On 25. Mar 2025, at 15.15, luis.neapolis--- via dovecot <dovecot@dovecot.org> wrote:
crypt_global_private_key main{ crypt_private_key_password=secret crypt_private_key_file= } userdb ldap { driver = ldap ..... fields { mail_crypt_global_private_key/main/crypt_private_key_file=inline:%{ldap:key} } }
lmtp(134879): Fatal: Raw user initialization failed: mail_crypt_plugin: nuovo: Couldn't parse private key : Unknown key format
The trouble is that mail_crypt plugin loads the keys always at user initialization. That's fine for the actual user, which does the userdb lookup. However, we have an internal "raw user" which doesn't do a userdb lookup. The raw user sees from config that there is a private key configured, but the key is empty so it fails. I guess the nicest solution would be to delay initializing the keys until they're actually needed, but you can make it work already:
#crypt_global_private_key main { #} userdb ldap { driver = ldap fields { crypt_global_public_key_file=inline:%{ldap:pubkey} crypt_global_private_key=main crypt_global_private_key/main/crypt_private_key_file=inline:%{ldap:privkey} crypt_private_key_password=%{password} } }