Bounce messages containing the full outgoing messages are not detected as bounce
At the moment we have the following flow:
Schleuder::Runner.run:
- setup_list
- parse mail (
@mail = Mail.new(msg)
) https://0xacab.org/schleuder/schleuder/blob/master/lib/schleuder/runner.rb#L10 - setup mail (
@mail.setup(...)
) https://0xacab.org/schleuder/schleuder/blob/master/lib/schleuder/runner.rb#L11 - run the filters https://0xacab.org/schleuder/schleuder/blob/master/lib/schleuder/runner.rb#L10
However, we only try to detect if a message is a bounce/automated_message in the bounce filter. But, in setup_mail we already try to decrypt the email, if it is detected as an encrypted email. Which happens right after we normalized the message https://0xacab.org/schleuder/schleuder/blob/master/lib/schleuder/mail/message.rb#L15 and we end up in that code path if the message was detected as encrypted https://0xacab.org/schleuder/schleuder/blob/master/lib/schleuder/mail/message.rb#L14 , which is completely delegated to mail-gpg https://0xacab.org/schleuder/schleuder/blob/master/lib/schleuder/mail/message.rb#L128
In mail-gpg this either tries to detect the message as pgp/mime ( https://github.com/jkraemer/mail-gpg/blob/8ee91e49bdcff0a59a9952d45bb4f2c23525747d/lib/mail/gpg.rb#L85-L89 - which it is not, as the original pgp/mime message is wrapped in the bounce) or an inline pgp message (https://github.com/jkraemer/mail-gpg/blob/8ee91e49bdcff0a59a9952d45bb4f2c23525747d/lib/mail/gpg.rb#L85-L89 which will be true as one of the parts (the wrapped message that bounced) contains the magic PGP MESSAGE
strings.
As the message is detected as encrypted schleuder tries to decrypt it, but fails as the outgoing message was only encrypted with the recipient's key. And this triggers another bounce of schleuder, reporting that decrypting the message failed. But as this is a double bounce MTAs will start freezing these messages.
So this is definitely a problematic behavior of mail-gpg, however it is quite hard to detect that correctly. E.g. mail-gpg could try to see if the matched part is not a pgp/mime message, but this becomes endless. And anyways we really should detect earlier whether a message is a bounce or not.
2 options:
- Take the bounce filter out of the filters and do it earlier.
- Don't try to decrypt the message if it is a bounce and then let the bounce filter later pick up the actual duty.
While the second option would mean minimal change (skip https://0xacab.org/schleuder/schleuder/blob/master/lib/schleuder/mail/message.rb#L14-28 if it's an automated message) it would in my opinion obscure the bounce handling and make it less readable. Also it would require us to make the setup method handling even more possible codepaths and return codes. Hence I would suggest to take the bounce filter out of the filters and actually do that after parsing the mail (which is when the list is setup). It might require more code changes (like setting the recipient to the @mail
before doing that), but is in my opinion at the right place.