schleuder 4.0.2 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9f8275838177195ab78283d9c737de9cbd2d39e816c9f41db2e31d785d787dd8
-  data.tar.gz: 464e220965c5d0ee43d300a1f988e7a27edd9344d751bae9e06a9a02fc5c2a43
+  metadata.gz: 4148fa7b166ff22d2af8980a549f08e7bc659080df8f9579d15a190cbb046033
+  data.tar.gz: edb0f987169bdb5585f9350057e5f7114e377d13cec9e9f413a6da24a4e3cd46
 SHA512:
-  metadata.gz: d6ba6aab5c19ae0f8f74a0fe44e84e5a10f4adf434f55454a1d7ca49943557fbad5db23ff06fee1a3e0efa5a248034f8a6a17dcbeb91864bf04ec68f8cd14d1f
-  data.tar.gz: bd361a32b63c6bcfa146e1369a45fa54e9c3c94d29baaefbbff01a1629b468c896a34c17cd6ff957357eaf67611a5b09b5c2b2d9a023130430a86f29892b19cb
+  metadata.gz: 8d86957d1b3b3e6929290f273b2fd39a65c012aa19fba80231aba12c413024c19dd513cf4a61dce7cb93af1996ade5d95de8230ef0a7e855fedaa741aa1f10a4
+  data.tar.gz: 00605d42c733d792fffd50652e1f7c7c8b8e98066006bf49eff25bf7d6c7523419229d18537e07f2735ca8b2fe4b243b043966a13079c8d8fce7d274fd2629c1

data/README.md

@@ -9,12 +9,13 @@ For more details see <https://schleuder.org/docs/>.
 
 Requirements
 ------------
-* ruby >=2.5
+* ruby >=2.7
 * gnupg >=2.2
 * gpgme
 * sqlite3
 * openssl
 * icu
+* libcurl
 
 *If you use Debian buster, CentOS 7 or Archlinux, please have a look at the [installation docs](https://schleuder.org/schleuder/docs/server-admins.html#installation). We do provide packages for those platforms, which simplify the installation a lot.*
 
@@ -36,15 +37,15 @@ Additionally these **rubygems** are required (will be installed automatically un
 Installing Schleuder
 ------------
 
-1. Download [the gem](https://schleuder.org/download/schleuder-4.0.2.gem) and [the OpenPGP-signature](https://schleuder.org/download/schleuder-4.0.2.gem.sig) and verify:
+1. Download [the gem](https://schleuder.org/download/schleuder-5.0.0.gem) and [the OpenPGP-signature](https://schleuder.org/download/schleuder-5.0.0.gem.sig) and verify:
    ```
    gpg --recv-key 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
-   gpg --verify schleuder-4.0.2.gem.sig
+   gpg --verify schleuder-5.0.0.gem.sig
    ```
 
 2. If all went well install the gem:
    ```
-   gem install schleuder-4.0.2.gem
+   gem install schleuder-5.0.0.gem
    ```
 
 3. Set up schleuder:
@@ -101,10 +102,6 @@ To execute the test suite run:
 
     bundle exec rspec
 
-Please note: Some of the specs use 'pgrep'. On systems that base on Debian 10 ("buster") install it via 
-
-    apt-get install procps
-
 We are working on extendig the test coverage.
 
 Contributing
@@ -134,4 +131,4 @@ GNU GPL 3.0. Please see [LICENSE.txt](LICENSE.txt).
 Alternative Download
 --------------------
 
-Alternatively to the gem-files you can download the latest release as [a tarball](https://schleuder.org/download/schleuder-4.0.2.tar.gz) and [its OpenPGP-signature](https://schleuder.org/download/schleuder-4.0.2.tar.gz.sig).
+Alternatively to the gem-files you can download the latest release as [a tarball](https://schleuder.org/download/schleuder-5.0.0.tar.gz) and [its OpenPGP-signature](https://schleuder.org/download/schleuder-5.0.0.tar.gz.sig).

