schleuder issueshttps://0xacab.org/schleuder/schleuder/-/issues2024-03-15T08:02:56Zhttps://0xacab.org/schleuder/schleuder/-/issues/535keywords in the middle of messages get stripped2024-03-15T08:02:56Zdkgkeywords in the middle of messages get strippedSometimes, a user of a schleuder list might send instructions about how to control a schleuder list in a message that went to the list itself.
If the instructions include keywords, those keywords are stripped before re-sending, even if ...Sometimes, a user of a schleuder list might send instructions about how to control a schleuder list in a message that went to the list itself.
If the instructions include keywords, those keywords are stripped before re-sending, even if those keywords are not at the top of the message.
Using schleuder 4.0.3-7 (as packaged in debian stable, version 12.5), i sent the following message to a schleuder list:
```
Please ignore this message, i am trying to debug a possible schleuder
bug.
Here is a schleuder keyword command in the middle of the message text:
X-LIST-NAME: foo@example.org
X-ATTACH-LIST-KEY:
-----BEGIN PGP PUBLIC KEY BLOCK-----
nothing to see here.
And here is some followup text.
--dkg
```
The signed, encrypted version of the message that came back from the list had the expected spliced metadata part:
```
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: [REDACTED SCHLEUDER LIST ADDRESS]
Cc:
Date: Mon, 11 Mar 2024 15:08:50 -0400
Sig: Good signature from BB7E9101495E6BF7 Daniel Kahn Gillmor
Enc: Encrypted
------------------------------------------------------------------------------
```
and the rest of the body said:
```
Please ignore this message, i am trying to debug a possible schleuder
bug.
Here is a schleuder keyword command in the middle of the message text:
nothing to see here.
And here is some followup text.
--dkg
```
It seems to me that keywords that are not at the beginning of the message should be ignored, not stripped.5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/498undefined method `has_content_type?' for nil:NilClass2022-04-11T21:47:51Zngundefined method `has_content_type?' for nil:NilClassthis looks similar to #458 but it was seen on a 3.5.3 schleuder installation.
```
undefined method `has_content_type?' for nil:NilClass
/opt/schleuder/bundler/ruby/2.7.0/gems/mail-gpg-0.4.2/lib/mail/gpg/sign_part.rb:22:in `verify_signat...this looks similar to #458 but it was seen on a 3.5.3 schleuder installation.
```
undefined method `has_content_type?' for nil:NilClass
/opt/schleuder/bundler/ruby/2.7.0/gems/mail-gpg-0.4.2/lib/mail/gpg/sign_part.rb:22:in `verify_signature'
/opt/schleuder/bundler/ruby/2.7.0/gems/mail-gpg-0.4.2/lib/mail/gpg/mime_signed_message.rb:9:in `setup'
/opt/schleuder/bundler/ruby/2.7.0/gems/mail-gpg-0.4.2/lib/mail/gpg.rb:144:in `verify'
/opt/schleuder/bundler/ruby/2.7.0/gems/mail-gpg-0.4.2/lib/mail/gpg/message_patch.rb:91:in `verify'
/opt/schleuder/lib/schleuder/mail/message.rb:31:in `setup'
/opt/schleuder/lib/schleuder/runner.rb:38:in `run'
/opt/schleuder/lib/schleuder/cli.rb:36:in `work'
/opt/schleuder/bundler/ruby/2.7.0/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
/opt/schleuder/bundler/ruby/2.7.0/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
/opt/schleuder/bundler/ruby/2.7.0/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
/opt/schleuder/bundler/ruby/2.7.0/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
/opt/schleuder/bin/schleuder:13:in `<top (required)>'
/opt/schleuder/bundler/ruby/2.7.0/bin/schleuder:23:in `load'
/opt/schleuder/bundler/ruby/2.7.0/bin/schleuder:23:in `<top (required)>'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `load'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `kernel_load'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:28:in `run'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:476:in `exec'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor.rb:399:in `dispatch'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:30:in `dispatch'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/base.rb:476:in `start'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/cli.rb:24:in `start'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/libexec/bundle:46:in `block in <top (required)>'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/lib/bundler/friendly_errors.rb:123:in `with_friendly_errors'
/opt/rh/rh-ruby27/root/usr/share/gems/gems/bundler-2.1.4/libexec/bundle:34:in `<top (required)>'
/opt/rh/rh-ruby27/root/usr/bin/bundle:23:in `load'
/opt/rh/rh-ruby27/root/usr/bin/bundle:23:in `<main>'
```
Original email is available. Will need to validate it with schleuder 4 and then also whether I can easily reproduce it.ngnghttps://0xacab.org/schleuder/schleuder/-/issues/474Inform user if unknown keyword was encountered and keyword-processing aborted2020-06-17T11:46:38ZgeorgInform user if unknown keyword was encountered and keyword-processing abortedThe current code correctly checks for unknown keywords and prepares an error message. However, this error message isn't passed back to the user.The current code correctly checks for unknown keywords and prepares an error message. However, this error message isn't passed back to the user.Next Big Thinghttps://0xacab.org/schleuder/schleuder/-/issues/456Wrong permissions after Installation from gem2020-05-26T13:25:57ZMichael WodniokWrong permissions after Installation from gem## Expected Behavior
schleuder-api-daemon runs with out errors as non-root.
