Schleuder rejecting encrypted messages sent via hosted Exchange @ Rackspace
I'm seeing an issue where Schleuder is failing to decrypt encrypted messages sent via a Microsoft Exchange server hosted by Rackspace. The error that is generated & returned to the sender states the issue is the message was not encrypted to the public key of the list and advises how to fix this:
<test@mylistdomain.com>: Command died with status 1: "/usr/bin/schleuder".
Command output: Error: Decrypting your message failed. Messages to this
address must be encrypted with the following key: pub
4096R/0E0ADF1813E08293F005ACF4D4CB8709E1DA77CA 2020-04-02 uid
test@mylistdomain.com <test@mylistdomain.com> uid test@mylistdomain.com
<test-owner@mylistdomain.com> uid test@mylistdomain.com
<test-request@mylistdomain.com> sub
4096R/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 2020-04-02 sub
4096R/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXFXXXXXXXX 2020-04-02 To receive it
send an email to <test-sendkey@mylistdomain.com>. Kind regards, Your
Schleuder system.
However, after digging into this the message in question was in fact encrypted to that public key. I increased logging for the list to debug and got the following:
D, [2020-04-30T19:46:15.454007 #1993] DEBUG -- : Setting GNUPGHOME to /var/lib/schleuder/lists/mylistdomain.com/test
I, [2020-04-30T19:46:15.454645 #1993] INFO -- : Parsing incoming email.
D, [2020-04-30T19:46:15.699387 #1993] DEBUG -- : Loading pre_decryption filters
D, [2020-04-30T19:46:15.701807 #1993] DEBUG -- : Calling filter forward_bounce_to_admins
D, [2020-04-30T19:46:15.704627 #1993] DEBUG -- : Calling filter forward_all_incoming_to_admins
D, [2020-04-30T19:46:15.704764 #1993] DEBUG -- : Calling filter send_key
D, [2020-04-30T19:46:15.704836 #1993] DEBUG -- : Calling filter fix_exchange_messages
D, [2020-04-30T19:46:15.704908 #1993] DEBUG -- : Calling filter strip_html_from_alternative
W, [2020-04-30T19:46:15.728965 #1993] WARN -- : Decryption of incoming message failed.
Below is a sanitized copy of one of the raw messages that was sent that got rejected.
From: Exchange User <user@domain.org>
Content-Type: multipart/encrypted;
boundary="Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5";
protocol="application/pgp-encrypted"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: testing...
X-Universally-Unique-Identifier: 1F1FCF22-1D60-4DA6-B4EF-F3F58961980D
Message-Id: <XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX@domain.org>
Date: Wed, 29 Apr 2020 07:31:55 -1000
To: test@mylistdomain.com
This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)
---Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5--
Content-Transfer-Encoding: 7bit
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME Versions Identification
Version: 1
---Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5--
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename=encrypted.asc
Content-Type: application/octet-stream;
name=encrypted.asc
Content-Description: OpenPGP encrypted message
-----BEGIN PGP MESSAGE-----
PAYLOAD-SANITIZED
-----END PGP MESSAGE-----
--Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5--
The only other data point I can provide is I was unable to reproduce this using a different hosted Exchange provider @ Serverdata.net. That message came through just fine and was processed & re-mailed to the list subscribers.