data/db/migrate/20180110203100_add_sig_enc_to_headers_to_meta_defaults.rb

@@ -24,7 +24,7 @@ class AddSigEncToHeadersToMetaDefaults < ActiveRecord::Migration[4.2]
     # complexities of the actual class.
     Class.new(ActiveRecord::Base) do
       self.table_name = 'lists'
-      self.serialize :headers_to_meta, JSON
+      self.serialize :headers_to_meta, coder: JSON
     end
   end
 end

data/db/migrate/20211106112020_change_boolean_values_to_integers.rb

@@ -0,0 +1,46 @@
+# Since ActiveRecord >= 6.0, the SQLite3 connection adapter relies on boolean
+# serialization to use 1 and 0, but does not natively recognize 't' and 'f' as
+# booleans were previously serialized.
+#
+# Accordingly, this migration handles conversion of both column defaults and
+# stored data provided by a user.
+#
+# In contrast to other migrations, only a 'forward' method is provided, a
+# mechanism to 'reverse' is not. Given the nature of this migration, the later
+# is not really required.
+#
+# Unfortunately, we missed this breaking change when bumping ActiveRecord to >=
+# 6.0 in Schleuder version 4.0. This caused quite some work upstream, but also
+# in downstream environments and, last but not least, at the side of users.
+#
+# We should extend our CI to explicitly test, and ensure things work as
+# expected, if running a Schleuder setup in real world. As of now, we don't
+# ensure data provided by a user in Schleuder version x still works after
+# upgrading to version y.
+
+class ChangeBooleanValuesToIntegers < ActiveRecord::Migration[6.0]
+  class Lists < ActiveRecord::Base
+  end
+
+  class Subscriptions < ActiveRecord::Base
+  end
+
+  def up
+    [Lists, Subscriptions].each do |table|
+      unless table.connection.is_a?(ActiveRecord::ConnectionAdapters::SQLite3Adapter)
+        return
+      end
+
+      bool_columns_defaults = table.columns.select { |column| column.type == :boolean }.map{ |column| [column.name, column.default] }
+
+      bool_columns_defaults.each do |column_name, column_default|
+        column_bool = ActiveRecord::Type::Boolean.new.deserialize(column_default)
+        
+        change_column_default :"#{table.table_name}", :"#{column_name}", column_bool
+        
+        table.where("#{column_name} = 'f'").update_all("#{column_name}": 0)
+        table.where("#{column_name} = 't'").update_all("#{column_name}": 1)
+      end
+    end
+  end
+end

data/db/migrate/20211107151309_add_limits_to_string_columns.rb

@@ -0,0 +1,28 @@
+# It seems, the change to ActiveRecord >= 6.0 makes this necessary.
+# Without doing this, the auto-generated database schema file would drop
+# these limits, if running migrations.
+#
+# In contrast to other migrations, only a 'forward' method is provided, a
+# mechanism to 'reverse' is not. Given the nature of this migration, the later
+# is not really required.
+#
+# This has been an upstream issue for quite some time. For details, see
+# https://github.com/rails/rails/issues/19001.
+
+class AddLimitsToStringColumns < ActiveRecord::Migration[6.0]
+  class Lists < ActiveRecord::Base
+  end
+
+  class Subscriptions < ActiveRecord::Base
+  end
+
+  def up
+    [Lists, Subscriptions].each do |table|
+      string_columns = table.columns.select { |column| column.type == :string }.map(&:name)
+
+      string_columns.each do |column_name|
+        change_column :"#{table.table_name}", :"#{column_name}", :string, :limit => 255
+      end
+    end
+  end
+end

data/db/migrate/20220910170110_add_key_auto_import_from_email.rb

@@ -0,0 +1,11 @@
+class AddKeyAutoImportFromEmail < ActiveRecord::Migration[7.1]
+  def up
+    if ! column_exists?(:lists, :key_auto_import_from_email)
+      add_column :lists, :key_auto_import_from_email, :boolean, default: false
+    end
+  end
+
+  def down
+    remove_column(:lists, :key_auto_import_from_email)
+  end
+end

