schleuder issueshttps://0xacab.org/schleuder/schleuder/-/issues2022-09-13T17:18:00Zhttps://0xacab.org/schleuder/schleuder/-/issues/507Carriage-return (^M) added to end of all lines when email sent to Schleuder ...2022-09-13T17:18:00ZCody BrownsteinCarriage-return (^M) added to end of all lines when email sent to Schleuder using Mutt## Expected Behavior
When using Mutt (and all other MUAs) to send an email to Schleuder, Schleuder will send the email unmodified.
## Actual Behavior
When using Mutt 2.1.4 (2021-12-11) (and older versions of Mutt) + gpg (GnuPG) 2.2.27...## Expected Behavior
When using Mutt (and all other MUAs) to send an email to Schleuder, Schleuder will send the email unmodified.
## Actual Behavior
When using Mutt 2.1.4 (2021-12-11) (and older versions of Mutt) + gpg (GnuPG) 2.2.27 (and older versions of gpg) to send an email to Schleuder, Schleuder will send the email with a carriage-return (^M) added to the end of every line. This starts with the very first line of the email (the beginning of the email headers) and ends with the very last line of the email.
## Steps to Reproduce the Problem
1. Use Mutt + gpg to send an email to Schleuder.
## Specifications
- Version: 3.4.0
- Installation method (package, gem...): `apt install`
- Mail client version: Mutt 2.1.4 (2021-12-11) (and older versions of Mutt) + gpg (GnuPG) 2.2.27 (and older versions of gpg)
## Other information
I can provide samples of original emails sent to Schleuder and the same emails modified and sent by Schleuder.https://0xacab.org/schleuder/schleuder/-/issues/517Bounce detection is a bit over-eager2022-09-14T08:05:57ZintrigeriBounce detection is a bit over-eagerHi Schleuder team!
My team uses Schleuder lists internally quite intensively. Last week I sent my team an email to announce upcoming vacations of mine. The Subject of my message included the "vacation" word. A few days later I learned t...Hi Schleuder team!
My team uses Schleuder lists internally quite intensively. Last week I sent my team an email to announce upcoming vacations of mine. The Subject of my message included the "vacation" word. A few days later I learned that my email had been forwarded to list admins as an automated message, but not sent to the list subscribers. That's not very convenient.
I understand this is caused by this code:
```ruby
return true if self.subject.to_s.match(/auto.*reply|vacation|vocation|(out|away).*office|on holiday|abwesenheits|autorespond|Automatische|eingangsbestätigung/i)
```
I suppose that was meant to detect automated "out of office" replies, which makes sense to me, especially for large or public mailing lists. This filter seems a bit over-eager in other contexts, such as a 10-20 people team that needs to actually talk about holidays, vacations, etc. using Schleuder.https://0xacab.org/schleuder/schleuder/-/issues/521signature validation fails for non-subscribers2022-09-29T15:54:39ZPhilipsignature validation fails for non-subscribers## Expected Behavior
A non-subscribers should be able to send a message to a list even when the list enforces signed mail delivery.
## Actual Behavior
Schleuder refuses to process this message with the following error:
```
Command died...## Expected Behavior
A non-subscribers should be able to send a message to a list even when the list enforces signed mail delivery.
## Actual Behavior
Schleuder refuses to process this message with the following error:
```
Command died with status 1:
"/usr/bin/schleuder". Command output: Error: Messages to this
address must be OpenPGP-signed. Kind regards, Your Schleuder system.
```
## Steps to Reproduce the Problem
- Add a persons key to a schleuder list
- Don't subscribe this address
- Configure the list to check signatures (Receive signed only)
- Send a mail to the list from the non-subscribed mail address
- Schleuder successfully devlivers this message
## Specifications
- Version: 3.6.0-3+deb11u1 (mail-gpg 0.4.4-1)
- Installation method (package, gem...): Debian Bullseye package
- Mail client version: Thunderbird 91.11https://0xacab.org/schleuder/schleuder/-/issues/522Add option to track when ($YEAR-$MONTH) a list was "last active"2022-11-13T19:23:33ZgeorgAdd option to track when ($YEAR-$MONTH) a list was "last active"People told, that they would like to see Schleuder being able to track, when, as in $YEAR-$MONTH, a list was "last active", that is, Schleuder handled a mail that was sent to the list by a human, that is, not "automated", either by a sub...People told, that they would like to see Schleuder being able to track, when, as in $YEAR-$MONTH, a list was "last active", that is, Schleuder handled a mail that was sent to the list by a human, that is, not "automated", either by a subscriber or someone outside. This could be achieved via a new boolean list-option, off by default, and a new `date` column `last_active` in the `lists` database table. If this option would be enabled, Schleuder would update the date, whenever a mail as described before is handled.
* `last_active` is probably not really descriptive, and too generic. Something more specific might make sense.
* The database `date` type handles formats such as `YYYY-MM-DD`. Tracking only `YYYY-MM` is probably enough, so `DD` could be hardcoded to `01`.
