# amavisd update and encrypted emails [SOLVED]

## hanj

Hello All

I just upgraded to amavisd-new-2.6.1 and I'm having trouble with encrypted (gpg) emails. All emails that make it to the server that are encrypted have the following prepended to the subject

```
***UNCHECKED***
```

Diff'ing amavis.conf from old to new, I'm seeing no differences with in the following areas:

```
$undecipherable_subject_tag = '***UNCHECKED*** ';

$defang_undecipherable = 1;

@keep_decoded_original_maps = (new_RE(

# qr'^MAIL$',   # retain full original message for virus checking (can be slow)

  qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables

  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,

# qr'^Zip archive data',      # don't trust Archive::Zip

));

# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
```

I can decrypt/open the emails, but the subject is modified. Not sure how this worked before, but gpg encrypted emails have been working fine with amavis for years.

Any ideas??

Thanks!

hanji

----------

## hanj

I pushed log level to 4 (decompose parts) and this is the following info related to the PGP message parts.

```
Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) Extracting mime components

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) Issued a new file name: p001

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) Issued a new file name: p002

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) Issued a new pseudo part: p003

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) p003 1 Content-Type: multipart/encrypted

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) Charging 11 bytes to remaining quota 908000 (out of 908000, (0%)) - by mime_decode

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) p001 1/1 Content-Type: application/pgp-encrypted, size: 11 B, name:

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) Charging 880 bytes to remaining quota 907989 (out of 908000, (0%)) - by mime_decode

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) p002 1/2 Content-Type: application/octet-stream, size: 880 B, name:

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) decode_parts: level=1, #parts=3 : p001, p002, p003

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) lookup (map_full_type_to_short_type) => true,  "ASCII text" matches, result="asc", matching_key="(?i-xsm:^(ASCII|text)\\b)"

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) File-type of p001: ASCII text; (asc)

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) lookup (map_full_type_to_short_type) => true,  "PGP armored data message" matches, result=["pgp","pgp.asc"], matching_key="(?-xism:^PGP armored data( signed)? message\\b)"

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) File-type of p002: PGP armored data message; (pgp, pgp.asc)

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) do_ascii: Decoding part p001

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) do_ascii: Setting sigaction handler, was 0

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) do_ascii: Decoding part p001 (0 items), uulib V0.5pl20

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) decompose_part: p001 - atomic

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) decompose_part: p002 - atomic

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) lookup (bypass_header_checks) => false, "hanji@removeddomain.com" matches, result="0", matching_key="/cached/"

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) lookup (bypass_header_checks) => false, "hanji@removeddomain.com" matches, result="0", matching_key="/cached/"

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) Checking for banned types and filenames

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) lookup (banned_filename), 1 matches for "hanji@removeddomain.com", results: "(constant:DEFAULT)"=>"DEFAULT"

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) collect banned table[0]: hanji@removeddomain.com, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x8ec1570)

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) starting banned checks - traversing message structure tree

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) check_for_banned (p003,p001) multipart/encrypted,UNDECIPHERABLE | application/pgp-encrypted,.asc

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) lookup (check_bann:hanji@removeddomain.com) => undef, ["multipart/encrypted","UNDECIPHERABLE","application/pgp-encrypted",".asc"] does not match

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) p.path hanji@removeddomain.com: "P=p003,L=1,M=multipart/encrypted,A=U,A=C | P=p001,L=1/1,M=application/pgp-encrypted,T=asc"

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) check_for_banned (p003,p002) multipart/encrypted,UNDECIPHERABLE | application/octet-stream,.pgp,.pgp.asc

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) lookup (check_bann:hanji@removeddomain.com) => undef, ["multipart/encrypted","UNDECIPHERABLE","application/octet-stream",".pgp",".pgp.asc"] does not match

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) p.path hanji@removeddomain.com: "P=p003,L=1,M=multipart/encrypted,A=U,A=C | P=p002,L=1/2,M=application/octet-stream,T=pgp,T=pgp.asc,A=C"

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) banned check: any=0, all=N (1)

Sep  7 11:11:13 mail.removeddomain.com amavis[27651]: (27651-01) lookup (keep_decoded_original) => undef, "MAIL" does not matc

Sep  7 11:11:14 mail.removeddomain.com amavis[27651]: (27651-01) lookup (keep_decoded_original) => true,  "MAIL-UNDECIPHERABLE" matches, result="1", matching_key="(?-xism:^MAIL-UNDECIPHERABLE$)"

Sep  7 11:11:14 mail.removeddomain.com amavis[27651]: (27651-01) Issued a new file name: p004

....

Sep  7 11:11:15 mail.removeddomain.com amavis[27651]: (27651-01) Passed UNCHECKED, [xxx.xxx.xxx.xxx] [xxx.xxx.xxx.xxx] <hanji@removeddomain.com> -> <hanji@removeddomain.com>, Message-ID: <20080907110917.168ae9d6@removeddomain.com>, mail_id: 1yEQzQDSzMgr, Hits: -, size: 1816, queued_as: 1F58FE010, 3707 ms
```

Thanks!

hanji

----------

## steveb

Just comment change from:

```
$undecipherable_subject_tag = '***UNCHECKED*** ';
```

to

```
#$undecipherable_subject_tag = '***UNCHECKED*** ';
```

and amavisd will not alter the subject.

 */etc/amavisd.conf wrote:*   

> # a string to prepend to Subject (for local recipients only) if mail could
> 
> # not be decoded or checked entirely, e.g. due to password-protected archives
> 
> $undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it

 

// SteveB

----------

## hanj

I had to do the following to get things to work properly...

```
# $undecipherable_subject_tag = '***UNCHECKED*** ';

# $defang_undecipherable = 1;
```

What I don't get is why this is causing a problem now? Seems like there is something wrong elsewhere. Also, in the logs.. it still says Passed UNCHECKED.

This is restricted to PGP MIME mails only. If I send a mail via PGP Inline, no problems. But I understand that's what it's choking on.. the MIME piece.

hanji

----------

## steveb

 *hanj wrote:*   

> I had to do the following to get things to work properly...
> 
> ```
> 
> # $undecipherable_subject_tag = '***UNCHECKED*** ';
> ...

 This is not a problem. Amavis can not check an encrypted mail since it does not have the possibility to decrypt the mail. In the older releases it just skipped those mails but now you have the possibility to tag a message so that the end user knows that the message is not checked. It's like sending an 50MB mail and telling Amavis to not check mails bigger than 10MB. Then you will get as well an "***UNCHECKED***" in the subject.

// SteveB

----------

## steveb

 *hanj wrote:*   

> This is restricted to PGP MIME mails only. If I send a mail via PGP Inline, no problems. But I understand that's what it's choking on.. the MIME piece.

 Yes. The code just checks PGP MIME and does not trigger when you use PGP inline.

// SteveB

----------

## hanj

I see! Thanks much!!!

hanji

----------