data/db/schema.rb

@@ -10,18 +10,17 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2020_01_18_170110) do
-
+ActiveRecord::Schema[7.1].define(version: 2022_09_10_170110) do
   create_table "lists", force: :cascade do |t|
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.string "email"
-    t.string "fingerprint"
-    t.string "log_level", default: "warn"
-    t.string "subject_prefix", default: ""
-    t.string "subject_prefix_in", default: ""
-    t.string "subject_prefix_out", default: ""
-    t.string "openpgp_header_preference", default: "signencrypt"
+    t.datetime "created_at", precision: nil
+    t.datetime "updated_at", precision: nil
+    t.string "email", limit: 255
+    t.string "fingerprint", limit: 255
+    t.string "log_level", limit: 255, default: "warn"
+    t.string "subject_prefix", limit: 255, default: ""
+    t.string "subject_prefix_in", limit: 255, default: ""
+    t.string "subject_prefix_out", limit: 255, default: ""
+    t.string "openpgp_header_preference", limit: 255, default: "signencrypt"
     t.text "public_footer", default: ""
     t.text "headers_to_meta", default: "[\"from\", \"to\", \"cc\", \"date\", \"sig\", \"enc\"]"
     t.text "bounces_drop_on_headers", default: "{\"x-spam-flag\":\"yes\"}"
@@ -39,7 +38,7 @@ ActiveRecord::Schema.define(version: 2020_01_18_170110) do
     t.boolean "include_list_headers", default: true
     t.boolean "include_openpgp_header", default: true
     t.integer "max_message_size_kb", default: 10240
-    t.string "language", default: "en"
+    t.string "language", limit: 255, default: "en"
     t.boolean "forward_all_incoming_to_admins", default: false
     t.integer "logfiles_to_keep", default: 2
     t.text "internal_footer", default: ""
@@ -47,16 +46,17 @@ ActiveRecord::Schema.define(version: 2020_01_18_170110) do
     t.boolean "include_autocrypt_header", default: true
     t.boolean "set_reply_to_to_sender", default: false
     t.boolean "munge_from", default: false
+    t.boolean "key_auto_import_from_email", default: false
   end
 
   create_table "subscriptions", force: :cascade do |t|
     t.integer "list_id"
-    t.string "email"
-    t.string "fingerprint"
+    t.string "email", limit: 255
+    t.string "fingerprint", limit: 255
     t.boolean "admin", default: false
     t.boolean "delivery_enabled", default: true
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.datetime "created_at", precision: nil
+    t.datetime "updated_at", precision: nil
     t.index ["email", "list_id"], name: "index_subscriptions_on_email_and_list_id", unique: true
     t.index ["list_id"], name: "index_subscriptions_on_list_id"
   end

data/etc/list-defaults.yml

@@ -149,3 +149,19 @@ set_reply_to_to_sender: false
 # This option can enabled for improved usability since this affect
 # mail client's displayed name.
 munge_from: false
+
+# If enabled, parse Autocrypt-header and look for attached keys in incoming emails.
+# For each found key (a), check if it contains a UID matching the From-header. In
+# case it does not, skip this key and handle the next, if any.
+# Lookup fingerprint of key (a) and check if it's already present in the keyring.
+# If present, import the key (a).
+# Otherwise, check if a key, which contains a UID matching the From-header, is present
+# in the keyring.
+# If not, import the key (a).
+# Before doing any import, ensure via a filter so that only the relevant UID is
+# kept.
+# Please be aware that this might result in a newly imported key that matches a
+# subscriber's email address, which didn't originate from the subscriber (in case
+# of forged From-header). We consider this not a serious problem because that key
+# will not be used for that subscriber's emails unless it is assigned manually.
+key_auto_import_from_email: false

data/etc/schleuder.yml

@@ -21,17 +21,28 @@ filters_dir: /usr/local/lib/schleuder/filters
 # How verbose should Schleuder log to syslog? (list-specific messages are written to the list's log-file).
 log_level: warn
 
