I try to use Mailcrypt encrypted user keys with conjustion with dbsync replication(Dovecot 2.3.6 in FreeBSD 12.0 enviroment) but was unsuccessful. If I provide a password in mail_crypt_private_password variable directly in Dovecot config all things works as expected
plugin { mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes mail_crypt_private_password = 12345 }
but when I remove this and trying to get the same user password in password_query it seems password doesn't assigned
password_query = SELECT username AS user, password,
'%w' AS userdb_mail_crypt_private_password
FROM mailbox WHERE username = LCASE('%u')
AND active = '1'
with errors like this in log at server where message was accepted from remote system
May 20 00:40:31 server1 dovecot[35417]: dsync-local(foo@example.com)<Y51qBF/b4VyHigAAJQnBKg>: Error: dsync(server1.example.com): read() failed: read(/var/mail/example.com/foo/new/1558305609.M674400P35456.server1.example.com,S=4493,W=4601:2,a) failed: Private key not available: Cannot decrypt key a4ceb2df0287c0c0ccb0d76e31d91824e1f13e9ffe63d1e04a9a233a073d8a64: Cannot decrypt key 5d19a9246ddce2759a21462974add562dd90f2cb2aa3ff6a5af1af1e3e9b58e6: Password not available (last sent=mail, last recv=mail_request (EOL))
and errors at replica server
May 20 00:40:31 server2 dovecot[63985]: dsync-local(foo@example.com)<MpW+HV/b4VwD+wAAfP91Tw>: Error: dsync(server2.example.com): read() failed: read() failed: dot-input stream ends without '.' line (last sent=mail_request (EOL), last recv=mail)
The question is it possible to have password encrypted user keys with Dovecot dbsync replication or we found a new bug?
-- With best regards, Max Kostikov
W: https://kostikov.co | DeltaChat: mk@eprove.net