GPG: Mails from OTRS not signed

[friendlypenguin]

Hey all!

I have configured OTRS to work with GPG. The OTRS has its own priv/pubkey, the pubkey is published to keyservers. I am able now to send emails to otrs with signatures, otrs is able to veryfie them. OTRS is also able to recieve encrypted messaged and decrypt them. But I didn't found out how OTRS can be told to send signed Mails...

Can anyone help me with this one?

I'm running OTRS 3.1.6, Apache 2.2.3 on Centos 5.8, using mod_perl2.

GPG options in SysConfig are:

PGP yes
PGP::Bin /usr/bin/gpg
PGP::Options --homedir /opt/otrs/.gnupg/ --batch --no-tty --yes
PGP::Key::Password notgoingtotellthat:-)
PGP::TrustedNetwork yes
PGP::Log everything standard

Thanks in advance guys!

[crythias]

Probably, and I'm just guessing, the send-from email address doesn't have a key?

[friendlypenguin]

Hey crythias, thanks for your reply.

I'm not sure what the send-from email adress is. I checked in Sysconfig Framework -> Core that the NotificationSenderEmail is otrs@<OTRS_CONFIG_FQDN> (where <OTRS_CONFIG_FQDN> is the right fqdn... . When I check in the Admin Panel the PGP Management Folder, I see a Pub and a Private Key (sec) for otrs@<OTRS_CONFIG_FQDN>. When I recieve a Mail from OTRS in my mailclient, the it has as senderadress from otrs@<OTRS_CONFIG_FQDN>.

In PGP Management i have only one one Key/Password set, the ID is the same as my Private Key in PGP Management. And all keys are still valid. When I send a new EMailTicket or similar, I have the possibility to encrypt the messages (and I can decrypt it im my mailclient) but in the box "sign" no selection is available... Since I can send encrypted messages to OTRS and OTRS is able to decrypt it, the private key has to be ok. The public-key is viewable in PGP Management and vaild.

Any suggestions? What are the possible selections in the "sign"-dropdown of you guys?

thanks for help

[crythias]

It depends on what specific thing OTRS is sending.
Is it an agent reply? An autoresponse? A notification?

[friendlypenguin]

I'd like otrs to sign all mails it sends.

But my case it is a simple email-ticket. Means, I opended "new email ticket" under "tickets" and wanted to select somethind in the "sign" dropdown, but theres nothing to choose from... eventhough the public key of my otrs-emailadress (the same I'm sending to and encryption/decryption works fine) is appearing in "pgp key" in the admin-panel.

[jojo]

is your OTRS sender address saved in the key? Did you import private and public key?

[friendlypenguin]

hmmm everything seems to be ok:

Code: Select all

bash-3.2$ gpg --list-keys
/opt/otrs/.gnupg/pubring.gpg
----------------------------
pub   1024D/DXXXXXX2 2012-02-03
uid                  OTRS.XXXXXX.COM (otrs gpg) <otrs@otrs.XXXXXX.com>
sub   4096g/7XXXXXXE 2012-02-03
...


AAAAttention! I found the Problem:-)

It dependet which queue I habe chosen: In the adminpanel under "queues" there was set another "System address" once I changed it there, everything worked fine... :-)

Thanks for your replies quys!