Recently I attempted enabling the mail_crypt plugin on a per user basis as summarized below:
uname -a
Linux smtp 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux
dovecot --version
2.3.4.1 (f79e8e7e4)
$ cat /etc/dovecot/conf.d/10-mailcrypt.conf
mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt
plugin { mail_crypt_curve = secp521r1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes }
cat dovecot-sql.conf.ext
driver = mysql
connect = host=127.0.0.1 dbname=VVVVV user=WWWWWW password=XXXXXX
user_query = SELECT user,
concat('*:bytes=', quota) AS quota_rule,
'/mail/%d/%n' AS home,
uid, gid
FROM virtual_users WHERE user='%u';
password_query = SELECT user, password, crypt as
userdb_mail_crypt_save_version, '%w' AS
userdb_mail_crypt_private_password FROM virtual_users WHERE user='%u';
dovecot -n
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-16-amd64 x86_64 Debian 10.9 # Hostname: smtp.burk.tech auth_verbose = yes mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_location = maildir:~/Maildir:LAYOUT=fs mail_plugins = quota mail_crypt mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = type = private } passdb { driver = pam } plugin { mail_crypt_curve = secp521r1 mail_crypt_require_encrypted_user_key = # hidden, use -P to show it mail_crypt_save_version = 2 } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0777 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = </etc/dovecot/fullchain.cer.pem ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes userdb { driver = passwd } verbose_ssl = yes protocol lmtp { hostname = smtp.burk.tech postmaster_address = postmaster@burk.tech } protocol imap { mail_max_userip_connections = 50 }
The issue I've noticed occurs when the following settings above are enabled and mail is received into the root of the Maildir fs, then mail is moved to another folder (including a file being deleted). Upon a client's retrieval of messages from the folder where mail was moved to, the log spits out the following:
May 22 19:18:15 smtp dovecot: imap-login: Login: user=<ben>, method=PLAIN, rip=XXX.XXX.XXX.XXX, lip=YYY.YYY.YYY.YYY, mpid=31682, TLS, session=<7oASZPPCkN9EdIVp> May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Error: Mailbox Trash: Saving mail: save: read() failed: read(/mail/burk.tech/ben/Maildir/Receipts/cur/1621724316.M515979P30417.smtp,S=2903,W=2964:2,S) failed: Private key not available: Cannot decrypt key f9e7a6b9dd24535a29915fb46336047b07ae5b9fea5eda8e03cf9a8fa009f88b: Cannot decrypt key 876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87: Password not available May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Error: Mailbox Trash: copy: i_stream_read() failed: read(/mail/burk.tech/ben/Maildir/Receipts/cur/1621724316.M515979P30417.smtp,S=2903,W=2964:2,S) failed: Private key not available: Cannot decrypt key f9e7a6b9dd24535a29915fb46336047b07ae5b9fea5eda8e03cf9a8fa009f88b: Cannot decrypt key 876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87: Password not available May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Error: Mailbox Trash: Saving mail: read() failed: read(/mail/burk.tech/ben/Maildir/Receipts/cur/1621724316.M515979P30417.smtp,S=2903,W=2964:2,S) failed: Private key not available: Cannot decrypt key f9e7a6b9dd24535a29915fb46336047b07ae5b9fea5eda8e03cf9a8fa009f88b: Cannot decrypt key 876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87: Password not available (read reason=) May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Panic: file ostream-encrypt.c: line 631 (o_stream_encrypt_close): assertion failed: (estream->finalized || estream->ctx_sym == NULL || estream->ostream.ostream.stream_errno != 0) May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xdb73b) [0x7fdb3ce7273b] -> /usr/lib/dovecot/libdovecot.so.0(+0xdb7d1) [0x7fdb3ce727d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x4a199) [0x7fdb3cde1199] -> /usr/lib/dovecot/libdovecot.so.0(+0x49276) [0x7fdb3cde0276] -> /usr/lib/dovecot/libdovecot.so.0(+0xffd5e) [0x7fdb3ce96d5e] -> /usr/lib/dovecot/libdovecot.so.0(o_stream_destroy+0x16) [0x7fdb3ce96d86] -> /usr/lib/dovecot/libdovecot-storage.so.0(maildir_save_finish+0x18d) [0x7fdb3cfa946d] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_save_cancel+0x4d) [0x7fdb3cf8167d] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_storage_copy+0x122) [0x7fdb3cf73f22] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x5badc) [0x7fdb3cf81adc] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_move+0x31) [0x7fdb3cf81c11] -> dovecot/imap(+0x128f5) [0x563bd267a8f5] -> dovecot/imap(command_exec+0x70) [0x563bd2687dc0] -> dovecot/imap(+0x1e3f2) [0x563bd26863f2] -> dovecot/imap(+0x1e494) [0x563bd2686494] -> dovecot/imap(client_handle_input+0x1b5) [0x563bd2686845] -> dovecot/imap(client_input+0x7e) [0x563bd2686d6e] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x6f) [0x7fdb3ce88bef] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x136) [0x7fdb3ce8a1e6] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) [0x7fdb3ce88c8c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7fdb3ce88df0] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fdb3ce09123] -> dovecot/imap(main+0x325) [0x563bd2678bf5] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fdb3cbf209b] -> dovecot/imap(_start+0x2a) [0x563bd2678d8a] May 22 19:18:15 smtp dovecot: imap-login: Debug: SSL alert: close notify May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Fatal: master: service(imap): child 31682 killed with signal 6 (core dumps disabled - https://dovecot.org/bugreport.html#coredumps)
My keys for the user are as follows:
ben@smtp.burk.tech :~$ doveadm mailbox cryptokey list -U doveadm(ben): Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied Folder Active Public ID yes 876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87
I've checked and it appears that the mail as its received into the root of Maildir is not initially encrypted. It is stored plaintext. However, when the mail is moved, it is then properly encrypted.
ben@smtp.burk.tech :~/Maildir/cur$ file 1621726534.31820_1.smtp\:2\, 1621726534.31820_1.smtp:2,: SMTP mail, ASCII text
ben@smtp.burk.tech :~/Maildir/Receipts/cur$ file 1621726595.M343917P30832.smtp\,S\=2927\,W\=2988\:2\,S 1621726595.M343917P30832.smtp,S=2927,W=2988:2,S: MailCrypt
-- Ben Burk BURK.TECH System Administrator