Skip to content

GitLab

Closed
Opened by fleish@fleish

Schleuder rejecting encrypted messages sent via hosted Exchange @ Rackspace

I'm seeing an issue where Schleuder is failing to decrypt encrypted messages sent via a Microsoft Exchange server hosted by Rackspace. The error that is generated & returned to the sender states the issue is the message was not encrypted to the public key of the list and advises how to fix this:

<test@mylistdomain.com>: Command died with status 1: "/usr/bin/schleuder".
   Command output: Error: Decrypting your message failed. Messages to this
   address must be encrypted with the following key:  pub
   4096R/0E0ADF1813E08293F005ACF4D4CB8709E1DA77CA 2020-04-02 uid
   test@mylistdomain.com <test@mylistdomain.com> uid  test@mylistdomain.com
   <test-owner@mylistdomain.com> uid  test@mylistdomain.com
   <test-request@mylistdomain.com> sub
   4096R/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 2020-04-02 sub
   4096R/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXFXXXXXXXX 2020-04-02   To receive it
   send an email to <test-sendkey@mylistdomain.com>.   Kind regards, Your
   Schleuder system.

However, after digging into this the message in question was in fact encrypted to that public key. I increased logging for the list to debug and got the following:

D, [2020-04-30T19:46:15.454007 #1993] DEBUG -- : Setting GNUPGHOME to /var/lib/schleuder/lists/mylistdomain.com/test
I, [2020-04-30T19:46:15.454645 #1993]  INFO -- : Parsing incoming email.
D, [2020-04-30T19:46:15.699387 #1993] DEBUG -- : Loading pre_decryption filters
D, [2020-04-30T19:46:15.701807 #1993] DEBUG -- : Calling filter forward_bounce_to_admins
D, [2020-04-30T19:46:15.704627 #1993] DEBUG -- : Calling filter forward_all_incoming_to_admins
D, [2020-04-30T19:46:15.704764 #1993] DEBUG -- : Calling filter send_key
D, [2020-04-30T19:46:15.704836 #1993] DEBUG -- : Calling filter fix_exchange_messages
D, [2020-04-30T19:46:15.704908 #1993] DEBUG -- : Calling filter strip_html_from_alternative
W, [2020-04-30T19:46:15.728965 #1993]  WARN -- : Decryption of incoming message failed.

Below is a sanitized copy of one of the raw messages that was sent that got rejected.

From: Exchange User <user@domain.org>
Content-Type: multipart/encrypted;
	boundary="Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5";
	protocol="application/pgp-encrypted"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: testing... 
X-Universally-Unique-Identifier: 1F1FCF22-1D60-4DA6-B4EF-F3F58961980D
Message-Id: <XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX@domain.org>
Date: Wed, 29 Apr 2020 07:31:55 -1000
To: test@mylistdomain.com

This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)
---Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5--
Content-Transfer-Encoding: 7bit
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME Versions Identification

Version: 1

---Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5--
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
	filename=encrypted.asc
Content-Type: application/octet-stream;
	name=encrypted.asc
Content-Description: OpenPGP encrypted message

-----BEGIN PGP MESSAGE-----

PAYLOAD-SANITIZED
-----END PGP MESSAGE-----

--Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5--

The only other data point I can provide is I was unable to reproduce this using a different hosted Exchange provider @ Serverdata.net. That message came through just fine and was processed & re-mailed to the list subscribers.