signature validation fails

I'm having trouble with signature validation.

Expected Behavior

When I send an validly signed and encrypted openpgp/mime message to a lists request address, it should process the request. When I send such a message to a lists normal address, it should put the pseudo-header 'Sig: Good signature [...]'.

Actual Behavior

It outputs "Messages to this address must be encrypted and signed by the key associated with a subscribed address [...]". It replies with a email with the same text. It says "Bad signature" in the pseudo header.

Steps to Reproduce the Problem

  1. set up list with one subscriber who is admin of that list.
  2. pipe a signed and encrypted message from the subscriber to the list into schleuder

Specifications

  • Version: schleuder 4.0.1
  • Installation method (package, gem...): gem
  • Mail client version: I used KMail to create the messages.

Other information

This is the test message I send to the list:

From admin@a Wed Jun 09 16:14:08 2021
From: admin@a
To: list@a
Subject: test
Date: Wed, 09 Jun 2021 18:14:08 +0200
Message-ID: <6066403.5e4LmiuuCV@deepthought>
MIME-Version: 1.0
Content-Type: multipart/encrypted; boundary="nextPart2013499.KfxGTPaf5f"; protocol="application/pgp-encrypted"

--nextPart2013499.KfxGTPaf5f
Content-Type: application/pgp-encrypted
Content-Disposition: attachment
Content-Transfer-Encoding: 7Bit

Version: 1
--nextPart2013499.KfxGTPaf5f
Content-Type: application/octet-stream
Content-Disposition: inline; filename="msg.asc"
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP MESSAGE-----

hQIMAx0nShUMaPCRAQ//f0l0D6hTAYsNxuD5dOCSdio6pniKNXWu+bJnZQG1eGEs
4tG2NreH7VpX9qCDd9ZXb4Dh2tFyhVS0NO/nza/bOjqwI7luLlr7QbaxSemyY06+
d7GVITKVbo/d/iO5UyK8MyOESyLe/u3LydsDKm9aJP/sYjtjatuW9iQyEy9KLkTi
8v2IjAMlK28lcuX0PiXOelU+V6jg5humUT11GWmC3iP7IjUxaPMbdbUNdqnZ2CI3
ZW2N50/AF6CS4laRG1xawNy5c3TyoBR/Owd5tHvjGN7PMTSPE99K6VETMV+RfK3n
ouPYm952mSybmIkZE/uU9SvfPS0vYxAgo+BcnfzpHEKAm5UpEBK3LZ7AJizaCOXK
LAYkK6dR2/38jCLjGm187p2IiJGy57AT2e4rsSXTqW9ywz0ukTC3xzGKuq9NPAu4
LH6dXvEutmFBo1SWObEksYSOmPzCOdcknWl5xhlgPBMzG1mOXaWgkogITl2F/Cta
vuWGSuOZLo+3WEmpSYGKddrrQM0AiWMlPN/Xjh6icIyxNzjFTYP5iRdDCqlGQEPV
s9AAhYDB0sPYDyd03JSAdZrrZOCKu8ezW8KAsiYLoypfTGSbqvLeWPXyAAZcoFTX
dhdZoSPiKsdb9MQ1saAgPS+Gt6RKu/i2tV2ZRhlgUi7VQWeiSPawS8poyNurY3GE
jAMCZeuxTV+KPgEEAIlDW20JIWC/3DQ6j2GJfzosfpYb2FBycohIpJawmvf5b5hH
hTWGwrYlSBrA3xIiC3EFc9EgCJ8vhicDe+xD5dmKywGS7xRqU2a+hNp8k/CA6FLZ
FO4rGtwBGRNor/DN20nwx6PEC9baD0W0SPwqt2CHi6XRomyyMfCarQ7XiA4Y0ukB
rPf+FIIuhYLFRZs1Od6s4uatPZxAjh8yZQ6GAiJ7H2BaT5vERBIXvWDqrGQmA44Q
t35Ey2MFIIx1KQyaeHthlE++loPSEtzSerV+4pAqEz+NiCv4BOxybNHk9S9evOZo
k6fuiLBCw6ezDzSgvQbxVrO3q0wNx2KAe0WWunaVaebQ2iTsOiVKhsL1XANmdta6
rA4avZHHsf+OAFbSyWG9k0tb5PBeQJZCqctKbVgyL2psWDpgHLYkYbMPH58RV1W8
8nM83o1ecSDqswVrUYWVNiTYXKeZf/FUbJJUd996EL7NTm3Y610EtaAXOmmGnjKc
rRnCILQiRHc83/tPMw57qMN7Zf2cwZUU8iPuxnJxlOzapppPrOHA9vllGYj73uxu
MKYJvNpar+pQ/HeyWaz0xlwGLn4qpTUkCVtul0YhsIaErrZi1hNIGlxueYeOtCdr
Z5VOvxvEgLxUnUQwdH5re65xM0cLQaMIDYbOkyAtILUoHEaO0hal76XaI7Ene3wL
iPP7RLIasdj6PgeupuX8pzsGbFnlZatC4jrtoO807k0AYDNpd6RmRzwCONbm3fkH
Hg/ethyjqxwsJjcF65ckW+ofTWgtuFsheujqNQuJ97NAFZPssxPcPLjP94vt9R+J
uXF7bdBqn03qCcMJNJE8p7SPJzhbbkcm2BumTcZec5dMWY4x/IBfJS2vtzJ8RKAw
hZ4EWKsg7t8uXqKyPWuOy+5dOZbm4AyP7TB9jaLN82Jtn+MAy4VDskR+vIa7Gn4Y
ZOHRVMe9lpyLZ1R7yXmO+v/nBAoStBt2jZ2VvLH5SQEIaBmfqxAtZksONhs8nKNo
83SPmpzacXmdbQELy+bRqrgxWTuapmmCI7cMArdXyGxXOzIoYCiV
=Q/1n
-----END PGP MESSAGE-----