-# Which keyserver to refresh keys from (used by `schleuder refresh_keys`, meant
-# to be run from cron or systemd weekly).
-# If you have gnupg 2.1, we strongly suggest to use a hkps-keyserver:
-#keyserver: hkps://hkps.pool.sks-keyservers.net
-# If you have gnupg 2.1 and TOR running locally, use a onion-keyserver:
-#keyserver: hkp://jirk5u4osbsr34t5.onion
-# If you have an OS-wide defined keyserver, specify a blank value to have that
-# one used:
-#keyserver: 
-# The default works for all supported versions of gnupg:
-keyserver: pool.sks-keyservers.net
+# Which verifying keyserver to fetch keys from?
+# This server must support the VKS API.
+# To disable lookup via this type of keyserver, set this to a blank value.
+# Note: This must include the procotol scheme (e.g. "https://").
+vks_keyserver: https://keys.openpgp.org
+
+# Which traditional keyserver to fetch keys from?
+# This server must support the SKS API.
+# Please consider that public SKS servers don't verify any upload, the keys
+# they deliver should not be trusted without additional verification. This is
+# important if you e.g. allow keys to be fetched automatically, or by email
+# address.
+# This keyserver is queried only if the vks_keyserver didn't have a key.
+# Note: This must include the procotol scheme (e.g. "https://").
+# Beware: Only specify https here if the server does use a commonly accepted
+#         TLS certificate. Most servers of the SKS-pool do not!
+sks_keyserver: 
+
+# Should Schleuder use a proxy for HTTP requests (to fetch OpenPGP keys)?
+# To route HTTP requests via Tor set up a local Tor daemon and enter e.g.
+# socks5h://127.0.0.1:9050 (for a typical Tor service).
+#http_proxy:
 
 # Who is maintaining the overall schleuder installation and should be
 # notified about severe problems with lists.
@@ -40,6 +51,13 @@ keyserver: pool.sks-keyservers.net
 # Is also used as an envelope sender of admin notifications.
 superadmin: root@localhost
 
+# Umask with which to create directories and files. The default (0077) lets
+# only the owners read them, no one else.
+# Only change this in special cases and if you know what you are doing!
+# (Be careful to retain the value type, it must not be quoted and it must start
+# with a zero!)
+umask: 0077
+
 # For these options see documentation for ActionMailer::smtp_settings, e.g. <http://api.rubyonrails.org/classes/ActionMailer/Base.html>.
 smtp_settings:
   address: localhost

data/lib/schleuder/cli.rb

@@ -109,7 +109,8 @@ module Schleuder
         end
       end
 
-      if ActiveRecord::SchemaMigration.table_exists?
+      # If the table for lists exists we assume the DB has been initialized before.
+      if List.table_exists?
         say shellexec("cd #{root_dir} && rake db:migrate")
       else
         say shellexec("cd #{root_dir} && rake db:init")
@@ -122,6 +123,18 @@ module Schleuder
         Schleuder::Cert.new.generate
       end
 
+      if Conf.umask == 0077
+        # The umask is set to the (new) default, let's have a look at the list-dirs.
+        list_dirs = Dir.glob("#{Conf.lists_dir}/*")
+        list_dirs.each do |list_dir|
+          perm_bits = File.stat(list_dir).mode.to_s(8)[-3..]
+          if perm_bits != '700'
+            say "WARNING: The directory '#{list_dir}' has permissions that do not match the umask as set in schleuder's config. You should probably fix that by running `chmod -R g-rwx #{list_dir}`."
+          end
+        end
+      end
+
+
       say "Schleuder has been set up. You can now create a new list using `schleuder-cli`.\nWe hope you enjoy!"
       permission_notice
     rescue => exc
@@ -132,7 +145,7 @@ module Schleuder
       def shellexec(cmd)
         result = `#{cmd} 2>&1`
         if $?.exitstatus > 0
-          exit $?.exitstatus
+          fatal result, $?.exitstatus
         end
         result
       end

