Intermittent failure to decrypt messages

According to our tests decryption of reprocessed mail works without any issues. It is important that the mail is forwarded to [email protected] as .eml attachment from the same mail account that received it.

There is still a decrypt issue when sending mail to [email protected]. We are investigating the issue and will publish another update once everything works as expected.

The change introduced with the planned maintenance of yesterday, July 19th 2025 (see https://seppmail.statuspal.eu/incidents/198556) introduced an erroneous behaviour.

This behaviour had the effect that some messages were not decrypted. In order to now decrypt such messages, users can create a new message addressed to [email protected] and attach the encrypted message (see the manual for detailled explanation).

Even though we were not immediately able to identify such cases in our logs, a small percentage of messages may have been rejected while the erroneous behaviour was in production. Affected messages would need to be resent.

The root cause for the erroneous behaviour was a silent error in the LDAP backend, ie an error which did not produce any log or error message, and delivered valid, but incomplete or empty data upon certain search requests. With the benefit of hindsight this erroneous behaviour could be reproduced in the testing environments, even though it appears less frequent than in production.

The change is now being rolled back until further analysis.