[Dovecot] Plugin mail-filter tangles
System installed : Dovecot 2.2.12 as IMAP server and Postfix as MTA. Dovecot and Postfix connected via LMTP
- Dovecot mail plugin 'mail-filter' to encrypt/decrypt emails on the fly with public/private users' RSA keys.
Case study : You have 3 (virtuals) users belonging to 3 different domains, all managed by your Dovecot server. One of these users is connected to Dovecot with MUA Thunderbird, and he's writing an email to someone outside of yours domains, but he puts the two others users' email addresses in CC : mail from user1@domain1.dovecot --> to: someone@outside, CC: user2@domain2.dovecot, user3@domaine3.dovecot
What happens (as far as I can understand) : The email is submitted to Postfix : one copy is delivered outside, the other is passed to Dovecot via LMTP for user2 & user3 @dovecot Dovecot is handling the final delivery, through mail-filter plugin as follow :
- both users contexts are created from user_db queries
- mail-filter plugin is init for user2
- /mail_user_created/ for user2
- mai-filter plugin arguments are parsed for user2
- â¦/mail_allocated/ then /mail_save_begin/ for user2 (at this stage, the email is encrypted with users2 params)
- Dovecot tells to LMTP that mail for user2 is delivered
- then, â we are still in user2 context â, an other /mail_allocated/ is run, followed by a /istream_opened/
- mail user context is swithed to user3 --> /mail_user_created/ --> plugin's args parsed --> ⦠/mail_allocated/
- and⦠Dovecot tells to LMTP that mail for user3 is delivered
So, it appears that Dovecot is re-using user2's email to pass it to user3 by opening an istream in user2's context. In my configuration, Dovecot can't do that because it has not the user2's private rsa key to reopen the email it has just encrypted, so it passes the email to user3 with user2 encryption params. Final result : user3 is receiving the email encrypted with user2's rsa key !
Problem : how to force Dovecot to deinit then reinit mail-filter plugin for each user to be sure that each email is encrypted with the right key before it is saved to users' mailboxes ?
Thank you in advance for your help.
Stan.
Le 24 mai 2014 à 18:14, Stanislas SABATIER a écrit :
System installed : Dovecot 2.2.12 as IMAP server and Postfix as MTA. Dovecot and Postfix connected via LMTP
- Dovecot mail plugin 'mail-filter' to encrypt/decrypt emails on the fly with public/private users' RSA keys.
[...] Final result : user3 is receiving the email encrypted with user2's rsa key !
Hello Stanislas,
All of this sounds a bit "bizarre", not to say frightening... To avoid any ambiguity, could you post the output of doveconf -n? As well your encryption and decryption scripts? And tell us how postfix is configured wrt LMTP?
Problem : how to force Dovecot to deinit then reinit mail-filter plugin for each user to be sure that each email is encrypted with the right key before it is saved to users' mailboxes ?
There could perhaps be a (temporary) workaround at Postfix's level, by limiting the number of recipients?