data/lib/schleuder/conf.rb

@@ -10,12 +10,15 @@ module Schleuder
 
     DEFAULTS = {
       'lists_dir' => '/var/lib/schleuder/lists',
+      'umask' => 0077,
       'listlogs_dir' => '/var/lib/schleuder/lists',
       'keyword_handlers_dir' => '/usr/local/lib/schleuder/keyword_handlers',
       'filters_dir' => '/usr/local/lib/schleuder/filters',
       'log_level' => 'warn',
       'superadmin' => 'root@localhost',
-      'keyserver' => 'hkp://pool.sks-keyservers.net',
+      'vks_keyserver' => 'https://keys.openpgp.org',
+      'sks_keyserver' => 'http://pool.sks-keyservers.net',
+      'http_proxy' => '',
       'smtp_settings' => {
         'address' => 'localhost',
         'port' => 25,
@@ -48,10 +51,19 @@ module Schleuder
       @config ||= load_config(ENV['SCHLEUDER_CONFIG'])
     end
 
+    def reload!
+      @config = nil
+      config
+    end
+
     def self.lists_dir
       instance.config['lists_dir']
     end
 
+    def self.umask
+      instance.config['umask']
+    end
+
     def self.listlogs_dir
       instance.config['listlogs_dir']
     end
@@ -115,8 +127,16 @@ module Schleuder
       settings
     end
 
-    def self.keyserver
-      instance.config['keyserver']
+    def self.vks_keyserver
+      instance.config['vks_keyserver']
+    end
+
+    def self.sks_keyserver
+      instance.config['sks_keyserver']
+    end
+
+    def self.http_proxy
+      instance.config['http_proxy']
     end
 
