Re: dmarc user can't receive email because of encrypted storage
On 04/05/2023 21:08 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 20:53, Aki Tuomi via dovecot wrote:
On 04/05/2023 20:11 EEST efeizbudak--- via dovecot <dovecot@dovecot.org> wrote:
Hi all,
So recently google has been trying to send email to dmarc@domain.com on my server but I'm using encrypted storage and since the dmarc user has no password the email is being rejected with the error:
May 4 16:51:50 domain dovecot: lda(dmarc)<3326><l0J9NabiU2T+DAAA1iAyAg>: Error: sieve: msgid=<10341808348719730099@google.com>: failed to store into mailbox 'INBOX': generate_keypair(INBOX) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
How can I fix this, or at least read what the mail says? Would it be safe to just give dmarc user a strong password?
You can run
doveadm mailbox cryptokey generate -U dmarc -N
so the user will have a keypair generated. Then it should work.
Aki
I'm getting
generate: invalid option -- 'N'
should I just run it without -N ?
Thank you!
Please keep responses on the list.
Try -n password? I have a faint recall of a buggy version like this.
Aki
On 04/05/2023 21:09 EEST Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
On 04/05/2023 21:08 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 20:53, Aki Tuomi via dovecot wrote:
On 04/05/2023 20:11 EEST efeizbudak--- via dovecot <dovecot@dovecot.org> wrote:
Hi all,
So recently google has been trying to send email to dmarc@domain.com on my server but I'm using encrypted storage and since the dmarc user has no password the email is being rejected with the error:
May 4 16:51:50 domain dovecot: lda(dmarc)<3326><l0J9NabiU2T+DAAA1iAyAg>: Error: sieve: msgid=<10341808348719730099@google.com>: failed to store into mailbox 'INBOX': generate_keypair(INBOX) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
How can I fix this, or at least read what the mail says? Would it be safe to just give dmarc user a strong password?
You can run
doveadm mailbox cryptokey generate -U dmarc -N
so the user will have a keypair generated. Then it should work.
Aki
I'm getting
generate: invalid option -- 'N'
should I just run it without -N ?
Thank you!
Please keep responses on the list.
Try -n password? I have a faint recall of a buggy version like this.
Aki
Sorry for replying twice, I'm getting doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) when I try to run it without the -N op
Sorry, my bad.
doveadm mailbox cryptokey generate -U -u dmarc -n password
Aki
On 2023-05-04 21:16, Aki Tuomi wrote:
On 04/05/2023 21:09 EEST Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
On 04/05/2023 21:08 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 20:53, Aki Tuomi via dovecot wrote:
On 04/05/2023 20:11 EEST efeizbudak--- via dovecot <dovecot@dovecot.org> wrote:
Hi all,
So recently google has been trying to send email to dmarc@domain.com on my server but I'm using encrypted storage and since the dmarc user has no password the email is being rejected with the error:
May 4 16:51:50 domain dovecot: lda(dmarc)<3326><l0J9NabiU2T+DAAA1iAyAg>: Error: sieve: msgid=<10341808348719730099@google.com>: failed to store into mailbox 'INBOX': generate_keypair(INBOX) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
How can I fix this, or at least read what the mail says? Would it be safe to just give dmarc user a strong password?
You can run
doveadm mailbox cryptokey generate -U dmarc -N
so the user will have a keypair generated. Then it should work.
Aki
I'm getting
generate: invalid option -- 'N'
should I just run it without -N ?
Thank you!
Please keep responses on the list.
Try -n password? I have a faint recall of a buggy version like this.
Aki
Sorry for replying twice, I'm getting doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) when I try to run it without the -N op
Sorry, my bad.
doveadm mailbox cryptokey generate -U -u dmarc -n password
Aki This too gives me
generate: invalid option -- 'n'
On 04/05/2023 21:20 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 21:16, Aki Tuomi wrote:
On 04/05/2023 21:09 EEST Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
On 04/05/2023 21:08 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 20:53, Aki Tuomi via dovecot wrote:
On 04/05/2023 20:11 EEST efeizbudak--- via dovecot <dovecot@dovecot.org> wrote:
Hi all,
So recently google has been trying to send email to dmarc@domain.com on my server but I'm using encrypted storage and since the dmarc user has no password the email is being rejected with the error:
May 4 16:51:50 domain dovecot: lda(dmarc)<3326><l0J9NabiU2T+DAAA1iAyAg>: Error: sieve: msgid=<10341808348719730099@google.com>: failed to store into mailbox 'INBOX': generate_keypair(INBOX) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
How can I fix this, or at least read what the mail says? Would it be safe to just give dmarc user a strong password?
You can run
doveadm mailbox cryptokey generate -U dmarc -N
so the user will have a keypair generated. Then it should work.
Aki
I'm getting
generate: invalid option -- 'N'
should I just run it without -N ?
Thank you!
