Plugin "mail_crypt" does not work

Aki Tuomi aki.tuomi at dovecot.fi
Tue Jan 17 15:15:08 UTC 2017 

Hi!

Some replies:

1. the problem with mail_crypt_global_public_key, there is a bug that we are fixing where file inputs under plugin { } section do not get aboard.

workaround 1:
You can base64 encode the PEM key (yes, again), and put it in one line such as

plugin {
   mail_crypt_global_public_key = LS0tLS1C.....
}

workaround 2:
Return the key from userdb, you can use same format.

3. The mail_attribute_dict thing requires that setting you discovered, but be advised that in this mode it will create a keypair for each user, and keypair per folder.

For security and performance reasons, we recommend using ECDSA keys instead of RSA keys.

---
Aki Tuomi
Dovecot oy

> On January 17, 2017 at 4:40 PM Evgeniy Korneechev <ekorneechev at altlinux.org> wrote:
> 
> 
> mail_attribute_dict = file:%h/Maildir/dovecot-attributes  > dovecot.conf 
> 
> Apparently so?))
> 
> ----- Исходное сообщение -----
> > От: "Evgeniy Korneechev" <ekorneechev at altlinux.org>
> > Кому: "dovecot" <dovecot at dovecot.org>
> > Отправленные: Вторник, 17 Январь 2017 г 17:32:38
> > Тема: Re: Plugin "mail_crypt" does not work
> 
> > Hi, guys. Also, currently a problem (with
> > http://wiki2.dovecot.org/Plugins/MailCrypt#EC_key):
> > 
> > # dovecot mailbox cryptokey generate -u name at example.com -UR
> > doveadm(name at example.com): Error:
> > mail_crypt_user_get_public_key(name at example.com) failed:
> > mailbox_attribute_get(INBOX,
> > /shared/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/pvt/crypt/active)
> > failed: Mailbox attributes not enabled
> > 
> > Something is wrong in the settings? Or bug?
> > 
> > 
> > The same error in log when sending emails (with
> > http://wiki2.dovecot.org/Plugins/MailCrypt#Base64_encoded_keys):
> > 
> > Error: sieve: msgid=<57720a813eb7817c80ff67b21718ae42 at example.com>: failed to
> > store into mailbox 'INBOX':
> > get_public_key(INBOX) failed: mailbox_attribute_get(INBOX,
> > /shared/vendor/vendor.dovecot/pvt/crypt/active) failed:
> > Mailbox attributes not enabled
> > 
> > Any ideas?
> > 
> > 
> > ----- Исходное сообщение -----
> >> От: "Evgeniy Korneechev" <ekorneechev at altlinux.org>
> >> Кому: "dovecot" <dovecot at dovecot.org>
> >> Отправленные: Понедельник, 16 Январь 2017 г 18:17:44
> >> Тема: Re: Plugin "mail_crypt" does not work
> > 
> >> We tried these rights:
> >> 
> >> [root at mail44 dovecot]# ls -la
> >> итого 80
> >> drwxr-xr-x  8 root  root   4096 янв 13 13:17 .
> >> drwxr-xr-x 98 root  root  12288 янв 11 11:47 ..
> >> drwxrwxrwx  2 root  root   4096 янв 10 15:58 eckey
> >> drwxr-xr-x  2 root  root   4096 янв 13 12:42 eckey2
> >> drwxr-xr-x  2 vmail vmail  4096 янв 11 09:14 RSAkey
> >> 
> >> [root at mail44 dovecot]# cd eckey2
> >> [root at mail44 eckey2]# ls -la
> >> итого 16
> >> drwxr-xr-x 2 root root 4096 янв 13 12:42 .
> >> drwxr-xr-x 8 root root 4096 янв 13 13:17 ..
> >> -rw-r--r-- 1 root root  316 янв 13 12:41 ecprivkey.pem
> >> -rw-r--r-- 1 root root  232 янв 13 12:42 ecpubkey.pem
> >> 
> >> ----- Исходное сообщение -----
> >>> От: "Aki Tuomi" <aki.tuomi at dovecot.fi>
> >>> Кому: "dovecot" <dovecot at dovecot.org>
> >>> Отправленные: Пятница, 13 Январь 2017 г 14:18:55
> >>> Тема: Re: Plugin "mail_crypt" does not work
> >> 
> >>> On 13.01.2017 12:21, Evgeniy Korneechev wrote:
> >>>>   mail_crypt_global_public_key = </etc/dovecot/eckey/ecpubkey.pem
> >>> 
> >>> Is this world-wide readable file? Is LDA able to access this?
> >>> 
> >>> Aki
> >> 
> >> --
> >> WBR,
> >> BaseALT/ALTLinux Team
> > 
> > --
> > WBR,
> > BaseALT/ALTLinux Team
> 
> -- 
> WBR, 
> BaseALT/ALTLinux Team

More information about the dovecot mailing list