Hi again,
I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts.
After an initial topic from me about encrypting already existent mail, I could now use some pointers on how to set up the mail-crypt plugin for pure virtual accounts (i.e. that have no matching system users and/or home directories. I hope somebody can clarify a few things that are not entirely clear to me yet.
After doing my own research, I believe the following should be possible:
I'd like to use the password of virtual email accounts to let dovecot encrypt/decrypt the keys needed to encrypt/decrypt the mail in the relevant folders.
As per the documentation @ https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/ I believe this would be all the configuration I need:
# Config mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt
plugin { mail_crypt_curve = secp521r1 # or some other preferred curve mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes # necessary for encrypting keys with user password }
# File: /etc/dovecot/dovecot-sql.conf.ext
password_query = SELECT
email as user, password,
'%w' AS userdb_mail_crypt_private_password
FROM virtual_users WHERE email='%u';
My first question is: Is it possible to configure mail_attribute_dict in such a way as to not use home directories. Since I only use virtual accounts, without those accounts having home directories, can I somehow tell dovecot to save the attributes into the PostsreSQL database, for instance? If not, can you suggest another approach, without having to create home directories for virtual users?
My second question is: The documentation warns about not using password directly in the above SQL query:
Choosing encryption key
DO NOT use password directly. It can contain % which is interpreted as > variable expansion and can cause errors.
Does this refer to not accidentally substituting '%w' with password? In other words, if I leave the above query as is, should I be good, even if plain text passwords of users potentially have % signs in them? Or would I need to take further measurements? (The passwords in my database are already hashed, by the way).
I hope somebody can offer some guidance on this. Thanks.