Please keep responses on the list.
Try -n password? I have a faint recall of a buggy version like this.
Aki
Sorry for replying twice, I'm getting doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) when I try to run it without the -N op
Sorry, my bad.
doveadm mailbox cryptokey generate -U -u dmarc -n password
Aki This too gives me
generate: invalid option -- 'n'
So it seems. Have to investigate this.
In the mean time, can you try just
doveadm mailbox cryptokey generate -U -u dmarc
If you want, you can do
doveadm mailbox cryptokey password -u user -U -N
which hopefully should work.
Aki
On 2023-05-04 21:25, Aki Tuomi wrote:
On 04/05/2023 21:20 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 21:16, Aki Tuomi wrote:
On 04/05/2023 21:09 EEST Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
On 04/05/2023 21:08 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 20:53, Aki Tuomi via dovecot wrote:
> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot > <dovecot@dovecot.org> wrote: > > > Hi all, > > So recently google has been trying to send email to dmarc@domain.com > on > my server but I'm using encrypted storage and since the dmarc user has > no password the email is being rejected with the error: > > May 4 16:51:50 domain dovecot: > lda(dmarc)<3326><l0J9NabiU2T+DAAA1iAyAg>: Error: sieve: > msgid=<10341808348719730099@google.com>: failed to store into mailbox > 'INBOX': generate_keypair(INBOX) failed: > mail_crypt_require_encrypted_user_key set, cannot generate user > keypair > without password or key > > How can I fix this, or at least read what the mail says? Would it be > safe to just give dmarc user a strong password?
You can run
doveadm mailbox cryptokey generate -U dmarc -N
so the user will have a keypair generated. Then it should work.
Aki
I'm getting
generate: invalid option -- 'N'
should I just run it without -N ?
Thank you!
Please keep responses on the list.
Try -n password? I have a faint recall of a buggy version like this.
Aki
Sorry for replying twice, I'm getting doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) when I try to run it without the -N op
Sorry, my bad.
doveadm mailbox cryptokey generate -U -u dmarc -n password
Aki This too gives me
generate: invalid option -- 'n'
So it seems. Have to investigate this.
In the mean time, can you try just
doveadm mailbox cryptokey generate -U -u dmarc
If you want, you can do
doveadm mailbox cryptokey password -u user -U -N
which hopefully should work.
Aki First one gives,
doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key doveadm(dmarc): Warning: mailbox cryptokey generate: Nothing was matched. Use -U or specify mask? doveadm(dmarc): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1) doveadm(dmarc): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7fe3f93e04e2] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7fe3f93e05fe] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc49b) [0x7fe3f93ec49b] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc4d1) [0x7fe3f93ec4d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x53aee) [0x7fe3f9343aee] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x407c9) [0x7fe3f94f47c9] -> doveadm(+0x31bcd) [0x55c2ab3d7bcd] -> doveadm(+0x32632) [0x55c2ab3d8632] -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x22d) [0x55c2ab3d94ad] -> doveadm(doveadm_cmd_run_ver2+0x4c8) [0x55c2ab3e9b88] -> doveadm(doveadm_cmd_try_run_ver2+0x3a) [0x55c2ab3e9bda] -> doveadm(main+0x1d0) [0x55c2ab3c8450] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7fe3f8f9fd0a] -> doveadm(_start+0x2a) [0x55c2ab3c892a] Aborted
And the second one gives,
password: invalid option -- 'U'
Thank you for looking into it!
On 04/05/2023 21:28 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 21:25, Aki Tuomi wrote:
On 04/05/2023 21:20 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 21:16, Aki Tuomi wrote:
On 04/05/2023 21:09 EEST Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
On 04/05/2023 21:08 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot >> <dovecot@dovecot.org> wrote: >> >> >> Hi all, >> >> So recently google has been trying to send email to dmarc@domain.com >> on >> my server but I'm using encrypted storage and since the dmarc user has >> no password the email is being rejected with the error: >> >> May 4 16:51:50 domain dovecot: >> lda(dmarc)<3326><l0J9NabiU2T+DAAA1iAyAg>: Error: sieve: >> msgid=<10341808348719730099@google.com>: failed to store into mailbox >> 'INBOX': generate_keypair(INBOX) failed: >> mail_crypt_require_encrypted_user_key set, cannot generate user >> keypair >> without password or key >> >> How can I fix this, or at least read what the mail says? Would it be >> safe to just give dmarc user a strong password? > > You can run > > doveadm mailbox cryptokey generate -U dmarc -N > > so the user will have a keypair generated. Then it should work. > > Aki
I'm getting
generate: invalid option -- 'N'
should I just run it without -N ?
Thank you!
Please keep responses on the list.
Try -n password? I have a faint recall of a buggy version like this.
