Can not open S/MIME encrypted E-Mails

8 Jul 2019

      Hey Kevin,

I think we had this problem once, because we had an ACL issue. Make sure the otrs user and the www-data group have read access to it. Sometimes, _too many_ privileges can produce issues as well.

Have you updated to 6.0.19 just recently and maybe copied the certificates with the root user? The otrs.SetPermissions.pl script sometimes misses not standard folder or I copied the certificates after that.

Hope that helps. 

Kind regards,
Matthias

T-SYSTEMS INTERNATIONAL GMBH 
Telekom Security
Matthias Terlinde
Cyber Defense Operations
Bonner Talweg 100
53113 Bonn 
+49 228 181-73771 (fixed)
+49 160 3003113 (mobile) 
E-Mail: matthias.terlinde@t-systems.com
Internet: www.t-systems.com 

Let's power higher performance

Die gesetzlichen Pflichtangaben finden Sie unter: www.t-systems.com/pflichtangaben

GROSSE VERÄNDERUNGEN FANGEN KLEIN AN - RESSOURCEN SCHONEN UND NICHT JEDE E-MAIL DRUCKEN.
...
Message: 4
Date: Mon, 8 Jul 2019 14:13:08 +0200
From: Kevin Dehmlow 
To: otrs@lists.otrs.org
Subject: [otrs] Can not open S/MIME encrypted E-Mails
Message-ID: <9860aa20-52bd-0338-410f-699af493ad8b@uni-bremen.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi,
we are using OTRS 6.0.19 on Ubuntu 18.04.
We have currently the problem with S/MIME encrypted Mails. When an
encrypted E-Mail is sent to our OTRS, we can not open the ticket and the
correspondend Queue.
That means when we try to open the new ticket, the browser loads the site
till timeout. Also the server load gets up 10 times than on idle.
Sending or receiving signed Mails works fine.
I've tried a complete new installation with the default configuration.
On the Testinstallation receiving and decrypting S/MIME encrypted E-Mails is
working without problems. So the certificates seems to be ok (we do not use
self signed certificates).
This is what I get from the apache2 log, when I try to open the Queue with
the ticket.
...
# /var/log/apache2/error.log
[Mon Jul? 8 13:18:46 2019] -e: Deep recursion on subroutine
"Kernel::System::EventHandler::EventHandler" at
/opt/otrs/Kernel/System/Ticket/Article/Backend/MIMEBase.pm line 999.
[Mon Jul? 8 13:18:46 2019] -e: Deep recursion on subroutine
"Kernel::System::Ticket::Event::NotificationEvent::Run" at
/opt/otrs/Kernel/System/EventHandler.pm line 223.
[Mon Jul? 8 13:18:46 2019] -e: Deep recursion on subroutine
"Kernel::System::TemplateGenerator::NotificationEvent" at
/opt/otrs/Kernel/System/Ticket/Event/NotificationEvent.pm line 200.
[Mon Jul? 8 13:18:46 2019] -e: Deep recursion on subroutine
"Kernel::Output::HTML::Layout::Article::ArticleFields" at
/opt/otrs/Kernel/System/TemplateGenerator.pm line 1001.
[Mon Jul? 8 13:18:46 2019] -e: Deep recursion on subroutine
"Kernel::Output::HTML::Article::MIMEBase::ArticleFields" at
/opt/otrs/Kernel/Output/HTML/Layout/Article.pm line 66.
[Mon Jul? 8 13:18:46 2019] -e: Deep recursion on subroutine
"Kernel::Output::HTML::ArticleCheck::SMIME::Check" at
/opt/otrs/Kernel/Output/HTML/Article/MIMEBase.pm line 140.
[Mon Jul? 8 13:18:46 2019] -e: Deep recursion on subroutine
"Kernel::System::Ticket::Article::Backend::MIMEBase::ArticleUpdate" at
/opt/otrs/Kernel/Output/HTML/ArticleCheck/SMIME.pm line 302.
[Mon Jul? 8 13:20:08 2019] -e: Use of uninitialized value in
concatenation (.) or string at
/opt/otrs/Kernel/Modules/AgentTicketQueue.pm line 190.
[Mon Jul? 8 13:20:42 2019] -e: Deep recursion on subroutine
"Kernel::System::EventHandler::EventHandler" at
/opt/otrs/Kernel/System/Ticket/Article/Backend/MIMEBase.pm line 999.
[Mon Jul? 8 13:20:42 2019] -e: Deep recursion on subroutine
"Kernel::System::Ticket::Event::NotificationEvent::Run" at
/opt/otrs/Kernel/System/EventHandler.pm line 223.
[Mon Jul? 8 13:20:42 2019] -e: Deep recursion on subroutine
"Kernel::System::TemplateGenerator::NotificationEvent" at
/opt/otrs/Kernel/System/Ticket/Event/NotificationEvent.pm line 200.
[Mon Jul? 8 13:20:42 2019] -e: Deep recursion on subroutine
"Kernel::Output::HTML::Layout::Article::ArticleFields" at
/opt/otrs/Kernel/System/TemplateGenerator.pm line 1001.
[Mon Jul? 8 13:20:42 2019] -e: Deep recursion on subroutine
"Kernel::Output::HTML::Article::MIMEBase::ArticleFields" at
/opt/otrs/Kernel/Output/HTML/Layout/Article.pm line 66.
