Re: dmarc user can't receive email because of encrypted storage

On 2023-05-04 21:31, Aki Tuomi via dovecot wrote:

...

On 04/05/2023 21:28 EEST efeizbudak@disroot.org wrote:

On 2023-05-04 21:25, Aki Tuomi wrote:

...

...

On 04/05/2023 21:20 EEST efeizbudak@disroot.org wrote:

On 2023-05-04 21:16, Aki Tuomi wrote:

...

...

On 04/05/2023 21:09 EEST Aki Tuomi via dovecot dovecot@dovecot.org wrote:

> On 04/05/2023 21:08 EEST efeizbudak@disroot.org wrote: > > > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot > >> dovecot@dovecot.org wrote: > >> > >> > >> Hi all, > >> > >> So recently google has been trying to send email to dmarc@domain.com > >> on > >> my server but I'm using encrypted storage and since the dmarc user has > >> no password the email is being rejected with the error: > >> > >> May  4 16:51:50 domain dovecot: > >> lda(dmarc)<3326>: Error: sieve: > >> msgid=10341808348719730099@google.com: failed to store into mailbox > >> 'INBOX': generate_keypair(INBOX) failed: > >> mail_crypt_require_encrypted_user_key set, cannot generate user > >> keypair > >> without password or key > >> > >> How can I fix this, or at least read what the mail says? Would it be > >> safe to just give dmarc user a strong password? > > > > You can run > > > > doveadm mailbox cryptokey generate -U dmarc -N > > > > so the user will have a keypair generated. Then it should work. > > > > Aki > > I'm getting > > generate: invalid option -- 'N' > > should I just run it without -N ? > > Thank you!

Please keep responses on the list.

Try -n password? I have a faint recall of a buggy version like this.

Aki

...

Sorry for replying twice, I'm getting doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) when I try to run it without the -N op

Sorry, my bad.

doveadm mailbox cryptokey generate -U -u dmarc -n password

Aki This too gives me

generate: invalid option -- 'n'

So it seems. Have to investigate this.

In the mean time, can you try just

doveadm mailbox cryptokey generate -U -u dmarc

If you want, you can do

doveadm mailbox cryptokey password -u user -U -N

which hopefully should work.

Aki First one gives,

doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key doveadm(dmarc): Warning: mailbox cryptokey generate: Nothing was matched. Use -U or specify mask? doveadm(dmarc): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1) doveadm(dmarc): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7fe3f93e04e2] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7fe3f93e05fe] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc49b) [0x7fe3f93ec49b] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc4d1) [0x7fe3f93ec4d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x53aee) [0x7fe3f9343aee] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x407c9) [0x7fe3f94f47c9] -> doveadm(+0x31bcd) [0x55c2ab3d7bcd] -> doveadm(+0x32632) [0x55c2ab3d8632] -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x22d) [0x55c2ab3d94ad] -> doveadm(doveadm_cmd_run_ver2+0x4c8) [0x55c2ab3e9b88] -> doveadm(doveadm_cmd_try_run_ver2+0x3a) [0x55c2ab3e9bda] -> doveadm(main+0x1d0) [0x55c2ab3c8450] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7fe3f8f9fd0a] -> doveadm(_start+0x2a) [0x55c2ab3c892a] Aborted

And the second one gives,

password: invalid option -- 'U'

Thank you for looking into it!

Sorry, this is bit annoying issue. Seems there was a slight oversight when this option was added.. anyways...

try

doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox cryptokey generate -U -u dmarc

maybe it works?

Aki This gives the same error as the above that starts with

doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key