Hi, guys. Also, currently a problem (with http://wiki2.dovecot.org/Plugins/MailCrypt#EC_key):

# dovecot mailbox cryptokey generate -u name@example.com -UR doveadm(name@example.com): Error: mail_crypt_user_get_public_key(name@example.com) failed: mailbox_attribute_get(INBOX, /shared/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/pvt/crypt/active) failed: Mailbox attributes not enabled

Something is wrong in the settings? Or bug?

The same error in log when sending emails (with http://wiki2.dovecot.org/Plugins/MailCrypt#Base64_encoded_keys):

Error: sieve: msgid=<57720a813eb7817c80ff67b21718ae42@example.com>: failed to store into mailbox 'INBOX': get_public_key(INBOX) failed: mailbox_attribute_get(INBOX, /shared/vendor/vendor.dovecot/pvt/crypt/active) failed: Mailbox attributes not enabled

Any ideas?

----- Исходное сообщение -----

От: "Evgeniy Korneechev" <ekorneechev@altlinux.org> Кому: "dovecot" <dovecot@dovecot.org> Отправленные: Понедельник, 16 Январь 2017 г 18:17:44 Тема: Re: Plugin "mail_crypt" does not work

We tried these rights:

[root@mail44 dovecot]# ls -la итого 80 drwxr-xr-x 8 root root 4096 янв 13 13:17 . drwxr-xr-x 98 root root 12288 янв 11 11:47 .. drwxrwxrwx 2 root root 4096 янв 10 15:58 eckey drwxr-xr-x 2 root root 4096 янв 13 12:42 eckey2 drwxr-xr-x 2 vmail vmail 4096 янв 11 09:14 RSAkey

[root@mail44 dovecot]# cd eckey2 [root@mail44 eckey2]# ls -la итого 16 drwxr-xr-x 2 root root 4096 янв 13 12:42 . drwxr-xr-x 8 root root 4096 янв 13 13:17 .. -rw-r--r-- 1 root root 316 янв 13 12:41 ecprivkey.pem -rw-r--r-- 1 root root 232 янв 13 12:42 ecpubkey.pem

----- Исходное сообщение -----

...

От: "Aki Tuomi" <aki.tuomi@dovecot.fi> Кому: "dovecot" <dovecot@dovecot.org> Отправленные: Пятница, 13 Январь 2017 г 14:18:55 Тема: Re: Plugin "mail_crypt" does not work

...

On 13.01.2017 12:21, Evgeniy Korneechev wrote:

...

mail_crypt_global_public_key = </etc/dovecot/eckey/ecpubkey.pem

Is this world-wide readable file? Is LDA able to access this?

Aki

-- WBR, BaseALT/ALTLinux Team

-- WBR, BaseALT/ALTLinux Team

Hi!

Some replies:

1. the problem with mail_crypt_global_public_key, there is a bug that we are fixing where file inputs under plugin { } section do not get aboard.

workaround 1: You can base64 encode the PEM key (yes, again), and put it in one line such as

plugin { mail_crypt_global_public_key = LS0tLS1C..... }

workaround 2: Return the key from userdb, you can use same format.

3. The mail_attribute_dict thing requires that setting you discovered, but be advised that in this mode it will create a keypair for each user, and keypair per folder.

For security and performance reasons, we recommend using ECDSA keys instead of RSA keys.

Aki Tuomi Dovecot oy

On January 17, 2017 at 4:40 PM Evgeniy Korneechev <ekorneechev@altlinux.org> wrote:

mail_attribute_dict = file:%h/Maildir/dovecot-attributes > dovecot.conf

Apparently so?))

----- Исходное сообщение -----

...

От: "Evgeniy Korneechev" <ekorneechev@altlinux.org> Кому: "dovecot" <dovecot@dovecot.org> Отправленные: Вторник, 17 Январь 2017 г 17:32:38 Тема: Re: Plugin "mail_crypt" does not work

...

Hi, guys. Also, currently a problem (with http://wiki2.dovecot.org/Plugins/MailCrypt#EC_key):

# dovecot mailbox cryptokey generate -u name@example.com -UR doveadm(name@example.com): Error: mail_crypt_user_get_public_key(name@example.com) failed: mailbox_attribute_get(INBOX, /shared/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/pvt/crypt/active) failed: Mailbox attributes not enabled

Something is wrong in the settings? Or bug?

The same error in log when sending emails (with http://wiki2.dovecot.org/Plugins/MailCrypt#Base64_encoded_keys):

Error: sieve: msgid=<57720a813eb7817c80ff67b21718ae42@example.com>: failed to store into mailbox 'INBOX': get_public_key(INBOX) failed: mailbox_attribute_get(INBOX, /shared/vendor/vendor.dovecot/pvt/crypt/active) failed: Mailbox attributes not enabled

Any ideas?

----- Исходное сообщение -----

...

От: "Evgeniy Korneechev" <ekorneechev@altlinux.org> Кому: "dovecot" <dovecot@dovecot.org> Отправленные: Понедельник, 16 Январь 2017 г 18:17:44 Тема: Re: Plugin "mail_crypt" does not work

...

We tried these rights:

[root@mail44 dovecot]# ls -la итого 80 drwxr-xr-x 8 root root 4096 янв 13 13:17 . drwxr-xr-x 98 root root 12288 янв 11 11:47 .. drwxrwxrwx 2 root root 4096 янв 10 15:58 eckey drwxr-xr-x 2 root root 4096 янв 13 12:42 eckey2 drwxr-xr-x 2 vmail vmail 4096 янв 11 09:14 RSAkey

[root@mail44 dovecot]# cd eckey2 [root@mail44 eckey2]# ls -la итого 16 drwxr-xr-x 2 root root 4096 янв 13 12:42 . drwxr-xr-x 8 root root 4096 янв 13 13:17 .. -rw-r--r-- 1 root root 316 янв 13 12:41 ecprivkey.pem -rw-r--r-- 1 root root 232 янв 13 12:42 ecpubkey.pem

----- Исходное сообщение -----

...

От: "Aki Tuomi" <aki.tuomi@dovecot.fi> Кому: "dovecot" <dovecot@dovecot.org> Отправленные: Пятница, 13 Январь 2017 г 14:18:55 Тема: Re: Plugin "mail_crypt" does not work

...

On 13.01.2017 12:21, Evgeniy Korneechev wrote:

...

mail_crypt_global_public_key = </etc/dovecot/eckey/ecpubkey.pem

Is this world-wide readable file? Is LDA able to access this?

Aki

-- WBR, BaseALT/ALTLinux Team

-- WBR, BaseALT/ALTLinux Team

-- WBR, BaseALT/ALTLinux Team