Should gpg try to connect to TCP/993?

Bjarni Runar Einarsson bre at
Wed Oct 23 15:12:17 CEST 2019

Hash: SHA512

Hi Mikhail,

What follows is an educated guess, but only a guess...

Mikhail Morfikov via Gnupg-users <gnupg-users at> wrote:
> gpg wants to connect to the network, but it looks like it wants
> also TCP/993 (IMAPS). This happens when I use Thunderbird as a
> mail clinet + Enigmail extension, which make some use of gpg.
> doesn't show anything that points to gpg. When I prevent gpg
> from connecting to this port, I can't access my mail account in
> Thunderbird -- it just tries to refresh the inbox, but it just
> stalls. When I restart Thunderbird at this point, then
> everything backs to normal, and I don't see any drops in OUTPUT
> traffic. Could anyone explain what's going on here?

The way processes are spawned on Unix, fork()/exec() will by
default inherit open file descriptors. Thunderbird/Enigmail will
fork()/exec() to launch gpg.

Each active TCP/IP connection has an open file descriptor. So, if
Enigmail's gpg launcher hasn't taken care to close unneeded file
descriptors after fork() and before exec(), gpg will inherit the
connections Thunderbird had open at the time of invocation.

Since gpg doesn't actually know anything about these connections,
it likely won't close them, they'll stay open (potentially even
after Thunderbird has closed them, although that doesn't match
all the symptoms you've described).

If your firewall then sends RST packets to close connections
which gpg isn't supposed to be making, it will actually be
shutting down the connections Thunderbird was using and you won't
be able to access your mail.

(This scenario matches what you have described, but I haven't
reproduced your problem to verify it is indeed the case.)

Hope this helps!
 - Bjarni

- -- lets your personal computer be part of the web



More information about the Gnupg-users mailing list