Hi everyone,
I'm not sure what exactly is going on here.
An external sender did send an email which is PGP Inline encrypted with our public key.
His attached public key has been automatically imported but not trusted yet, as there
is no automatic mechanism to do so.
Cipermail Version 5.0.4
The log states:
06 Aug 2021 10:47:05 | INFO incoming; MailID: 96a3f2d1-a2ac-46da-abfd-
f1afda2de434; Recipients: [example(a)domain.tld]; Originator:
sender(a)external.tld; Sender: sender(a)external.tld; Remote address:
XXX.XXX.XXX.XXX; Subject: Some Subject; Message-ID:
<5285c5f4d0274c328350c62b0d49dd38(a)FDSFSDAFASDFA.com>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
06 Aug 2021 10:47:05 | INFO Subject filter is disabled for the sender;
MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients:
[example(a)domain.tld] (mitm.application.djigzo.james.mailets.Default)
[Spool Thread #2]
06 Aug 2021 10:47:05 | INFO To internal recipient(s); MailID:
96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients: [example(a)domain.tld]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
06 Aug 2021 10:47:05 | WARN PGP/INLINE signature was not valid;
Failure message: Public key not found in trust list.; MailID: 96a3f2d1-
a2ac-46da-abfd-f1afda2de434
(mitm.common.security.openpgp.PGPRecursiveValidatingMIMEHandler) [Spool
Thread #2]
06 Aug 2021 10:47:05 | WARN PGP/INLINE signed message contained mixed
content; MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434
(mitm.common.security.openpgp.PGPRecursiveValidatingMIMEHandler) [Spool
Thread #2]
06 Aug 2021 10:47:05 | INFO Message has been PGP decrypted; MailID:
96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients: [example(a)domain.tld]
(mitm.application.djigzo.james.mailets.PGPHandler) [Spool Thread #2]
06 Aug 2021 10:47:05 | INFO Message handling is finished. Sending to
final recipient(s); MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434;
Recipients: [example(a)domain.tld]; Originator: sender(a)external.tld;
Sender: sender(a)external.tld; Remote address: XXX.XXX.XXX.XXX; Subject:
Some Subject; Message-ID:
<5285c5f4d0274c328350c62b0d49dd38(a)FDSFSDAFASDFA.com>;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
One line says "Failure message: Public key not found in trust list" but
the following message says "Message has been PGP decrypted".
Still the mail reaches the user mailbox in encrypted sate.
Either the obviously wrong success message is a bug or something i
don't understand is going on.
I have to correct myself.
The PGP Inline encrypted Content is indeed decrypted but attached as an attachment "encrypted".
The sender uses Totemo_TrustMail_(Notification)
The original message content is like this:
------=_Part_34700_1880177232.1629388338865
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="----=_Part_34699_875602842.1629388338865"
------=_Part_34699_875602842.1629388338865
Content-Type: application/pgp-encrypted
Content-Transfer-Encoding: 7bit
Version: 1
------=_Part_34699_875602842.1629388338865
Content-Type: application/octet-stream; name=encrypted.asc
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="encrypted.asc"
-----BEGIN PGP MESSAGE-----
Version: OpenPGP totemomail
Comment: totemomail OpenPGP - http://www.totemo.com
hQIOAxnCqmWiKwVUEAgA1W13kwTcI2vAlZbGF+Dss1MD/99eQLDcKIXcrq4XSiUx
DRtX7jdsoVuARJxmqUVqJzRhkOsFj7WTK+7lCj+IL3SG/wges0Oqc/kpXcOc5423
...
I never dealt with PGP Inline before but i would expect that the decrypted "Inline" content is inserted right in the message instead of beieng attach as an attachment.
Regards
Wilson
I have to correct myself.
The PGP Inline encrypted Content is indeed decrypted but attached as
an attachment "encrypted".
The sender uses Totemo_TrustMail_(Notification)
The original message content is like this:
------=_Part_34700_1880177232.1629388338865
Content-Type: multipart/encrypted; protocol="application/pgp-
encrypted";
boundary="----=_Part_34699_875602842.1629388338865"
------=_Part_34699_875602842.1629388338865
Content-Type: application/pgp-encrypted
Content-Transfer-Encoding: 7bit
Version: 1
------=_Part_34699_875602842.1629388338865
Content-Type: application/octet-stream; name=encrypted.asc
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="encrypted.asc"
-----BEGIN PGP MESSAGE-----
Version: OpenPGP totemomail
Comment: totemomail OpenPGP - http://www.totemo.com
hQIOAxnCqmWiKwVUEAgA1W13kwTcI2vAlZbGF+Dss1MD/99eQLDcKIXcrq4XSiUx
DRtX7jdsoVuARJxmqUVqJzRhkOsFj7WTK+7lCj+IL3SG/wges0Oqc/kpXcOc5423
...
I never dealt with PGP Inline before but i would expect that the
decrypted "Inline" content is inserted right in the message instead
of beieng attach as an attachment.
This can only happen if the email is not detected as being PGP/MIME
encoded. If the email is not detected as PGP/MIME it will treat the
MIME part as PGP/INLINE.
