Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
schleuder
schleuder
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 97
    • Issues 97
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 0
    • Merge Requests 0
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • schleuder
  • schleuderschleuder
  • Issues
  • #468

Closed
Open
Opened Apr 30, 2020 by fleish@fleish

Schleuder rejecting encrypted messages sent via hosted Exchange @ Rackspace

I'm seeing an issue where Schleuder is failing to decrypt encrypted messages sent via a Microsoft Exchange server hosted by Rackspace. The error that is generated & returned to the sender states the issue is the message was not encrypted to the public key of the list and advises how to fix this:

<test@mylistdomain.com>: Command died with status 1: "/usr/bin/schleuder".
   Command output: Error: Decrypting your message failed. Messages to this
   address must be encrypted with the following key:  pub
   4096R/0E0ADF1813E08293F005ACF4D4CB8709E1DA77CA 2020-04-02 uid
   test@mylistdomain.com <test@mylistdomain.com> uid  test@mylistdomain.com
   <test-owner@mylistdomain.com> uid  test@mylistdomain.com
   <test-request@mylistdomain.com> sub
   4096R/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 2020-04-02 sub
   4096R/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXFXXXXXXXX 2020-04-02   To receive it
   send an email to <test-sendkey@mylistdomain.com>.   Kind regards, Your
   Schleuder system.

However, after digging into this the message in question was in fact encrypted to that public key. I increased logging for the list to debug and got the following:

D, [2020-04-30T19:46:15.454007 #1993] DEBUG -- : Setting GNUPGHOME to /var/lib/schleuder/lists/mylistdomain.com/test
I, [2020-04-30T19:46:15.454645 #1993]  INFO -- : Parsing incoming email.
D, [2020-04-30T19:46:15.699387 #1993] DEBUG -- : Loading pre_decryption filters
D, [2020-04-30T19:46:15.701807 #1993] DEBUG -- : Calling filter forward_bounce_to_admins
D, [2020-04-30T19:46:15.704627 #1993] DEBUG -- : Calling filter forward_all_incoming_to_admins
D, [2020-04-30T19:46:15.704764 #1993] DEBUG -- : Calling filter send_key
D, [2020-04-30T19:46:15.704836 #1993] DEBUG -- : Calling filter fix_exchange_messages
D, [2020-04-30T19:46:15.704908 #1993] DEBUG -- : Calling filter strip_html_from_alternative
W, [2020-04-30T19:46:15.728965 #1993]  WARN -- : Decryption of incoming message failed.

Below is a sanitized copy of one of the raw messages that was sent that got rejected.

From: Exchange User <user@domain.org>
Content-Type: multipart/encrypted;
	boundary="Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5";
	protocol="application/pgp-encrypted"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: testing... 
X-Universally-Unique-Identifier: 1F1FCF22-1D60-4DA6-B4EF-F3F58961980D
Message-Id: <XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX@domain.org>
Date: Wed, 29 Apr 2020 07:31:55 -1000
To: test@mylistdomain.com

This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)
---Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5--
Content-Transfer-Encoding: 7bit
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME Versions Identification

Version: 1

---Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5--
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
	filename=encrypted.asc
Content-Type: application/octet-stream;
	name=encrypted.asc
Content-Description: OpenPGP encrypted message

-----BEGIN PGP MESSAGE-----

PAYLOAD-SANITIZED
-----END PGP MESSAGE-----

--Apple-Mail=_UUID1-_UUID2-_UUID3-_UUID4-_UUID5--

The only other data point I can provide is I was unable to reproduce this using a different hosted Exchange provider @ Serverdata.net. That message came through just fine and was processed & re-mailed to the list subscribers.

Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: schleuder/schleuder#468