## Actual Behavior
schleuder-api-daemon dies with stacktraces like in "Other information". The workaround is to run a `chmod -R a+x /var/lib/gems/2.5.0/gems/sch...## Expected Behavior
schleuder-api-daemon runs with out errors as non-root.
## Actual Behavior
schleuder-api-daemon dies with stacktraces like in "Other information". The workaround is to run a `chmod -R a+x /var/lib/gems/2.5.0/gems/schleuder-3.4.1/lib` (on Ubuntu 18.04).
## Steps to Reproduce the Problem
1. Install from gem as root on your system including `schleuder install`
2. Try to start schleuder-api-daemon as non-root
## Specifications
- Version: 3.4.1
- Installation method (package, gem...): gem
- Mail client version: non-relevant
## Other information
Stacktrace:
```
Traceback (most recent call last):
13: from /usr/local/bin/schleuder-api-daemon:23:in `<main>'
12: from /usr/local/bin/schleuder-api-daemon:23:in `load'
11: from /var/lib/gems/2.5.0/gems/schleuder-3.4.1/bin/schleuder-api-daemon:4:in `<top (required)>'
10: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
9: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
8: from /var/lib/gems/2.5.0/gems/schleuder-3.4.1/lib/schleuder-api-daemon.rb:11:in `<top (required)>'
7: from /var/lib/gems/2.5.0/gems/backports-3.16.0/lib/backports/std_lib.rb:9:in `require_with_backports'
6: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
5: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
4: from /var/lib/gems/2.5.0/gems/schleuder-3.4.1/lib/schleuder.rb:23:in `<top (required)>'
3: from /var/lib/gems/2.5.0/gems/backports-3.16.0/lib/backports/std_lib.rb:9:in `require_with_backports'
2: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:39:in `require'
1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:135:in `rescue in require'
/usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:135:in `require': cannot load such file -- schleuder/mail/parts_list.rb (LoadError)
```https://0xacab.org/schleuder/schleuder/-/issues/421schleuder fails to warn about expiring member subkeys2020-06-26T13:41:58Zo-schleuder fails to warn about expiring member subkeysThe periodic key expiry reminders from schleuder do not consider expiring subkeys.
What I would expect is that schleuder
* if the master key has no `[E]` capability, warns if all encryption subkeys expire (because then it can't send mai...The periodic key expiry reminders from schleuder do not consider expiring subkeys.
What I would expect is that schleuder
* if the master key has no `[E]` capability, warns if all encryption subkeys expire (because then it can't send mails to me anymore)
* if the master key has no `[S]` capability, warn if all sign subkey expire (because then I can't send authenticated mails to schleuder anymore).
What actually happens is, without warning the key becomes non-functional and cannot be updated by the user anymore.
As an example consider 0x8F4E6C91F62F3B4E (on sks keyservers). On this key the master key never expires, but the sign and encryption subkeys do.
```
pub rsa4096/0x8F4E6C91F62F3B4E 2016-09-02 [C]
...
sub rsa4096/0xBFDB552FFC4A9191 2019-02-23 [S] [expires: 2020-02-23]
sub rsa4096/0x2E851CD5B07AF0D4 2019-02-23 [E] [expires: 2020-02-23]
```
To create such a key for testing:
1. create a key without expiry and edit:
2. remove subkey with `key 1\n delkey`
3. remove S capability with `change-usage`
4. add expiring E subkey with `addkey` (6)
5. add expiring S subkey with `addkey` (4)Futurehttps://0xacab.org/schleuder/schleuder/-/issues/394Automated messags are still forwarded to the list admin although list bounce/...2020-01-02T21:05:55ZngAutomated messags are still forwarded to the list admin although list bounce/drop notification disabledSchleuder 3.3.0
You can disable notifications to list admins on bounces/drops:
https://0xacab.org/schleuder/schleuder/blob/master/etc/list-defaults.yml#L91
`# Send a notice to the list-admins whenever an email is bounced or dropped?`
...Schleuder 3.3.0
You can disable notifications to list admins on bounces/drops:
https://0xacab.org/schleuder/schleuder/blob/master/etc/list-defaults.yml#L91
`# Send a notice to the list-admins whenever an email is bounced or dropped?`
But this only has an effect within the filter runner itself, but is not respected when receiving automated messages:
https://0xacab.org/schleuder/schleuder/blob/master/lib/schleuder/filters/pre_decryption/10_forward_bounce_to_admins.rb
=> Either we should also check there whether bounce notification is enabled and respect it or if the option seems not appropriate, we should add another setting, as list admins can easily be spammed through lots of automated messages.https://0xacab.org/schleuder/schleuder/-/issues/376Harmonize output of keywords that deal with keys2020-01-04T12:51:37ZgeorgHarmonize output of keywords that deal with keysI've used `x-fetch-key` with a capitalized fingerprint argument, and got, in return a message containing the lowercased fingerprint. We should probably harmonize this, so the output matches the input.
