mail_crypt not working on incoming messages?
[Dovecot v2.2.33.2]
I'm testing out mail_crypt on a fresh Dovecot install to get a feel for how it works, but I'm running into something unexpected.
The mail_crypt plugin does seem to be working, but NOT on incoming email. What I mean is, if I send a test email to the server that has Dovecot installed, the message correctly arrives in the user's Maildir folder (I'm using Maildir format, not mbox), as I can see the mail message file appear. However, the message file is in plaintext and is not encrypted. But, if, using my Thunderbird email client connected to that account via IMAP, I move that message out of the inbox of that account to a folder on another account, and then move it back in to the original inbox, the file that appears in the Maildir folder structure IS encrypted.
I have confirmed that mail_crypt is active in 10-mail.conf, 20-imap.conf, and 20-pop3.conf. The global public and private keys are working because (a) there are no errors and (b) it DOES encrypt -- just not on incoming email. mail_crypt_save_version is set 2, as per the docs for Dovecot 2 instruct.
What am I missing? Does anyone have any thoughts as to why JUST incoming messages aren't encrypted, but that messages moved into the IMAP account DO get encrypted? Did I set up something incorrectly? I'm using sendmail as the MTA, if that matters, and messages are routed to the user's Maildir folder structure using a .procmailrc in that user's home folder. -Dave
On 22 March 2019 19:36 Dave via dovecot <dovecot@dovecot.org> wrote:
[Dovecot v2.2.33.2]
I'm testing out mail_crypt on a fresh Dovecot install to get a feel for how it works, but I'm running into something unexpected.
The mail_crypt plugin does seem to be working, but NOT on incoming email. What I mean is, if I send a test email to the server that has Dovecot installed, the message correctly arrives in the user's Maildir folder (I'm using Maildir format, not mbox), as I can see the mail message file appear. However, the message file is in plaintext and is not encrypted. But, if, using my Thunderbird email client connected to that account via IMAP, I move that message out of the inbox of that account to a folder on another account, and then move it back in to the original inbox, the file that appears in the Maildir folder structure IS encrypted.
I have confirmed that mail_crypt is active in 10-mail.conf, 20-imap.conf, and 20-pop3.conf. The global public and private keys are working because (a) there are no errors and (b) it DOES encrypt -- just not on incoming email. mail_crypt_save_version is set 2, as per the docs for Dovecot 2 instruct.
What am I missing? Does anyone have any thoughts as to why JUST incoming messages aren't encrypted, but that messages moved into the IMAP account DO get encrypted? Did I set up something incorrectly? I'm using sendmail as the MTA, if that matters, and messages are routed to the user's Maildir folder structure using a .procmailrc in that user's home folder. -Dave
Dovecot cannot magically encrypt your email, so it has to go thru dovecot-lda or lmtp. Procmail can call dovecot-lda, if you don't want to migrate to using sieve.
Aki
On 3/22/2019 12:48 PM, Aki Tuomi wrote:
What am I missing? Does anyone have any thoughts as to why JUST incoming messages aren't encrypted, but that messages moved into the IMAP account DO get encrypted? Did I set up something incorrectly? I'm using sendmail as the MTA, if that matters, and messages are routed to the user's Maildir folder structure using a .procmailrc in that user's home folder. -Dave Dovecot cannot magically encrypt your email, so it has to go thru dovecot-lda or lmtp. Procmail can call dovecot-lda, if you don't want to migrate to using sieve.
Aki
Aki, that's what I was starting to gather from what was happening (ie, that the incoming mail was outside of my particular setup of Dovecot's "scope" in the mail process), but I just couldn't find the situation referenced anywhere in any threads or in any documentation. I'll research the things you mentioned and figure out how best to integrate one into my setup here. I appreciate the response. -Dave
Dovecot cannot magically encrypt your email, so it has to go thru dovecot-lda or lmtp. Procmail can call dovecot-lda, if you don't want to migrate to using sieve.
Aki
For anyone interested, I was able to get the encryption working on incoming mail on my test machine using the "procmail calling dovecot-lda" method Aki mentioned above. This functionality could be made system-wide by using /etc/procmailrc, I would guess, but I just did it on a per-account basis using .procmailrc in the user's home folder:
-------------------[ .procmailrc ]------------------------ MAILDIR=$HOME/Maildir SHELL=/bin/bash DELIVER=/usr/lib/dovecot/dovecot-lda
:0 | $DELIVER
I will continue to investigate the other methods though, as I know sieve is more modern and I'm also interested in the LMTP functionality. Thanks again for the the help.
participants (2)
-
Aki Tuomi
-
Dave