diff --git a/towncrier/newsfragments/2892.bugfix b/towncrier/newsfragments/2892.bugfix
new file mode 100644
index 00000000..ccae6e43
--- /dev/null
+++ b/towncrier/newsfragments/2892.bugfix
@@ -0,0 +1 @@
+Fix GPG operations from Roundcube - calling gpg with full path was blocked
diff --git a/webmails/snuffleupagus.rules b/webmails/snuffleupagus.rules
index ca657719..5e619a8a 100644
--- a/webmails/snuffleupagus.rules
+++ b/webmails/snuffleupagus.rules
@@ -73,7 +73,7 @@ sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)
 sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 # This is **very** broad but doing better is non-straightforward
-sp.disable_function.function("proc_open").param("command").value_r("^gpg ").allow();
+sp.disable_function.function("proc_open").param("command").value_r("^(/usr/bin/)?gpg ").allow();
 sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 
 # Prevent runtime modification of interesting things