Server was encrypted. That is, they will be rejected if your mail was not encrypted. This is done for all commands that might contain private data, e.g. a POP3 password.
Outgoing e-mail that the PGP Forwarding Server encrypted on behalf of a user can sent to any e-mail address. The address to be used is changeable by both the user and his group adminstrators.
The server can also be instructed to not encrypt e-mails to users. That way one can travel around and receive files extraordinarily in clear text, e.g. when one depends on computers of third parties that don't have PGP installed.
An incoming e-mail is first checked for errors (e.g. invalid address, too long message size).
Then the e-mail is unfolded and decrypted.
"Unfolding" here means that those combined text & html e-mails are reduced to the text part. Only the text part is decrypted. The decryption only works if the public key of the hub was used. If the public key of the final user was used, then the e-mail goes transparently to this user.
"Decrpyting" means that messages encrypted with the PGP Forwarding Server's public key get's automatically decrypted. Note that the server cannot decrypt any mail that was encrypted with your public key.
Now information on the sender and receiver is gathered. The information on the sender is needed to find out if the sender may use the command line interface. The information on the receiver is needed to find out how to pass the message on, e.g. if to encrypt or to post into a POP3 mailbox.
E-Mails that go to the command processor are handled now. At this stage the command processor already knows if the incoming mail was encrypted and/or signed and enables/disables certain commands based on this info.