Axel
To extend my previous message :
I added the option '-o lmtp_destination_recipient_limit=1' to Postfix and try again to send a message to someone outside my domains, but adding two people in CC. It seems that Dovecot is still handling the delivery incorrectly. Here is the transcript of what happened :
May 26 09:39:00 lmtp(47593): Debug: none: root=, index=, indexpvt=,
control=, inbox=, alt=
May 26 09:39:00 lmtp(47593): Info: Connect from 9.6.71.10
May 26 09:39:00 lmtp(47593): Debug: Loading modules from directory:
/usr/local/lib/dovecot
May 26 09:39:00 lmtp(47593): Debug: Module loaded:
/usr/local/lib/dovecot/lib10_mailden_filter_plugin.so
May 26 09:39:00 lmtp(47593): Debug: auth input: contact@mailden.pro
home=/mailboxes/mailden.pro/contact/ uid=200 gid=6
email=contact@mailden.pro
May 26 09:39:00 lmtp(47593): Debug: Added userdb setting:
plugin/email=contact@mailden.pro
May 26 09:39:00 lmtp(47593): Debug: auth input:
stan@sapienssapide.fr home=/mailboxes/sapienssapide.fr/stan/ uid=200
gid=6 email=stan@sapienssapide.fr
May 26 09:39:00 lmtp(47593): Debug: Added userdb setting:
plugin/email=stan@sapienssapide.fr
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info:
mailden_filter_plugin_init
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Debug: Effective
uid=200, gid=6, home=/mailboxes/mailden.pro/contact/
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info:
mailden_filter_mail_user_created
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info:
mailden_filter_parse_setting
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Debug:
mailden_filter: Filtering mailden_filter via socket
/var/run/dovecot//decrypt-filter
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info:
mailden_filter_parse_setting
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Debug:
mailden_filter: Filtering mailden_filter_out via socket
/var/run/dovecot//encrypt-filter
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info: plain_pass
is null
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Debug: Namespace
inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
subscriptions=yes location=dbox:/mailboxes/mailden.pro/contact/
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Debug: fs:
root=/mailboxes/mailden.pro/contact, index=, indexpvt=, control=,
inbox=, alt=
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info:
mailden_filter_mailbox_allocated
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info:
mailden_filter_mail_allocated
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info:
mailden_filter_mail_save_begin
May 26 09:39:00 box encrypt_mail: -> Encrypt arg : contact@mailden.pro
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Debug: Namespace :
Using permissions from /mailboxes/mailden.pro/contact: mode=0700
gid=default
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info:
sjhnApTvglPpuQAAz9GZsw: msgid=<5382EFA2.7020202@mailden.fr>: saved
mail to INBOX
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info:
mailden_filter_mail_allocated
May 26 09:39:00 lmtp(47593, contact@mailden.pro): Info:
mailden_filter_istream_opened
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Debug: Effective
uid=200, gid=6, home=/mailboxes/sapienssapide.fr/stan/
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Info:
mailden_filter_mail_user_created
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Info:
mailden_filter_parse_setting
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Debug:
mailden_filter: Filtering mailden_filter via socket
/var/run/dovecot//decrypt-filter
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Info:
mailden_filter_parse_setting
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Debug:
mailden_filter: Filtering mailden_filter_out via socket
/var/run/dovecot//encrypt-filter
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Info: plain_pass
is null
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Debug: Namespace
inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
subscriptions=yes location=dbox:/mailboxes/sapienssapide.fr/stan/
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Debug: fs:
root=/mailboxes/sapienssapide.fr/stan, index=, indexpvt=, control=,
inbox=, alt=
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Info:
mailden_filter_mailbox_allocated
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Info:
mailden_filter_mail_allocated
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Debug: Namespace
: Using permissions from /mailboxes/sapienssapide.fr/stan: mode=0700
gid=default
May 26 09:39:00 lmtp(47593, stan@sapienssapide.fr): Info:
sjhnApTvglPpuQAAz9GZsw: msgid=<5382EFA2.7020202@mailden.fr>: saved
mail to INBOX
May 26 09:39:00 lmtp(47593): Info: Disconnect from 9.6.71.10:
Successful quit
May 26 09:39:00 box decrypt_mail: -> Decrypt arg :
contact@mailden.pro,nThe last line above shows that, again, Dovecot is trying to read the email from mailboxe and it launched the 'decypt_mail' program with user1's params (user1 = 'contact@mailden.pro'). At this stage, neither user1 (contact@mailden.pro) nor user2 (stan@sapienssapide.fr) are connected and authenticated. Therefore, decrypt_mail is launched without user1's password (decrypc args are email and user password. In the above case, user password is set to 'n' because is missing).
Stan.
Le 26 mai 2014 à 10:01, Stanislas SABATIER a écrit :
To extend my previous message :
I added the option '-o lmtp_destination_recipient_limit=1' to Postfix and try again to send a message to someone outside my domains, but adding two people in CC. It seems that Dovecot is still handling the delivery incorrectly. Here is the transcript of what happened :
[...]
Hello Stanislas,
Still busy with your previous message, but I fear the above hasn't been concluding, as if the '-o lmtp_destination_recipient_limit=1' hadn't been taken into account: one lmtp process, same message id (sjhnApTvglPpuQAAz9GZsw).
So, it looks like you still had a single message with two recipients.
Axel
You're right, Postfix is still passing the two CC recipients in one LMTP process. I didn't find how to force Postfix to send emails one by one… Still digging… Anyway, I believe the way Dovecot is handling this case is not the right way.
