Dovecot cannot access mailcrypt decryption key

Aki Tuomi aki.tuomi at open-xchange.com
Mon Nov 30 18:09:47 EET 2020 

> On 30/11/2020 13:07 Daniel Niewerth <d.niewerth at gmx.de> wrote:
> 
> 
> Hello everyone,
> 
> I have a problem with MailCrypt on my Dovecot installation.
> I have two Dovecot servers with Maildir on a shared filesystem.
> In front of the servers is a dovecot director, so that the connections of a user are always directed to the same backend server.
> 
>  The setup worked fine for almost a year.
> Since a few weeks I have the occasional problem with my primary mailbox that Dovecot cannot access the decryption key.
> 
> So far I have always solved the problem by restoring the servers completely from the last backup.
> Of course this is not a proper solution.
> 
> The following message appears in the logfile:
> Nov 30 10:56:11 vsrv-dus6-mta01 dovecot: imap(daniel at xxx)<26699><sPhx21C1UdTAqAFk>: Error: Mailbox INBOX: UID=15338: read() failed: read(/var/vmail/mailboxes/xxx/daniel/mail/cur/1606576233.M400743P1901.vsrv-dus6-mta01,S=1958,W=2004:2,) failed: Decryption error: no private key available
> Nov 30 10:58:39 vsrv-dus6-mta01 dovecot: imap(daniel at xxx)<26788><PPlx5FC1WtTAqAFk>: Error: Mailbox INBOX: UID=15338: read() failed: read(/var/vmail/mailboxes/xxx/daniel/mail/cur/1606576233.M400743P1901.vsrv-dus6-mta01,S=1958,W=2004:2,) failed: Decryption error: no private key available
> Nov 30 10:58:42 vsrv-dus6-mta01 dovecot: imap(daniel at xxx)<26792><pEqC5FC1W9TAqAFk>: Error: Mailbox INBOX: UID=15338: read() failed: read(/var/vmail/mailboxes/xxx/daniel/mail/cur/1606576233.M400743P1901.vsrv-dus6-mta01,S=1958,W=2004:2,) failed: Decryption error: no private key available
> 
> The file "dovecot-attributes" exists and has not been changed according to the timestamp. I can open the file and view its contents.
> 
> root at vsrv-dus6-mta01:~# ls -lh /var/vmail/mailboxes/xxx/daniel/Maildir/
> total 7,5K
> -rw------- 1 vmail vmail 7,3K Jan 27 2020 dovecot-attributes
> root at vsrv-dus6-mta01:~#
> 
> 
>  When I run "doveadm mailbox cryptokey list" it returns an empty result.
> 
> root at vsrv-dus6-mta01:~# doveadm mailbox cryptokey list -u daniel at xxx -U
> doveadm(daniel at xxx): Warning: mailbox cryptokey list: Nothing was matched. Use -U or specify mask?
> Folder Active Public ID
> root at vsrv-dus6-mta01:~#
> 
> root at vsrv-dus6-mta01:~# doveadm mailbox cryptokey list -u sabine at xxx -U
> Folder Active Public ID
> yes xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> root at vsrv-dus6-mta01:~#
> 
> Can anyone tell me anything about the problem?
> 
> 
> My Dovecot version:
> root at vsrv-dus6-mta01:~# dovecot --version
> 2.3.11.3 (502c39af9)
> root at vsrv-dus6-mta01:~#
> 
> Best regards
> Daniel

Can you check your mailbox-attributes that it actually contains the encryption key?

Also can you try

`doveadm -Dv fetch -u daniel at xxx text 1`

and see if it gives any clues where it goes wrong?

Aki

More information about the dovecot mailing list