It looks as if testing inbound email to RT might not be a simple chore in my environment so for now I'm going to focus on outbound email. I do have debug logging enabled. Is there is someplace else worth looking? Am I misunderstanding how auto key retrieval is supposed to work with outbound mail?
On Tue, Jul 30, 2013 at 12:18 PM, Christopher Costa < [email protected]> wrote: > Hi Kevin, > > Thus far my focus has been on getting outgoing email to work (that's our > primary need). I will make every effort to test inbound email ASAP. > > > On Tue, Jul 30, 2013 at 12:09 PM, Kevin Falcone <[email protected] > > wrote: > >> On Tue, Jul 30, 2013 at 11:18:38AM -0400, Christopher Costa wrote: >> > I have been able to get GPG integrated with RT using manually >> installed public keys, but I'm >> > now trying to get auto key retrieval to work. The RT documentation >> suggests (to me, anyway) >> > that this is possible. I haven't had any luck getting it working, >> and I'm curious if any other >> > users have, and would have any tips. I've configured RT this way in >> RT_SiteConfig: >> >> You say you've tested without outgoing emails, have you tested with an >> incoming mail from an unknown user? >> >> Also, ensure that your logging is set to debug, not just error. >> >> -kevin >> >> > Set(%GnuPG, >> > Enable => 1, >> > OutgoingMessagesFormat => "RFC", # Inline >> > AllowEncryptDataInDB => 0, >> > RejectOnMissingPrivateKey => 1, >> > RejectOnBadData => 1, >> > ); >> > >> > Set(%GnuPGOptions, >> > homedir => q{var/data/gpg}, >> > keyserver => 'xxxx://xxx.xxx.xxx.xxx', >> > 'always-trust' => undef, >> > 'auto-key-locate' => 'keyserver', >> > 'keyserver-options' => 'auto-key-retrieve', >> > ); >> > >> > However, when I attempt to send an email to somebody who doesn't >> already have a key on the >> > keyring, I get this error in the UI: >> > >> > User XXXXXXXXXX has a problem. There is no key suitable for >> encryption. >> > Select a key you want to use for encryption: No usable keys. >> > >> > and in the rt.log I see this: >> > >> > [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No >> public key >> > (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163) >> > [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No >> public key >> > (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163) >> > [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No >> public key >> > (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163) >> > >> > It *appears* that RT is checking the keyring, and erroring out if it >> doesn't find a key, which >> > is not what I expected to happened (I was expecting the key would be >> retrieved automatically >> > at the time of encryption). >> > I have executed gpg from the command line with these options, and I >> can retrieve a user key >> > automatically and encrypt a file. So I am pretty sure the problem >> isn't with the keyserver, or >> > the options themselves. I'm holding out hope that I'm simply doing >> something wrong within RT, >> > and that there is some other setting I've overlooked. >> > >> > Thanks! >> > Chris >> > >