Le Mon May 26 10:48:32 2014, Axel Luttgens a écrit :
Le 26 mai 2014 à 10:01, Stanislas SABATIER a écrit :
To extend my previous message :
I added the option '-o lmtp_destination_recipient_limit=1' to Postfix and try again to send a message to someone outside my domains, but adding two people in CC. It seems that Dovecot is still handling the delivery incorrectly. Here is the transcript of what happened :
[...]
Hello Stanislas,
Still busy with your previous message, but I fear the above hasn't been concluding, as if the '-o lmtp_destination_recipient_limit=1' hadn't been taken into account: one lmtp process, same message id (sjhnApTvglPpuQAAz9GZsw).
So, it looks like you still had a single message with two recipients.
Axel
Am 26.05.2014 10:54, schrieb Stanislas SABATIER:
You're right, Postfix is still passing the two CC recipients in one LMTP process. I didn't find how to force Postfix to send emails one by one
lmtp_destination_recipient_limit = 1 lmtp_destination_concurrency_limit = 1
Le 26 mai 2014 à 10:54, Stanislas SABATIER a écrit :
You're right, Postfix is still passing the two CC recipients in one LMTP process. I didn't find how to force Postfix to send emails one by one… Still digging… Anyway, I believe the way Dovecot is handling this case is not the right way.
Indeed, there's something wrong somewhere... But you have to admit you came with quite a convoluted case, and it currently can't be said for sure that Dovecot alone is the culprit. Hence the exploratory idea to try with "one recipient per message".
Now, from you Postfix setup description, you define dovecotfeed as a unix service:
dovecotfeed unix - - n - 2 lmtp -o lmtp_send_xforward_command=yes -o lmtp_tls_security_level=may
but the virtual_transport seems to be overriden by a transport_maps query returning an inet thing:
dovecotfeed:[9.9.9.9]:26
Wouldn't you have another definition for dovecotfeed somewhere else (in which case this could explain the ineffectiveness of '-o lmtp_destination_recipient_limit=1')?
That said, if you currently have a single transport, perhaps could you try to just put
lmtp_destination_recipient_limit=1into main.cf for testing purposes (works here as expected on my test machine).
While I'm busy with those config matters, I also noticed:
service lmtp { inet_listener dovecot_lmtp { address = 10.10.10.10 port = 26 ssl = yes } process_min_avail = 5 }
Unless I'm wrong, various recent threads on the Dovecot list tended to indicate that ssl currently doesn't really work with lmtp. Perhaps might it be worth to remove on both sides (Dovecot and Postfix) any setting related to ssl in conjunction with lmtp?
Ok, now going to look further at those filter matters...
Axel
Le 26/05/2014 12:29, Reindl Harald a écrit :
lmtp_destination_recipient_limit = 1 lmtp_destination_concurrency_limit = 1 I tried to put both settings to main.cf and within master.cf under my 'dovecotfeed' service, but Postfix is still using one process to CC the email to my recipients… Even when I add the setting 'lmtp_discard_lhlo_keywords = PIPELINING' in Postfix's main.cf
Stan.
Am 26.05.2014 13:53, schrieb Stanislas SABATIER:
Le 26/05/2014 12:29, Reindl Harald a écrit :
lmtp_destination_recipient_limit = 1 lmtp_destination_concurrency_limit = 1 I tried to put both settings to main.cf and within master.cf under my 'dovecotfeed' service, but Postfix is still using one process to CC the email to my recipients… Even when I add the setting 'lmtp_discard_lhlo_keywords = PIPELINING' in Postfix's main.cf
Stan.
perhaps off topic, but for gpg with dovecot this may help too
https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve
https://code.google.com/p/gpg-mailgate/
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Now, from you Postfix setup description, you define dovecotfeed as a unix service:
dovecotfeed unix - - n - 2 lmtp -o lmtp_send_xforward_command=yes -o lmtp_tls_security_level=may
but the virtual_transport seems to be overriden by a transport_maps query returning an inet thing:
dovecotfeed:[9.9.9.9]:26 Wouldn't you have another definition for dovecotfeed somewhere else (in which case this could explain the ineffectiveness of '-o lmtp_destination_recipient_limit=1')? dovecotfeed unix is the normal configuration to define a lmtp client
Le 26/05/2014 12:19, Axel Luttgens a écrit : that will forward emails to [9.9.9.9]:26
That said, if you currently have a single transport, perhaps could you try to just put
lmtp_destination_recipient_limit=1
into main.cf for testing purposes (works here as expected on my test machine).