--nextPart2013499.KfxGTPaf5f--

This is the decrypted message:

Content-Type: multipart/signed; boundary="nextPart2918540.ARZk9SpqV6"; micalg="pgp-sha256"; protocol="application/pgp-signature"

--nextPart2918540.ARZk9SpqV6
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"; protected-headers="v1"
From: admin@a
To: list@a
Subject: test
Date: Wed, 09 Jun 2021 18:14:07 +0200
Message-ID: <6066403.5e4LmiuuCV@deepthought>

x-list-name: list@a
x-list-keys
--nextPart2918540.ARZk9SpqV6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----

iLMEAAEIAB0WIQSfKcpM8aR1YUksBzfHpUV6NcUAggUCYMDozwAKCRDHpUV6NcUA
go21A/0aprlyFNaG5R82y3eUw24brBzWRSaokE1oTqGO48sjernuCUsInRMobEXi
GRdwZ/oYwzWCtIXtYmxXREsnvtVl1OrNLKxxNJfsuicdvCqZhGQPH5llVb27sueX
90sIJ+vxg1/WtG7zlx/3lZiWw9SggbXgVoDjkJVzllms2fNE5w==
=u5Tv
-----END PGP SIGNATURE-----

--nextPart2918540.ARZk9SpqV6--

Here is information about the test list

me@server:~ $ schleuder-cli keys list list@a
9F29CA4CF1A47561492C0737C7A5457A35C50082 admin@a
7EDF3336CB8BC6D15D461DB5FFF7A04251E7D112 list@a

me@server:~ $ schleuder-cli subscriptions list list@a
admin@a 9F29CA4CF1A47561492C0737C7A5457A35C50082        admin

This is how I put the message into schleuder:

me@server:~ $ cat mailtolist.mbox | sudo -u schleuder schleuder work list-request@a
Error: Messages to this address must be encrypted and signed by the key associated with a subscribed address.

Kind regards,
Your Schleuder system.

This is from /var/log/mail.log

Jun  9 19:00:46 server Schleuder[17753]: Loading list 'list-request@a'
Jun  9 19:00:46 server Schleuder[17753]:  (9.5ms)  SELECT sqlite_version(*)
Jun  9 19:00:46 server Schleuder[17753]: Schleuder::List Load (2.6ms)  SELECT "lists".* FROM "lists" WHERE "lists"."email" = ? ORDER BY "lists"."email" ASC LIMIT ?  [["email", "list@a"], ["LIMIT", 1]]
Jun  9 19:00:47 server Schleuder[17753]: Schleuder::Subscription Load (1.9ms)  SELECT "subscriptions".* FROM "subscriptions" WHERE "subscriptions"."list_id" = ? AND "subscriptions"."admin" = ? ORDER BY "subscriptions"."email" ASC  [["list_id", 12], ["admin", 1]]
Jun  9 19:00:47 server Schleuder[17753]: Schleuder::Subscription Load (1.0ms)  SELECT "subscriptions".* FROM "subscriptions" WHERE "subscriptions"."list_id" = ? AND "subscriptions"."admin" = ? ORDER BY "subscriptions"."email" ASC  [["list_id", 12], ["admin", 1]]
Jun  9 19:00:50 server Schleuder[17753]: Schleuder::Subscription Load (3.1ms)  SELECT "subscriptions".* FROM "subscriptions" WHERE "subscriptions"."list_id" = ? AND "subscriptions"."fingerprint" = ? ORDER BY "subscriptions"."email" ASC LIMIT ?  [["list_id", 12], ["fingerprint", "9F29CA4CF1A47561492C0737C7A5457A35C50082"], ["LIMIT", 1]]

This is the lists log:

D, [2021-06-09T18:46:02.136140 #16993] DEBUG -- : Setting GNUPGHOME to /var/lib/schleuder/lists/a/list
I, [2021-06-09T18:46:02.136829 #16993]  INFO -- : Parsing incoming email.
D, [2021-06-09T18:46:04.245871 #16993] DEBUG -- : Loading pre_decryption filters
D, [2021-06-09T18:46:04.259098 #16993] DEBUG -- : Calling filter forward_bounce_to_admins
D, [2021-06-09T18:46:04.356335 #16993] DEBUG -- : Calling filter forward_all_incoming_to_admins
D, [2021-06-09T18:46:04.357047 #16993] DEBUG -- : Calling filter send_key
D, [2021-06-09T18:46:04.357378 #16993] DEBUG -- : Calling filter fix_exchange_messages
D, [2021-06-09T18:46:04.357698 #16993] DEBUG -- : Calling filter strip_html_from_alternative
D, [2021-06-09T18:46:05.138321 #16993] DEBUG -- : Loading post_decryption filters
D, [2021-06-09T18:46:05.165974 #16993] DEBUG -- : Calling filter request
D, [2021-06-09T18:46:05.166580 #16993] DEBUG -- : Request-message
D, [2021-06-09T18:46:05.167848 #16993] DEBUG -- : Error: Message was not encrypted and validly signed
D, [2021-06-09T18:46:05.170170 #16993] DEBUG -- : Bouncing message

It started this strange behaviour about a month ago, but I didn't immediately noticed. I don't know what caused it to stop working properly. Could be that it came with an system update. I also tried to resend and old E-Mail to an existing mailing list that I had sent earlier which haven't caused any problems, but it produces this error now.adminata-private-nopass.asc

update: The password of the subscribers private key is 'pass'

Edited by pony hütchen