On 30/07/2023 08:29 EEST eaerhaerhaehae aehraerhaeha <dovecotquestion@gmx.de> wrote:
Hello everyone,
1. I was wondering whether mail-crypt is intended to be supported in the long run.
Yes. There are no plans to remove it and it is widely used.
2. Furthermore, I was wondering about the best way to backup a whole email server with mail-crypt enabled.
(3. how do i use dsync with mail-crypt?)
If you are using per-user passwords, tar and rsync are probably best. dsync only works if it can decrypt users emails.
Below are my thoughts so far.
- doveadm seems to work on each user individually, and it seems that the password is required for this? At least tachtler/dovecot-backup complains about missing the key and password to decrypt the mails, and so does "dsync -f -u a@bc.de backup maildir:bc.de/a"
Yep. As it needs to decrypt them mails.
- I was going to just tar /var/mail, but it appears that maildirlock is deprecated and broken, so I would have to shut down dovecot temporarily, in order to maintain file/index integrity, which is not ideal.
You can find a fixed version at https://github.com/dovecot/tools/blob/main/maildirlock.c
- Running it in some kind of virtualized environment to be able to take atomic snapshots might work, but I read that the "uuid list", or whatever, is only updated "lazily". Would a shutdown even solve that?
- I just saw that replication is going away. Maybe it would not have supported mail-crypt anyway.
Not with per user passwords, no.
Regards,
Aki