I've already done that but it did change the behavior. You said it works as expected on your test machine, but did you try to exactly reproduce my case ? ie : having 3 different users within 3 different domains all managed by Dovecot. User1 sends an email to someone outside and CC user2 and user3. Because, if I send an email from an outside account to someone and CC user2 and user3, everything is working perfectly at Dovecot's side, even if Postfix is launching a single process to deliver the email !
While I'm busy with those config matters, I also noticed:
service lmtp { inet_listener dovecot_lmtp { address = 10.10.10.10 port = 26 ssl = yes } process_min_avail = 5 }
You're right, SSL is not working on Dovecot's LMTP. I need to remove this setting.
Regards, Stan.
Le 26 mai 2014 à 14:12, Stanislas SABATIER a écrit :
[...] I've already done that but it did change the behavior. You said it works as expected on your test machine, but did you try to exactly reproduce my case ? ie : having 3 different users within 3 different domains all managed by Dovecot. User1 sends an email to someone outside and CC user2 and user3.
Hello Stanislas,
I just meant that putting: lmtp_destination_recipient_limit=1 in main.cf yields here the expected result: one message per recipient. The idea was to have a quick check for a possible overlap of user settings (whether because of your code or Dovecot's one, or your configs).
I was hoping to perform some tests on my side, but I'm currently stuck: I'm unable to trigger the filters here (makes me remind of another yet unresolved problem, possibly related to a somewhat peculiar passdb/userdb I'm using here). Still investigating...
Because, if I send an email from an outside account to someone and CC user2 and user3, everything is working perfectly at Dovecot's side, even if Postfix is launching a single process to deliver the email ! [...]
Hmmm... I don't fully understand, but it seems you're adding new info to this thread. Could you elaborate (inside vs "outside account", "working perfectly"...)?
Axel
Le 28/05/2014 11:12, Axel Luttgens a écrit :
Because, if I send an email from an outside account to someone and CC user2 and user3, everything is working perfectly at Dovecot's side, even if Postfix is launching a single process to deliver the email ! [...] Hmmm... I don't fully understand, but it seems you're adding new info to this thread. Could you elaborate (inside vs "outside account", "working perfectly"...)?
Axel Hello, I tried to explain my specific case in my first post to the list (first mail of this thread, may 24) : I have 3 (virtuals) users belonging to 3 different domains, all managed by my Dovecot server. One of these users (user1) is connected to my Dovecot with MUA Thunderbird, and he's writing an email to someone outside of my domains (ie someone@yahoo.com for example), but he puts two others users' email addresses belonging to my domains in CC. To sum up, here are the headers : (CASE 1)
*from : user1@mydomain1*
to: someone@yahoo.com
CC: user2@mydomain2, user3@mydomaine3In this specific situation, Dovecot receives one email from Postfix for user2 and user3. Dovecot is creating two user contexts, load mail-filter plugin with user2 params, it saves the email, then it loads mail-filter plugin with user3 params BUT, instead of reading the original email from Postfix, Dovecot is trying to read the email from user2 (I see an istream opening in logs) and pass it to user3. That fails because, in this context, Dovecot can't access user2's email that has been encrypt by my mail-filter.
On the other hand, if someone outside of my domains (therefore not connected to my Dovecot) is sending the same email, with user2 and user3 in CC, Dovecot is not handling the email the same way, while receiving the same email from Postfix. To sum up, here are the headers : (CASE 2)
*from : someone@gmail.com*
to : someone@yahoo.com
CC: user2@mydomain2, user3@mydomaine3In this situation, Dovecot receives one email from Postfix for user2 and user3 (same situation than case 1). Dovecot is creating two user contexts, load mail-filter plugin with user2 params, it saves the email, then it loads mail-filter plugin with user3 params and save the email with user3 params. And I can say « working perfectly » !
