mail-crypt-plugin: encrypted user keys
Daniel Schuermann
dovecot at 2718282.net
Fri May 28 12:54:07 EEST 2021
Hi,
I tried to enable encrypted folder keys using mail-crypt-plugin.
It works as expected when using unencrypted folder keys.
When I add
mail_crypt_require_encrypted_user_key = yes
as shown below, I somehow manage to crash dovecot:
dovecot: lmtp(82060): Fatal: master: service(lmtp):
child 82060 killed with signal 6 (core not dumped -
https://dovecot.org/bugreport.html#coredumps -
set service lmtp { drop_priv_before_exec=yes })
dovecot: lmtp(67814): Panic: file mail-user.c: line 229 (mail_user_deinit):
assertion failed: ((*user)->refcount== 1)
lmtp(root): Info: msgid=<07e3a23b2aaea60b at mx.2718282.net>:
save failed to INBOX: generate_keypair(INBOX) failed:
mail_crypt_require_encrypted_user_key set,
cannot generate user keypair without password or key
My config files:
# 2.3.14 (cee3cbc0d): /etc/mail/imap.conf
# OS: OpenBSD 6.9 amd64
auth_verbose = yes
debug_log_path = /var/log/dovecot
info_log_path = /var/log/dovecot
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_debug = yes
namespace inbox {
...
}
passdb {
args = /etc/mail/imap-sqlite.conf
driver = sql
}
plugin {
mail_crypt_curve = secp521r1
mail_crypt_require_encrypted_user_key = yes
mail_crypt_save_version = 2
}
protocols = imap lmtp
service imap-login {
...
}
ssl = required
ssl_cert = </etc/ssl/rsa.crt
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
userdb {
args = /etc/mail/imap-sqlite.conf
driver = sql
override_fields = uid=vmail gid=vmail
}
# file: /etc/mail/imap-sqlite.conf
driver = sqlite
connect = /etc/mail/sqlite.db
default_pass_scheme = BLF-CRYPT
user_query = SELECT '/home/vmail/'||destination AS home FROM virtuals WHERE email = '%u'
password_query = SELECT email as user, password, '%w' AS \
userdb_mail_crypt_private_password FROM credentials WHERE email = '%u'
More information about the dovecot
mailing list