     private

data/lib/schleuder/email_key_importer.rb

@@ -0,0 +1,91 @@
+module Schleuder
+  class EmailKeyImporter
+    class << self
+      def import_from_attachments(list, mail)
+        # Shouldn't happen, but who knows...
+        return if ! mail.from.first.match(Conf::EMAIL_REGEXP)
+        mail.attachments.map do |part|
+          if part.content_type == 'application/pgp-keys'
+            filter_and_maybe_import_keys(mail, part.body.decoded)
+          end
+        end.compact
+      end
+
+      def import_from_autocrypt_header(list, mail)
+        # Shouldn't happen, but who knows...
+        return if ! mail.from.first.match(Conf::EMAIL_REGEXP)
+        return if mail.header['Autocrypt'].blank?
+        keydata_base64 = mail.header['Autocrypt'].to_s.split('keydata=', 2)[1]
+        return if keydata_base64.blank?
+        keydata = Base64.decode64(keydata_base64)
+        return if keydata.blank?
+        filter_and_maybe_import_keys(mail, keydata)
+      end
+
+      def filter_and_maybe_import_keys(mail, keydata)
+        extracted_keys = GPGME::KeyExtractor.extract_by_email_address(mail.from.first, keydata)
+        extracted_keys.map do |fingerprint, filtered_keydata|
+          maybe_import_key(mail, fingerprint, filtered_keydata)
+        end.compact
+      end
+
+      def maybe_import_key(mail, fingerprint, filtered_keydata)
+        if mail.list.keys(fingerprint).size == 1
+          return update_key(mail, filtered_keydata)
+        end
+
+        if mail.list.keys(mail.from.first).size > 0
+          mail.add_pseudoheader('Note', I18n.t('email_key_importer.key_already_present'))
+          return
+        end
+        add_key(mail, filtered_keydata)
+      end
+
+      def add_key(mail, keydata)
+        fingerprint, import_states = import_to_list(mail, keydata)
+        return if ! fingerprint
+        if ! import_states.include?(I18n.t('import_states.new_key'))
+          mail.list.logger.error "Importing key failed! Fingerprint: #{fingerprint.inspect} -- Import-states: #{import_states.inspect}"
+          mail.add_pseudoheader('Note',
+                                I18n.t('email_key_importer.import_error',
+                                       fingerprint: fingerprint.inspect,
+                                       import_states: import_states.inspect))
+          return
+        end
+        key = mail.list.keys(fingerprint).first
+        mail.add_pseudoheader('Note', I18n.t('email_key_importer.key_added',
+                                             key_summary: key.summary))
+        fingerprint
+      end
+
+      def update_key(mail, keydata)
+        fingerprint, import_states = import_to_list(mail, keydata)
+        return if ! fingerprint
+        key = mail.list.keys(fingerprint).first
+        if import_states == ['unchanged']
+          mail.add_pseudoheader('Note',
+                                I18n.t('email_key_importer.key_unchanged',
+                                       key_summary: key.summary))
+          return
+        end
+
+        key = mail.list.keys(fingerprint).first
+        mail.add_pseudoheader('Note', I18n.t('email_key_importer.key_updated',
+                                             key_summary: key.summary))
+        fingerprint
+      end
+
+      def import_to_list(mail, keydata)
+        result = mail.list.gpg.import_filtered(keydata)
+        # At this point we expect the keydata to only contain one key, and thus
+        # only one key and value in the result.
+        if ! result.is_a?(Hash) || result.keys.size != 1 || ! result.values.first.is_a?(Array)
+          mail.list.logger.error "Unexpected result when importing key from temporary keyring => #{result.inspect}"
+          mail.add_pseudoheader('Note', I18n.t('email_key_importer.technical_error'))
+          return false
+        end
+        [result.keys.first, result.values.first]
+      end
+    end
+  end
+end

data/lib/schleuder/filters/post_decryption/35_key_auto_import_from_attachments.rb

@@ -0,0 +1,21 @@
+module Schleuder
+  module Filters
+    def self.key_auto_import_from_attachments(list, mail)
+      # Don't run if not enabled.
+      return if ! list.key_auto_import_from_email
+
+      imported_fingerprints = EmailKeyImporter.import_from_attachments(list, mail)
+      if imported_fingerprints.size > 0
+        # If the message's signature could not be validated before, re-run the
+        # validation, because after having imported new or updated keys the
+        # validation now might work.
+        if mail.signature.present? && ! mail.signature.valid?
+          # Re-validate the signature validation, now that a new key was
+          # imported that might be the previously unknown signing key.
+          mail.repeat_validation!
+        end
+      end
+    end
+  end
+end
+

data/lib/schleuder/filters/post_decryption/80_receive_from_subscribed_emailaddresses_only.rb

@@ -1,7 +1,7 @@
 module Schleuder
   module Filters
     def self.receive_from_subscribed_emailaddresses_only(list, mail)
-      if list.receive_from_subscribed_emailaddresses_only? && list.subscriptions.where(email: mail.from.first).blank?
+      if list.receive_from_subscribed_emailaddresses_only? && list.subscriptions.where(email: mail.from.first.downcase).blank?
         list.logger.info 'Rejecting mail as not from subscribed address.'
         return Errors::MessageSenderNotSubscribed.new
       end

data/lib/schleuder/filters/post_decryption/90_strip_html_from_alternative_if_keywords_present.rb

