search

greenbone / gvmd

Greenbone Vulnerability Manager - The database backend for the Greenbone Community Edition
GNU Affero General Public License v3.0
281 stars 153 forks source link

[21.0.4] Unable to send mails encrypt using S/MIME certificates #1541

Open tuxmaster5000 opened 3 years ago

tuxmaster5000 commented 3 years ago

Because reopen will not work, here the link to the original report. https://github.com/greenbone/gvmd/issues/1090 Here the current log:

util gpgme:MESSAGE:2021-06-01 05h34.22 utc:1632912: Setting GnuPG dir to '/var/lib/greenbone/gvmd/gnupg'
util gpgme:MESSAGE:2021-06-01 05h34.22 utc:1632912: Using OpenPGP engine version '2.2.20'
event alert:MESSAGE:2021-06-01 07h35.17 CEST:1633182: The alert ePost_foo was triggered (Event: Task status changed to 'Done', Condition: Always)
util gpgme:MESSAGE:2021-06-01 07h35.19 CEST:1633182: find_email_encryption_key: Found matching UID for foo@foo.foo
event alert:MESSAGE:2021-06-01 07h38.08 CEST:1634880: Alert ePost_foo (505b79f8-ba0f-4a39-a63b-a7441b925650) has been modified by gott
event alert:MESSAGE:2021-06-01 07h38.16 CEST:1634890: The alert ePost_foo was triggered (Event: Task status changed to 'Done', Condition: Always)
util gpgme:MESSAGE:2021-06-01 07h38.17 CEST:1634890: find_email_encryption_key: Found matching UID for oo@foo.foo
md manage:WARNING:2021-06-01 07h38.17 CEST:1634890: email_encrypt_smime: encryption fail

Using gpg keys instant of certificates will work.

tryweb commented 2 months ago

Regarding the certificate issue, it can be resolved by installing or updating trusted root certificates. Below is my workaround method. After running docker compose -p greenbone-community-edition up -d, execute the following commands to solve the problem:

docker exec greenbone-community-edition-gvmd-1 apt update
docker exec greenbone-community-edition-gvmd-1 apt install ca-certificates -y

I hope that updating ca-certificates can be added to the Dockerfile of image: greenbone/gvmd:stable to resolve this issue.

cfi-gb commented 2 months ago

@tryweb IIUC this is something completely different (sending encrypted S/MIME mails) while yours is about the community supported MTA setup within the containers which even didn't existed back then in 2021.

About the ca-certificates see greenbone/docs#483 which probably requires a community contribution / PR.