Hi,
I just created a RT5 instance using 5.0.0 on Ubuntu 20. I assigned a GPG key to my test queue test-queue, and I use fetchmail to get mails from IMAP inbox into this queue. So now to what’s the problem:
- I send a simple mail to the mail address;
fetchmailcomes by cron job, fetches the mail and a ticket is created; great - I send a signed mail to the mail address;
fetchmailfetches the mail and a ticket is created; the key is not imported, so the sender is unverified in webinterface, but ok so far. When I manually import the key and trust it ultimately, webinterface reflects this properly and I can send an encrypted answer to the ticket - The encrypted answer arrives on ticket creator side; everything is as expected, using RTs public key I can decrypt the message
- Now I send an encrypted answer to RT again (which would result in a new ticket as I have no
commentaction, but for testing purposes this is pretty okay):fetchmailcomes by cron job, fetches the mail and tries to create a ticket; this is what happens:
It hangs on:
/opt/rt5/bin/rt-mailgate: temp file is '/tmp/Hyk8yMvX6A/IbWT0nBTmp'
/opt/rt5/bin/rt-mailgate: connecting to https://<myaddress>/REST/1.0/NoAuth/mail-gateway
A temp file is created in /opt/rt5/var/data/gpg:
.#lk0x000055956cc5a5e0.<hostname>.7204
The number is the PID of a gpg process:
www-data 7204 0.0 0.1 8804 5044 ? SL 15:41 0:00 /usr/bin/gpg --batch --no-tty --homedir /opt/rt5/var/data/gpg --armor --status-fd 37 --logger-fd 41 --passphrase-fd 26 --command-fd 33 --ignore-mdc-error --auto-check-trustdb --passphrase <passphrase_in_cleartext> --keyserver hkp://keys.openpgp.org --auto-key-locate local,keyserver --cert-digest-algo SHA256 --use-agent --digest-algo SHA1 --auto-key-retrieve --debug-level guru --no-permission-warning --pinentry-mode loopback --decrypt
In /var/log/syslog, the only message about this thing is:
[7045] [Thu Jan 21 15:24:21 2021] [debug]: Found part encrypted according to RFC3156 (/opt/rt5/sbin/../lib/RT/Crypt/GnuPG.pm:744)
But what is going on after that? It’s just like a black box.
When timeout is reached, I get this error:
HTTP request failed: 500 read timeout. Your webserver logs may have more information or there may be a network problem.
/opt/rt5/bin/rt-mailgate: undefined server error
fetchmail: MDA returned nonzero status 75
not flushed
But my webserver log reports exactly nothing. gpg processes hang endlessly; they don’t seem to do anything.
strace: Process 7204 attached
write(35, "gpg: DBG: parse_packet(iob=13): "..., 80
When I download msg.asc and put it on the RT host, I can decrypt it as user www-data without any issues btw! Sender’s key is imported, it’s trusted and available. It seems to be gpg itself causing problems, but I’m stuck finding the reason. So any help would be appreciated <3
Regards,
Marianne
PS: this is the GPG related config for RT:
Set(%Crypt,
Incoming => ['GnuPG'],
Outgoing => 'GnuPG',
RejectOnMissingPrivateKey => 0,
RejectOnBadData => 0,
AllowEncryptDataInDB => 0,
);
Set(%GnuPG,
Enable => 1,
GnuPG => '/usr/bin/gpg',
OutgoingMessagesFormat => "RFC",
);
Set(%GnuPGOptions,
'homedir' => q{var/data/gpg},
'passphrase' => '<my_great_passphrase>',
'keyserver' => 'hkp://keys.openpgp.org',
'auto-key-locate' => 'local,keyserver',
'auto-key-retrieve' => undef,
'auto-check-trustdb' => undef,
'use-agent' => undef,
'no-permission-warning' => undef,
'debug-level' => 'guru',
);
And this is fetchmailrc:
poll "my.imap.server" proto imap port 993
user "my@great.address" there with password "<my_great_password>"
options nokeep ssl mda "/opt/rt5/bin/rt-mailgate --url https://<my_address> --queue test-queue --action correspond --debug --no-verify-ssl"
folder 'Inbox'