The use case would be the following: imagine a provider offering Schleuder list hosting. Lists are regularly created. The assumption is that at least some of them are not in use anymore after a certain amount of time. Some of the lists get abandoned, still, the provider holds PII and private keys. To cleanup such data, the database could then be regularly queried and relevant lists deleted.https://0xacab.org/schleuder/schleuder/-/issues/528schleuder should always attempt to fetch keys from the configured keyserver i...2024-01-15T11:14:48ZAndrew Gallagherschleuder should always attempt to fetch keys from the configured keyserver if they are not in the keyringIt should be possible at all stages to get schleuder (particularly schleuder-cli) to fetch missing keys from the configured keyserver, instead of having to provide a file. Ideally it should never be necessary to manage PGP keys by copyin...It should be possible at all stages to get schleuder (particularly schleuder-cli) to fetch missing keys from the configured keyserver, instead of having to provide a file. Ideally it should never be necessary to manage PGP keys by copying files around.
(Similar to but broader in scope than #56)https://0xacab.org/schleuder/schleuder/-/issues/529x-sign-this: is potentially dangerous and should not be enabled by default2024-03-15T08:16:02ZAndrew Gallagherx-sign-this: is potentially dangerous and should not be enabled by defaultx-sign-this: implements an automated notary, which list operators may not wish to expose. In particular, the list key may be abused to sign a malicious or misleading statement, or a request body that could be passed on to another automat...x-sign-this: implements an automated notary, which list operators may not wish to expose. In particular, the list key may be abused to sign a malicious or misleading statement, or a request body that could be passed on to another automated system that uses signatures as an authentication mechanism. While this feature is useful, it should only be enabled by admins who understand the consequences, and should never be enabled by default.https://0xacab.org/schleuder/schleuder/-/issues/533Link to documentation in error emails2024-01-30T12:07:52ZAndrew GallagherLink to documentation in error emailsCurrently, if a subscriber receives an error email (e.g. due to their encryption key being missing/unusable) it is infuriatingly unhelpful:
```
You missed an email from list@lists.example.com because your subscription isn't associated w...Currently, if a subscriber receives an error email (e.g. due to their encryption key being missing/unusable) it is infuriatingly unhelpful:
```
You missed an email from list@lists.example.com because your subscription isn't associated with a (usable) OpenPGP key. Please fix this.
Kind regards,
Your Schleuder system.
```
Please fix this HOW? The email should contain some actual instructions. Even a simple link to the documentation would be an improvement. :-)
(The same logic applies to all other error emails)pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/534Documentation should make it clear that x-add-key must be followed by a blank...2024-03-28T13:55:49ZAndrew GallagherDocumentation should make it clear that x-add-key must be followed by a blank lineWhen using `x-add-key:` to submit an armored key, it does not (always?) work unless you leave a blank line between `x-add-key:` and `-----BEGIN PGP PUBLIC KEY-----`.
Since MUAs tend to reflow paragraphs this is probably sensible, but th...When using `x-add-key:` to submit an armored key, it does not (always?) work unless you leave a blank line between `x-add-key:` and `-----BEGIN PGP PUBLIC KEY-----`.
Since MUAs tend to reflow paragraphs this is probably sensible, but the documentation should mention it. :-)https://0xacab.org/schleuder/schleuder/-/issues/535keywords in the middle of messages get stripped2024-03-15T08:02:56Zdkgkeywords in the middle of messages get strippedSometimes, a user of a schleuder list might send instructions about how to control a schleuder list in a message that went to the list itself.
If the instructions include keywords, those keywords are stripped before re-sending, even if ...Sometimes, a user of a schleuder list might send instructions about how to control a schleuder list in a message that went to the list itself.
If the instructions include keywords, those keywords are stripped before re-sending, even if those keywords are not at the top of the message.
Using schleuder 4.0.3-7 (as packaged in debian stable, version 12.5), i sent the following message to a schleuder list:
```
Please ignore this message, i am trying to debug a possible schleuder
bug.
Here is a schleuder keyword command in the middle of the message text:
X-LIST-NAME: foo@example.org
X-ATTACH-LIST-KEY:
-----BEGIN PGP PUBLIC KEY BLOCK-----
nothing to see here.
And here is some followup text.
--dkg
```
The signed, encrypted version of the message that came back from the list had the expected spliced metadata part:
```
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: [REDACTED SCHLEUDER LIST ADDRESS]
Cc:
Date: Mon, 11 Mar 2024 15:08:50 -0400
Sig: Good signature from BB7E9101495E6BF7 Daniel Kahn Gillmor
Enc: Encrypted
------------------------------------------------------------------------------
```
and the rest of the body said:
```
Please ignore this message, i am trying to debug a possible schleuder
bug.
Here is a schleuder keyword command in the middle of the message text:
nothing to see here.
And here is some followup text.
--dkg
```
It seems to me that keywords that are not at the beginning of the message should be ignored, not stripped.5.0.0pazpaz