[Mon Jul? 8 13:20:42 2019] -e: Deep recursion on subroutine
"Kernel::Output::HTML::ArticleCheck::SMIME::Check" at
/opt/otrs/Kernel/Output/HTML/Article/MIMEBase.pm line 140.
[Mon Jul? 8 13:20:42 2019] -e: Deep recursion on subroutine
"Kernel::System::Ticket::Article::Backend::MIMEBase::ArticleUpdate" at
/opt/otrs/Kernel/Output/HTML/ArticleCheck/SMIME.pm line 302.
The logs from otrs are in this case not very helpful.
This what I get from the apache2 log, when I delete the ticket with a
GenericAgent-Job.
# /var/log/apache2/error.log
...
Mon Jul? 8 13:36:44 2019] -e: DBD::mysql::db do failed: Cannot add or
update a child row: a foreign key constraint fails
(`otrs`.`article_data_mime_attachment`, CONSTRAINT
`FK_article_data_mime_attachment_article_id_id` FOREIGN KEY
(`article_id`) REFERENCES `article` (`id`)) at
/opt/otrs/Kernel/System/DB.pm line 469.
ERROR: OTRS-CGI-10 Perl: 5.26.1 OS: linux Time: Mon Jul 8 13:36:44
2019
?Message: Cannot add or update a child row: a foreign key constraint
fails (`otrs`.`article_data_mime_attachment`, CONSTRAINT
`FK_article_data_mime_attachment_article_id_id` FOREIGN KEY
(`article_id`) REFERENCES `article` (`id`)), SQL: '
??????????? INSERT INTO article_data_mime_attachment (article_id,
filename, content_type, content_size, ??????????????? content,
content_id, content_alternative, disposition, create_time, create_by,
??????????????? change_time, change_by) ??????????? VALUES (?, ?, ?,
?, ?, ?, ?, ?, '2019-07-08 13:36:44', ?,
'2019-07-08 13:36:44', ?)'
?RemoteAddress: x.x.x.x
?RequestURI: /otrs/index.pl?Action=AgentTicketZoom;TicketID=43048
?Traceback (806):
?? Module:
Kernel::System::Ticket::Article::Backend::MIMEBase::ArticleStorageDB::
ArticleWriteAttachment
Line: 262
?? Module:
Kernel::System::Ticket::Article::Backend::MIMEBase::ArticleWriteAttach
ment
Line: 1135
?? Module: Kernel::Output::HTML::ArticleCheck::SMIME::Check Line: 318
?? Module: Kernel::Output::HTML::Article::MIMEBase::ArticleFields
Line: 140
?? Module: Kernel::Output::HTML::Layout::Article::ArticleFields Line:
66 ?? Module: Kernel::System::TemplateGenerator::NotificationEvent
Line: 1001 ?? Module:
Kernel::System::Ticket::Event::NotificationEvent::Run Line: 200 ??
Module: Kernel::System::EventHandler::EventHandler Line: 223 ?? Module:
Kernel::System::Ticket::Article::Backend::MIMEBase::ArticleUpdate
Line: 999
?? Module: Kernel::Output::HTML::ArticleCheck::SMIME::Check Line: 302
?? Module: Kernel::Output::HTML::Article::MIMEBase::ArticleFields
Line: 140
?? Module: Kernel::Output::HTML::Layout::Article::ArticleFields Line:
66 ?? Module: Kernel::System::TemplateGenerator::NotificationEvent
Line: 1001 ?? Module:
Kernel::System::Ticket::Event::NotificationEvent::Run Line: 200 ??
Module: Kernel::System::EventHandler::EventHandler Line: 223 ?? Module:
Kernel::System::Ticket::Article::Backend::MIMEBase::ArticleUpdate
Line: 999
?? Module: Kernel::Output::HTML::ArticleCheck::SMIME::Check Line: 302
?? Module: Kernel::Output::HTML::Article::MIMEBase::ArticleFields
Line: 140
?? Module: Kernel::Output::HTML::Layout::Article::ArticleFields Line:
66 ?? Module: Kernel::System::TemplateGenerator::NotificationEvent
Line: 1001 ?? Module:
Kernel::System::Ticket::Event::NotificationEvent::Run Line: 200 ??
Module: Kernel::System::EventHandler::EventHandler Line: 223 ?? Module:
Kernel::System::Ticket::Article::Backend::MIMEBase::ArticleUpdate
Line: 999
?? Module: Kernel::Output::HTML::ArticleCheck::SMIME::Check Line: 302
?? Module: Kernel::Output::HTML::Article::MIMEBase::ArticleFields
Line: 140
?? Module: Kernel::Output::HTML::Layout::Article::ArticleFields Line:
66 ?? Module: Kernel::System::TemplateGenerator::NotificationEvent
Line: 1001 ?? Module:
Kernel::System::Ticket::Event::NotificationEvent::Run Line: 200 ??
Module: Kernel::System::EventHandler::EventHandler Line: 223 ?? Module:
Kernel::System::Ticket::Article::Backend::MIMEBase::ArticleUpdate
Line: 999
Have someone an idea how to fix this?
Thanks in advance.
Kind regards
Kevin D
------------------------------
Subject: Digest Footer
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
------------------------------
End of otrs Digest, Vol 130, Issue 1
************************************

Matthias.Terlinde＠t-systems.com

Kevin Dehmlow

Matthias.Terlinde＠t-systems.com

Kevin Dehmlow

tags

participants (2)