All the same, in case 1 and case 2, Dovecot is receiving ONE email over LMTP from Postfix.
Regards, Stan.
Le 28 mai 2014 à 16:41, Stanislas SABATIER a écrit :
[...] I tried to explain my specific case in my first post to the list (first mail of this thread, may 24) : [...] To sum up, here are the headers : (CASE 1)
*from : user1@mydomain1* to: someone@yahoo.com CC: user2@mydomain2, user3@mydomaine3
In this specific situation, Dovecot receives one email from Postfix for user2 and user3. Dovecot is creating two user contexts, load mail-filter plugin with user2 params, it saves the email, then it loads mail-filter plugin with user3 params BUT, instead of reading the original email from Postfix, Dovecot is trying to read the email from user2 (I see an istream opening in logs) and pass it to user3. That fails because, in this context, Dovecot can't access user2's email that has been encrypt by my mail-filter.
Hello Stanislas,
Indeed, the above describes your intial post. A case I described as being a bit frightening, since it could raise some privacy concerns.
[...] To sum up, here are the headers : (CASE 2)
*from : someone@gmail.com* to : someone@yahoo.com CC: user2@mydomain2, user3@mydomaine3
In this situation, Dovecot receives one email from Postfix for user2 and user3 (same situation than case 1). Dovecot is creating two user contexts, load mail-filter plugin with user2 params, it saves the email, then it loads mail-filter plugin with user3 params and save the email with user3 params. And I can say « working perfectly » !
[...]
And here, you confirm the new info throughout this thread.
So, the nature of the envelope sender would have an impact on how an email is delivered by Dovecot's LMTP to local recipients.
Up to now, the only path I could find for bringing some confusion among recipients would be in the handling provided by client_input_data_write_local() of src/lmtp/commands.c. Even if the link with the envelope sender still remains obscure to me... Anyway, managing to have Postfix sending one message per recipient might prove useful for diagnosing the problem.
HTH, Axel
Le 30/05/2014 23:30, Axel Luttgens a écrit :
A case I described as being a bit frightening, since it could raise some privacy concerns. I agree ! Anyway, managing to have Postfix sending one message per recipient might prove useful for diagnosing the problem. HTH, Axel I managed to force Postfix to send one message per recipient, and it seams to fix the issue at Dovecot's side. So, we need to dig into Dovecot's LMTP handler. I would be delighted to help you !
Regards, Stan.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 24 May 2014, Stanislas SABATIER wrote:
Dovecot is handling the final delivery, through mail-filter plugin as follow :
- both users contexts are created from user_db queries
- mail-filter plugin is init for user2
- /mail_user_created/ for user2
- mai-filter plugin arguments are parsed for user2
- â?¦/mail_allocated/ then /mail_save_begin/ for user2 (at this stage, the email is encrypted with users2 params)
- Dovecot tells to LMTP that mail for user2 is delivered
- then, â?? we are still in user2 context â??, an other /mail_allocated/ is run, followed by a /istream_opened/
- mail user context is swithed to user3 --> /mail_user_created/ --> plugin's args parsed --> â?¦ /mail_allocated/
- andâ?¦ Dovecot tells to LMTP that mail for user3 is delivered
So, it appears that Dovecot is re-using user2's email to pass it to user3 by opening an istream in user2's context. In my configuration, Dovecot can't do that because it has not the user2's private rsa key to reopen the email it has just encrypted, so it passes the email to user3 with user2 encryption params. Final result : user3 is receiving the email encrypted with user2's rsa key !
Problem : how to force Dovecot to deinit then reinit mail-filter plugin for each user to be sure that each email is encrypted with the right key before it is saved to users' mailboxes ?
If your observation are true, you cannot. I sligthly remember a discussion about a plugin, that changes the message content. Timo answered that with "that is not supported". Also, see:
http://wiki2.dovecot.org/Plugins/MailFilter
"(TODO: Modifying the mail during writing would be possible with some code changes.) " in first paragraph.
