Dovecot mail-crypt webmail can't read encrypted messages
Serveria Support
support at serveria.com
Thu Sep 15 07:33:19 UTC 2022
Ok, big progress here! Specifying user password explicitly did the
trick! The command that works is this:
doveadm -o plugin/mail_crypt_private_password=xxxxxxxxxx -Dv fetch -u
user at mydomain.xyz text 1
Now I have to adjust/write a query which does the same in order to
read/decrypt emails via webmail. I'm going to investigate the master
user issue you mentioned.
On 2022-09-15 08:16, Aki Tuomi wrote:
>> On 14/09/2022 19:34 EEST Serveria Support <support at serveria.com>
>> wrote:
>>
>>
>> Thanks for your help. Do you know in which folder the keys are stored?
>> I'd like to check the permissions...
>>
>
>
> Some notes here, after reading this thread again:
>
> - Keys are stored in mail_attributes file, which depends on your
> config, but usually is %h/dovecot-attributes, which means it'll be in
> user's home directory.
>
> - The key format is Dovecot Dcrypt Key, you can use `doveadm mailbox
> cryptokey export` to export them in PEM format. Only **global keys**
> expect PEM formatted keys, which you are not using.
>
> - If you are using mail_crypt_private_password to encrypt the user
> key, you will need to provide this every time you want to access the
> user's emails, including using doveadm. Dovecot does not know what
> password you are using.
>
> - Your logs indicate that you are, still, using master userdb. This
> will not work. You cannot use master users with per-user encryption
> passwords in the way you do. If you want to use master users / master
> password, you must not encrypt the user key.
>
> - You should really focus on reading your logs, because they really do
> indicate that the userdb_mail_crypt_private_password is not exprted in
> anywhere, so clearly and obviously you are not able to access the
> mails.
>
> Maybe consider removing the master user authentication completely?
>
> Aki
More information about the dovecot
mailing list