Hi everyone, I'm not sure what exactly is going on here.
An external sender did send an email which is PGP Inline encrypted with our public key. His attached public key has been automatically imported but not trusted yet, as there is no automatic mechanism to do so. Cipermail Version 5.0.4 The log states: 06 Aug 2021 10:47:05 | INFO incoming; MailID: 96a3f2d1-a2ac-46da-abfd- f1afda2de434; Recipients: [[email protected]]; Originator: [email protected]; Sender: [email protected]; Remote address: XXX.XXX.XXX.XXX; Subject: Some Subject; Message-ID: <[email protected]>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] 06 Aug 2021 10:47:05 | INFO Subject filter is disabled for the sender; MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 06 Aug 2021 10:47:05 | INFO To internal recipient(s); MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2] 06 Aug 2021 10:47:05 | WARN PGP/INLINE signature was not valid; Failure message: Public key not found in trust list.; MailID: 96a3f2d1- a2ac-46da-abfd-f1afda2de434 (mitm.common.security.openpgp.PGPRecursiveValidatingMIMEHandler) [Spool Thread #2] 06 Aug 2021 10:47:05 | WARN PGP/INLINE signed message contained mixed content; MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434 (mitm.common.security.openpgp.PGPRecursiveValidatingMIMEHandler) [Spool Thread #2] 06 Aug 2021 10:47:05 | INFO Message has been PGP decrypted; MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.PGPHandler) [Spool Thread #2] 06 Aug 2021 10:47:05 | INFO Message handling is finished. Sending to final recipient(s); MailID: 96a3f2d1-a2ac-46da-abfd-f1afda2de434; Recipients: [[email protected]]; Originator: [email protected]; Sender: [email protected]; Remote address: XXX.XXX.XXX.XXX; Subject: Some Subject; Message-ID: <[email protected]>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2] One line says "Failure message: Public key not found in trust list" but the following message says "Message has been PGP decrypted". Still the mail reaches the user mailbox in encrypted sate. Either the obviously wrong success message is a bug or something i don't understand is going on. >From my point of view a failure to check the signature shouldn't stop decryption. Or am i wrong? Any ideas? Is automatic key trust or at least an option to allow untrusted keys to be used on the Roadmap? Regards Wilson