Not sure, but maybe this applies to...I've used `x-fetch-key` with a capitalized fingerprint argument, and got, in return a message containing the lowercased fingerprint. We should probably harmonize this, so the output matches the input.
Not sure, but maybe this applies to spaces, too.
Any opinions?Futurehttps://0xacab.org/schleuder/schleuder/-/issues/375Handle space-separated fingerprints for all relevant keywords2020-01-04T12:51:15ZgeorgHandle space-separated fingerprints for all relevant keywordsIn version `3.2.0`, we introduced spaces-separated fingerprint support for `x-subscribe`.
We should probably revisit this for the other relevant keywords, too. I just did `x-fetch-key` with such a fingerprint, and got, in return, ten ti...In version `3.2.0`, we introduced spaces-separated fingerprint support for `x-subscribe`.
We should probably revisit this for the other relevant keywords, too. I just did `x-fetch-key` with such a fingerprint, and got, in return, ten times the message: `Invalid input. Allowed are: URLs, OpenPGP-fingerprints, or email-addresses.`. I'm not sure, and didn't checked, if this is an issue for other keywords too, but I guess so.
OTOH, as we spoke about "being implicit", I wonder if parsing fingerprints with spaces is maybe error prone?
Still, if we do, we should be consistent. Tagging this for `4.0` for now, and labeling as `bug`.
Any opinions?Futurehttps://0xacab.org/schleuder/schleuder/-/issues/355An email with multiple signatures throws an error2019-01-20T19:58:41ZngAn email with multiple signatures throws an errorIf somebody signs their email with multiple keys, schleuder is at the moment not able to handle the multiple signaures and will just throw an error:
https://0xacab.org/schleuder/schleuder/blob/master/lib/schleuder/mail/message.rb#L145
...If somebody signs their email with multiple keys, schleuder is at the moment not able to handle the multiple signaures and will just throw an error:
https://0xacab.org/schleuder/schleuder/blob/master/lib/schleuder/mail/message.rb#L145
Such an email will be bounced. We had someone who (accidentally) signed their message with 2 keys and wasn't able to send mails to any schleuder.
The major issue with it, is that bouncing the mail is technicall (as we are throwing an error) the right thing to happen. However, it is not very userfriendly and requires involvment of a superadmin to interprete the thrown error message. At least this should have a much better message for users to be able to detect what went wrong.
Additionally, we should probably discuss if throwing an error is the right thing to do. While I can think of reasons why an error should be raised - e.g. as the multiple signatures were for different parts - I still think we can do better. Also I think, we actually slightly changed how we work now and the double signatures should be less of a problem, since we merged
!172
We should make sure, that we only verify signatures around the whole message (or only treat correctly signed parts of the message as trusted), but still allow for multiple signatures on them. We should still be able to match for the right signature, while making sure you cannot craft messages to inject content that we trust to be signed properly, although the signature was for a different part.
While the reason for this report was an accident, I still think there is someone out there who has legitimate reasons to sign an email with 2 keys.https://0xacab.org/schleuder/schleuder/-/issues/247Make LoggerNotification#notify_admin respect send_encrypted_only2020-01-04T19:41:22ZpazMake LoggerNotification#notify_admin respect send_encrypted_onlyCurrently it sends out messages in the clear if no usable key is found for the respective admin, regardless of the list's setting of `send_encrypted_only`.Currently it sends out messages in the clear if no usable key is found for the respective admin, regardless of the list's setting of `send_encrypted_only`.Futurehttps://0xacab.org/schleuder/schleuder/-/issues/146User IDs should be simple e-mail addresses2019-02-02T10:42:24ZdkgUser IDs should be simple e-mail addressesSchleuder appears to generate OpenPGP certificates with User IDs like:
test@foo.example.biz <test@foo.example.biz>
This is unnecessary. If you're just going to have an e-mail address,
Schleuder should just create a simple user...Schleuder appears to generate OpenPGP certificates with User IDs like:
test@foo.example.biz <test@foo.example.biz>
This is unnecessary. If you're just going to have an e-mail address,
Schleuder should just create a simple user ID with only that e-mail
address in it:
test@foo.example.biz