outbound mails are rejected - not signed by a trusted key
Created: 31 Aug 2011 | Updated: 02 Dec 2011 | 3 comments
This issue has been solved. See solution.
after defining an outbound policy with pgp encryption the outbound test message which should match the new defined policy is bounced. In reporting the following error entries appeared:
SMTP-16509: recipient 1/1 (email@example.com): bouncing: unable to locate a valid encryption key
SMTP-16509: key search <firstname.lastname@example.org> [internal user keys]: found key "email@example.com" (KeyID: 0xF6D33F10) [rejected - not signed by a trusted key]
Outbound policy is configured similar as below:
- Conditions / If all of the following are true / Recipient address is firstname.lastname@example.org
- Actions / Send (encrypted/signed) / Encrypt to recipient's key; Sign; When suitable key not found bounce message; Preferred encoding format: PGP/MIME
- Key Search / The following locations will be searched for keys by default: Internal users; External users; No additional locations will be searched
The outbound message will only be delivered if the option "Require verified key" is disabled. In Administration Guide of PGP Universal Server there is recommended to enable that option. If an external key is imported and is listed in the external user list I assume that the concerning key is trusted. To ensure that I exported the key, signed it via PGP Desktop and reimported it to Universal Server. The result is the same as before.
Where is my error in reasoning?
I'm still using Universal Server version 3.1.2 Build 9 (update to 3.2 is planned). I guess that I had no problems with that issue until using 2.12 and former versions. The "Require verified key" option was enabled in all outbound policies.
In Admin Guide I only found a hint about outbound S/MIME messages - to verify a S/MIME certificate the corresponding root certificate has to be listed in Trusted Keys.
Any hints are appreciated..