Re: [Dovecot] Plugin mail-filter tangles

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Sat, 24 May 2014, Stanislas SABATIER wrote:

Dovecot is handling the final delivery, through mail-filter plugin as follow :

1. both users contexts are created from user_db queries
2. mail-filter plugin is init for user2
3. /mail_user_created/ for user2
4. mai-filter plugin arguments are parsed for user2
5. â?¦/mail_allocated/ then /mail_save_begin/ for user2 (at this stage, the email is encrypted with users2 params)
6. Dovecot tells to LMTP that mail for user2 is delivered
7. then, â?? we are still in user2 context â??, an other /mail_allocated/ is run, followed by a /istream_opened/
8. mail user context is swithed to user3 --> /mail_user_created/ --> plugin's args parsed --> â?¦ /mail_allocated/
9. andâ?¦ Dovecot tells to LMTP that mail for user3 is delivered

So, it appears that Dovecot is re-using user2's email to pass it to user3 by opening an istream in user2's context. In my configuration, Dovecot can't do that because it has not the user2's private rsa key to reopen the email it has just encrypted, so it passes the email to user3 with user2 encryption params. Final result : user3 is receiving the email encrypted with user2's rsa key !

Problem : how to force Dovecot to deinit then reinit mail-filter plugin for each user to be sure that each email is encrypted with the right key before it is saved to users' mailboxes ?

If your observation are true, you cannot. I sligthly remember a discussion about a plugin, that changes the message content. Timo answered that with "that is not supported". Also, see:

http://wiki2.dovecot.org/Plugins/MailFilter

"(TODO: Modifying the mail during writing would be possible with some code changes.) " in first paragraph.

Encrypting the message is "to modify the mail" IMHO.

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU5BdM3z1H7kL/d9rAQJk9ggAotNs87I4IbLwWQEcX9Rt3NGmwxzDfcMF B5z9/O2C/xv3Kp4FVS5rGg1j1g4fQKVyhDvSaJ3ClrN5M1OyFRa8bqvM2sQ8ID88 TcU6HVDvE4SjL85rpUogvOJhkrhIjpd2Kj+X3AcuxdOAerXg5cK9b5ATH1FeS2RT vyrWLcDXZuaZS36aCgiCMm0UBT3hAWGZAlJEm5x2Fyi3uIHbyT57rxLTXekhtmOA hw+oOUXfaTSOGMb4F9XK6dfWz8ss2jdmADL2RYiCzU/5DPoBWdL8nRs2lHRA+e+h E6lIbHu38NW0fEUGxJmL7LpvMgAIpHL6Mi7P7zHJ9iignJHnSTccIw== =Yn7c -----END PGP SIGNATURE-----