schleuder issueshttps://0xacab.org/schleuder/schleuder/-/issues2022-09-29T15:54:39Zhttps://0xacab.org/schleuder/schleuder/-/issues/521signature validation fails for non-subscribers2022-09-29T15:54:39ZPhilipsignature validation fails for non-subscribers## Expected Behavior
A non-subscribers should be able to send a message to a list even when the list enforces signed mail delivery.
## Actual Behavior
Schleuder refuses to process this message with the following error:
```
Command died...## Expected Behavior
A non-subscribers should be able to send a message to a list even when the list enforces signed mail delivery.
## Actual Behavior
Schleuder refuses to process this message with the following error:
```
Command died with status 1:
"/usr/bin/schleuder". Command output: Error: Messages to this
address must be OpenPGP-signed. Kind regards, Your Schleuder system.
```
## Steps to Reproduce the Problem
- Add a persons key to a schleuder list
- Don't subscribe this address
- Configure the list to check signatures (Receive signed only)
- Send a mail to the list from the non-subscribed mail address
- Schleuder successfully devlivers this message
## Specifications
- Version: 3.6.0-3+deb11u1 (mail-gpg 0.4.4-1)
- Installation method (package, gem...): Debian Bullseye package
- Mail client version: Thunderbird 91.11https://0xacab.org/schleuder/schleuder/-/issues/507Carriage-return (^M) added to end of all lines when email sent to Schleuder ...2022-09-13T17:18:00ZCody BrownsteinCarriage-return (^M) added to end of all lines when email sent to Schleuder using Mutt## Expected Behavior
When using Mutt (and all other MUAs) to send an email to Schleuder, Schleuder will send the email unmodified.
## Actual Behavior
When using Mutt 2.1.4 (2021-12-11) (and older versions of Mutt) + gpg (GnuPG) 2.2.27...## Expected Behavior
When using Mutt (and all other MUAs) to send an email to Schleuder, Schleuder will send the email unmodified.
## Actual Behavior
When using Mutt 2.1.4 (2021-12-11) (and older versions of Mutt) + gpg (GnuPG) 2.2.27 (and older versions of gpg) to send an email to Schleuder, Schleuder will send the email with a carriage-return (^M) added to the end of every line. This starts with the very first line of the email (the beginning of the email headers) and ends with the very last line of the email.
## Steps to Reproduce the Problem
1. Use Mutt + gpg to send an email to Schleuder.
## Specifications
- Version: 3.4.0
- Installation method (package, gem...): `apt install`
- Mail client version: Mutt 2.1.4 (2021-12-11) (and older versions of Mutt) + gpg (GnuPG) 2.2.27 (and older versions of gpg)
## Other information
I can provide samples of original emails sent to Schleuder and the same emails modified and sent by Schleuder.https://0xacab.org/schleuder/schleuder/-/issues/444Previously expired key apparently not being updated during weekly refresh_key...2020-03-03T21:06:18ZfleishPreviously expired key apparently not being updated during weekly refresh_keys run, continues to be reported as expired by weekly check_keys runMostly SSIA. I have a list where the user's key has expired and the weekly cron runs for check_keys keeps reporting that they key is still expired based on the now passed date, despite there being an updated key available on the SKS netw...Mostly SSIA. I have a list where the user's key has expired and the weekly cron runs for check_keys keeps reporting that they key is still expired based on the now passed date, despite there being an updated key available on the SKS network with an extended expiration date set in the future.https://0xacab.org/schleuder/schleuder/-/issues/350Introduce systemd features to improve security2020-02-08T14:03:27ZgeorgIntroduce systemd features to improve securitysystemd supports features like `ReadOnlyDirectories` and dropping capabilities. We should make use of them, to improve the security of the overall system.
One caveat, tough: AFAIK, different versions of systemd support different "dropp...systemd supports features like `ReadOnlyDirectories` and dropping capabilities. We should make use of them, to improve the security of the overall system.
One caveat, tough: AFAIK, different versions of systemd support different "droppable" capabilites. If one is using a list of capabilites and only one of them isn't supported, all of them are ignored.
This needs research and further discussion, for now that's just a starting point to keep track of it (and to counter my bad memory..)Next Big Thinggeorggeorghttps://0xacab.org/schleuder/schleuder/-/issues/278Introduce and ship apparmor profile2020-01-02T23:33:05ZgeorgIntroduce and ship apparmor profileCurrently this does get evaluated, but it seems, Debian will enable apparmor by default in the next release buster. We should ship a profile to make use of that and strengthen the security of the overall system.Currently this does get evaluated, but it seems, Debian will enable apparmor by default in the next release buster. We should ship a profile to make use of that and strengthen the security of the overall system.Next Big Thinggeorggeorg