You said:
The original message content
Are the reported headers the outer headers, i.e., the top headers? Or
are these headers from a MIME part?
Can you send the complete full headers?
Kind regards,
Martijn Brinkers
···
On Thu, 2021-08-19 at 16:07 +0000, wilson.meier--- via Users wrote:
--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger
Hi,
sorry, I've been in vacation.
This ist the full (obfuscated) Email.
Return-Path: <>
Received: from [x.x.x.x] ([x.x.x.x]) by mx.kundenserver.de
(mxeue112 [x.x.x.x]) with ESMTPS (Nemesis) id 1MYOma-1mc4Z70XGE-00VLt4
for <recipient(a)domain.ltd>; Thu, 19 Aug 2021 17:52:19 +0200
Received: from mail1.someserver.com ([x.x.x.x]) by mx.kundenserver.de
(mxeue112 [x.x.x.x]) with ESMTPS (Nemesis) id 1MVtwJ-1mgDIs0Uzd-00RnFN
for <recipient(a)domain.ltd>; Thu, 19 Aug 2021 17:52:19 +0200
DomainKey-Signature: <snip>
DKIM-Signature: <snip>
IronPort-SDR: <snip>
Received: from someserver.com ([x.x.x.x])
by someserver.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Aug 2021 15:52:18 +0000
Received: from someserver.com.dir ([x.x.x.x]) by
someserver.com.dir ([x.x.x.x]) with Microsoft SMTP Server id
15.01.2308.014; Thu, 19 Aug 2021 17:52:18 +0200
Received: from someserver.com.dir (x.x.x.x) by
someserver.com.dir (x.x.x.x) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2308.14; Thu, 19 Aug 2021 17:52:18 +0200
Received: from unknown (HELO smtp-someserver.com.domain-dns.net) ([x.x.x.x])
by someserver.com with ESMTP/TLS/AES256-GCM-SHA384; 19 Aug 2021 15:52:18 +0000
Received: from x.x.x.x ([x.x.x.x])
by someserver.com (Totemo SMTP Server) with SMTP ID 148
for <recipient(a)domain.ltd>;
Thu, 19 Aug 2021 17:52:18 +0200 (CEST)
···
Date: Thu, 19 Aug 2021 15:52:18 +0000
From: <sender(a)domain.ltd>
To: <recipient(a)domain.ltd>
Message-ID: <429a1d2930104944821de2e646543647(a)someserver.com.dir>
In-Reply-To: <DFF5C6771797AC45BE445EFB2B4C9F310184853B0C(a)domain.ltd>
References: <DFF5C6771797AC45BE445EFB2B4C9F310184811BC5(a)domain.ltd>
<a8a44af7e8f947d8ab732cb485f82386(a)domain.de>,<DFF5C6771797AC45BE445EFB2B4C9F310184853B0C(a)domain.ltd>
Subject: <snip>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_34700_1880177232.1629388338865"
IronPort-SDR: <snip>
x-stl-state-02-ttm: 3
X-IronPort-AV: E=Sophos;i="5.84,335,1620691200";
d="scan'208,217";a="43366678"
Thread-Topic: <snip>
Thread-Index: <snip>
X-MS-Has-Attach:
X-Auto-Response-Suppress: All
X-MS-Exchange-Inbox-Rules-Loop: sender(a)domain.ltd
X-MS-TNEF-Correlator:
x-ms-exchange-parent-message-id: <DFF5C6771797AC45BE445EFB2B4C9F310184853B0C(a)domain.ltd>
auto-submitted: auto-generated
x-ms-exchange-generated-message-source: Mailbox Rules Agent
x-tm-snts-smtp: 2A605E56B2F82CDFEB638FBA89352451712D0325CB280E215C0C6247CD4001712000:8
X-Mailer: Totemo_TrustMail_(Notification)
Envelope-To: <recipient(a)domain.ltd>
X-Spam-Flag: NO
X-UI-Filterresults: notjunk:1;V03:
<snip>
X-getmail-retrieved-from-mailbox: INBOX
------=_Part_34700_1880177232.1629388338865
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="----=_Part_34699_875602842.1629388338865"
------=_Part_34699_875602842.1629388338865
Content-Type: application/pgp-encrypted
Content-Transfer-Encoding: 7bit
Version: 1
------=_Part_34699_875602842.1629388338865
Content-Type: application/octet-stream; name=encrypted.asc
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="encrypted.asc"
-----BEGIN PGP MESSAGE-----
Version: OpenPGP totemomail
Comment: totemomail OpenPGP - http://www.someserver.com
<CIPHERTEXT>
-----END PGP MESSAGE-----
------=_Part_34699_875602842.1629388338865--
------=_Part_34700_1880177232.1629388338865
Content-Type: application/pgp-keys; name="name.asc"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="name.asc"
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP totemomail
Comment: totemomail OpenPGP - http://www.someserver.com
<PUBKEY>
-----END PGP PUBLIC KEY BLOCK-----
------=_Part_34700_1880177232.1629388338865--