Plugins/Mailcrypt: mail_crypt_private_password not assigned by password_query

20 May 2019


      I try to use Mailcrypt encrypted user keys with conjustion with dbsync
replication(Dovecot 2.3.6 in FreeBSD 12.0 enviroment) but was
unsuccessful.
If I provide a password in mail_crypt_private_password variable directly
in Dovecot config all things works as expected
plugin {
mail_crypt_curve = prime256v1
mail_crypt_save_version = 2
mail_crypt_require_encrypted_user_key = yes
mail_crypt_private_password = 12345
}
but when I remove this and trying to get the same user password in
password_query it seems password doesn't assigned
password_query  = SELECT username AS user, password, 

'%w' AS userdb_mail_crypt_private_password 

FROM mailbox WHERE username = LCASE('%u') 

AND active = '1'
with errors like this in log at server where message was accepted from
remote system
May 20 00:40:31 server1 dovecot[35417]:
dsync-local(foo@example.com): Error:
dsync(server1.example.com): read() failed:
read(/var/mail/example.com/foo/new/1558305609.M674400P35456.server1.example.com,S=4493,W=4601:2,a)
failed: Private key not available: Cannot decrypt key
a4ceb2df0287c0c0ccb0d76e31d91824e1f13e9ffe63d1e04a9a233a073d8a64: Cannot
decrypt key
5d19a9246ddce2759a21462974add562dd90f2cb2aa3ff6a5af1af1e3e9b58e6:
Password not available (last sent=mail, last recv=mail_request (EOL))
and errors at replica server
May 20 00:40:31 server2 dovecot[63985]:
dsync-local(foo@example.com): Error:
dsync(server2.example.com): read() failed: read() failed: dot-input
stream ends without '.' line (last sent=mail_request (EOL), last
recv=mail)
The question is it possible to have password encrypted user keys with
Dovecot dbsync replication or we found a new bug?
--
With best regards,
Max Kostikov
W: https://kostikov.co | DeltaChat: mk@eprove.net