@@ -1,17 +1,49 @@
 module Schleuder
   module Filters
+
+    # If keywords are present, recurse into arbitrary levels of multipart/mixed
+    # encapsulation. If multipart/alternative is found, remove all sub-parts
+    # but the text/plain part (assuming that every multipart/alternative
+    # contains exactly one text/plain). Change the content_type from
+    # mutlipart/alternative to mutlipart/mixed.
     def self.strip_html_from_alternative_if_keywords_present(list, mail)
-      if mail[:content_type].blank? ||
-          mail[:content_type].content_type != 'multipart/alternative' ||
-          mail.keywords.blank?
+      # Only strip the text/html-part if keywords are present
+      if mail.keywords.blank? then return false end
+      return self.recursively_strip_html_from_alternative_if_keywords_present(list, mail)
+    end
+
+    def self.recursively_strip_html_from_alternative_if_keywords_present(list, mail)
+      if mail[:content_type].blank? then return false end
+      content_type = mail[:content_type].content_type
+
+      # The multipart/alternative could hide inside an arbitrary number of
+      # levels of multipart/mixed encapsulation.
+      # see also: https://www.rfc-editor.org/rfc/rfc2046#section-5.1.3
+      if content_type == 'multipart/mixed'
+        mail.parts.each do |part|
+          self.recursively_strip_html_from_alternative_if_keywords_present(list, part)
+        end
         return false
       end
 
+      # inside the mutlipart/mixed, we only care about multipart/mixed and
+      # mutlipart/alternative
+      if content_type != 'multipart/alternative' then return false end
+
+      # Inside multipart/alternative, there could be a text/html-part, or there
+      # could be a multipart/related-part which contains the text/html-part.
+      # Everything inside the multipart/alternative that is not text/plain
+      # should be deleted, since it will contain keywords and we only strip
+      # keywords from text/plain-parts.
       Schleuder.logger.debug 'Stripping html-part from multipart/alternative-message because it contains keywords'
       mail.parts.delete_if do |part|
-        part[:content_type].content_type == 'text/html'
+        content_type = part[:content_type].content_type
+        content_type != 'text/plain'
       end
+
+      # NOTE: We could instead unencapsulate it.
       mail.content_type = 'multipart/mixed'
+
       mail.add_pseudoheader(:note, I18n.t('pseudoheaders.stripped_html_from_multialt_with_keywords'))
     end
   end

data/lib/schleuder/filters/pre_decryption/60_key_auto_import_from_autocrypt_header.rb

@@ -0,0 +1,9 @@
+module Schleuder
+  module Filters
+    def self.key_auto_import_from_autocrypt_header(list, mail)
+      if list.key_auto_import_from_email
+        EmailKeyImporter.import_from_autocrypt_header(list, mail)
+      end
+    end
+  end
+end

data/lib/schleuder/filters_runner.rb

@@ -13,11 +13,7 @@ module Schleuder
           list.logger.debug "Calling filter #{cmd}"
           response = Filters.send(cmd, list, mail)
           if stop?(response)
-            if bounce?(response, mail)
-              return response
-            else
-              return nil
-            end
+            return response
           end
         end
         nil
@@ -32,31 +28,6 @@ module Schleuder
         response.kind_of?(StandardError)
       end
 
-      def bounce?(response, mail)
-        if list.bounces_drop_all
-          list.logger.debug 'Dropping bounce as configurated'
-          notify_admins(I18n.t('.bounces_drop_all'), mail.original_message)
-          return false
-        end
-
-        list.bounces_drop_on_headers.each do |key, value|
-          if mail[key].to_s.match(/#{value}/i)
-            list.logger.debug "Incoming message header key '#{key}' matches value '#{value}': dropping the bounce."
-            notify_admins(I18n.t('.bounces_drop_on_headers', key: key, value: value), mail.original_message)
-            return false
-          end
-        end
-
-        list.logger.debug 'Bouncing message'
-        true
-      end
-
-      def notify_admins(reason, original_message)
-        if list.bounces_notify_admins?
-          list.logger.notify_admin reason, original_message, I18n.t('notice')
-        end
-      end
-
       def load_filters
         list.logger.debug "Loading #{filter_type}_decryption filters"
         sorted_filters.map do |filter_name|