Encrypting the message is "to modify the mail" IMHO.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBU5BdM3z1H7kL/d9rAQJk9ggAotNs87I4IbLwWQEcX9Rt3NGmwxzDfcMF B5z9/O2C/xv3Kp4FVS5rGg1j1g4fQKVyhDvSaJ3ClrN5M1OyFRa8bqvM2sQ8ID88 TcU6HVDvE4SjL85rpUogvOJhkrhIjpd2Kj+X3AcuxdOAerXg5cK9b5ATH1FeS2RT vyrWLcDXZuaZS36aCgiCMm0UBT3hAWGZAlJEm5x2Fyi3uIHbyT57rxLTXekhtmOA hw+oOUXfaTSOGMb4F9XK6dfWz8ss2jdmADL2RYiCzU/5DPoBWdL8nRs2lHRA+e+h E6lIbHu38NW0fEUGxJmL7LpvMgAIpHL6Mi7P7zHJ9iignJHnSTccIw== =Yn7c -----END PGP SIGNATURE-----
Le 05/06/2014 14:06, Steffen Kaiser a écrit :
If your observation are true, you cannot. I sligthly remember a discussion about a plugin, that changes the message content. Timo answered that with "that is not supported". Also, see:
http://wiki2.dovecot.org/Plugins/MailFilter
"(TODO: Modifying the mail during writing would be possible with some code changes.) " in first paragraph.
Encrypting the message is "to modify the mail" IMHO.
-- Steffen Kaiser Hello Steffen,
I do encrypt/decrypt email on-the-fly for months now with the help of mail-filter plugin. It works perfectly as long as the decrypted email is exactly as it was before it was encrypted, which is the case with my bespoke encrypt/decrypt programs. That is not the point I raised in this thread. The point is that, in a specific circumstance, Dovecot is trying to read an email that has been encrypted without having the user this email belongs to authenticated.
Regards, Stan.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 5 Jun 2014, Stanislas SABATIER wrote:
Hallo Stanislas,
Le 05/06/2014 14:06, Steffen Kaiser a écrit :
If your observation are true, you cannot. I sligthly remember a discussion about a plugin, that changes the message content. Timo answered that with "that is not supported". Also, see:
http://wiki2.dovecot.org/Plugins/MailFilter
"(TODO: Modifying the mail during writing would be possible with some code changes.) " in first paragraph.
Encrypting the message is "to modify the mail" IMHO.
I do encrypt/decrypt email on-the-fly for months now with the help of mail-filter plugin. It works perfectly as long as the decrypted email is exactly as it was before it was encrypted, which is the case with my bespoke encrypt/decrypt programs. That is not the point I raised in this thread. The point is that, in a specific circumstance, Dovecot is trying to read an email that has been encrypted without having the user this email belongs to authenticated.
Yes, I understand and I've read the thread including your reply from Sat, 31 May 2014 16:24:22. Possibly, this situation is the only one or just one of the problems, why Timo wrote that TODO in the Wiki.
What you've wrote seems to indicate that Dovecot passes the only existing copy of the message through the filter and drops it to user2's mailbox. In order to drop it to user3, Dovecot needs a copy of the message again. This is what the "-p" option of Dovecot deliver does.
Dovecot would need to spool the incoming message somewhere before passing through the filter for each recipient. Or fork as many delivery processes as recipients there are and multiplex the incoming message to all forks.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBU5B7HXz1H7kL/d9rAQJVTwgArWG8s7it9JeL6gdw+EuaFlQyLWYdrePU iVLen633Cj+bOhbxCzcIIcdJ6gAFWVTUu+U/7Nizv0WIBpVvP3D2hNj8IOZiqKjd Tj4plpkKvRAnWqZfYOY5ez0GXL/oRpTWs/Z2K1Wi68TXC6B+CQgd/Xi4cSFfEAzt UYN9/uYleT2fEP/5ONDXy3nmskK4vWRuXkXIQai8LG8QNpfmWb01+4bglZl8KoeJ Rjmyzdd6gn1iDdyIq2YSXkBZBqqUCmIEiYRuIDglZf1JC/2Cv+Jfk0pge34KErxM 3RDjptajRCmbMBycupoqauOoUQ1DL3Nj3GDsmNyHzyx53tOUbQOCdQ== =mfr3 -----END PGP SIGNATURE-----
participants (5)
-
Axel Luttgens
-
Reindl Harald
-
Robert Schetterer
-
Stanislas SABATIER
-
Steffen Kaiser