Aki
Sorry for replying twice, I'm getting doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) when I try to run it without the -N op
Sorry, my bad.
doveadm mailbox cryptokey generate -U -u dmarc -n password
Aki This too gives me
generate: invalid option -- 'n'
So it seems. Have to investigate this.
In the mean time, can you try just
doveadm mailbox cryptokey generate -U -u dmarc
If you want, you can do
doveadm mailbox cryptokey password -u user -U -N
which hopefully should work.
Aki First one gives,
doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key doveadm(dmarc): Warning: mailbox cryptokey generate: Nothing was matched. Use -U or specify mask? doveadm(dmarc): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1) doveadm(dmarc): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7fe3f93e04e2] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7fe3f93e05fe] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc49b) [0x7fe3f93ec49b] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc4d1) [0x7fe3f93ec4d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x53aee) [0x7fe3f9343aee] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x407c9) [0x7fe3f94f47c9] -> doveadm(+0x31bcd) [0x55c2ab3d7bcd] -> doveadm(+0x32632) [0x55c2ab3d8632] -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x22d) [0x55c2ab3d94ad] -> doveadm(doveadm_cmd_run_ver2+0x4c8) [0x55c2ab3e9b88] -> doveadm(doveadm_cmd_try_run_ver2+0x3a) [0x55c2ab3e9bda] -> doveadm(main+0x1d0) [0x55c2ab3c8450] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7fe3f8f9fd0a] -> doveadm(_start+0x2a) [0x55c2ab3c892a] Aborted
And the second one gives,
password: invalid option -- 'U'
Thank you for looking into it!
Sorry, this is bit annoying issue. Seems there was a slight oversight when this option was added.. anyways...
try
doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox cryptokey generate -U -u dmarc
maybe it works?
Aki
On 2023-05-04 21:31, Aki Tuomi via dovecot wrote:
On 04/05/2023 21:28 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 21:25, Aki Tuomi wrote:
On 04/05/2023 21:20 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 21:16, Aki Tuomi wrote:
On 04/05/2023 21:09 EEST Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
> On 04/05/2023 21:08 EEST efeizbudak@disroot.org wrote: > > > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot > >> <dovecot@dovecot.org> wrote: > >> > >> > >> Hi all, > >> > >> So recently google has been trying to send email to dmarc@domain.com > >> on > >> my server but I'm using encrypted storage and since the dmarc user has > >> no password the email is being rejected with the error: > >> > >> May 4 16:51:50 domain dovecot: > >> lda(dmarc)<3326><l0J9NabiU2T+DAAA1iAyAg>: Error: sieve: > >> msgid=<10341808348719730099@google.com>: failed to store into mailbox > >> 'INBOX': generate_keypair(INBOX) failed: > >> mail_crypt_require_encrypted_user_key set, cannot generate user > >> keypair > >> without password or key > >> > >> How can I fix this, or at least read what the mail says? Would it be > >> safe to just give dmarc user a strong password? > > > > You can run > > > > doveadm mailbox cryptokey generate -U dmarc -N > > > > so the user will have a keypair generated. Then it should work. > > > > Aki > > I'm getting > > generate: invalid option -- 'N' > > should I just run it without -N ? > > Thank you!
Please keep responses on the list.
Try -n password? I have a faint recall of a buggy version like this.
Aki
Sorry for replying twice, I'm getting doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) when I try to run it without the -N op
Sorry, my bad.
doveadm mailbox cryptokey generate -U -u dmarc -n password
Aki This too gives me
generate: invalid option -- 'n'
So it seems. Have to investigate this.
In the mean time, can you try just
doveadm mailbox cryptokey generate -U -u dmarc
If you want, you can do
doveadm mailbox cryptokey password -u user -U -N
which hopefully should work.
Aki First one gives,
doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key doveadm(dmarc): Warning: mailbox cryptokey generate: Nothing was matched. Use -U or specify mask? doveadm(dmarc): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1) doveadm(dmarc): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7fe3f93e04e2] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7fe3f93e05fe] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc49b) [0x7fe3f93ec49b] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc4d1) [0x7fe3f93ec4d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x53aee) [0x7fe3f9343aee] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x407c9) [0x7fe3f94f47c9] -> doveadm(+0x31bcd) [0x55c2ab3d7bcd] -> doveadm(+0x32632) [0x55c2ab3d8632] -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x22d) [0x55c2ab3d94ad] -> doveadm(doveadm_cmd_run_ver2+0x4c8) [0x55c2ab3e9b88] -> doveadm(doveadm_cmd_try_run_ver2+0x3a) [0x55c2ab3e9bda] -> doveadm(main+0x1d0) [0x55c2ab3c8450] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7fe3f8f9fd0a] -> doveadm(_start+0x2a) [0x55c2ab3c892a] Aborted
And the second one gives,
password: invalid option -- 'U'
Thank you for looking into it!
Sorry, this is bit annoying issue. Seems there was a slight oversight when this option was added.. anyways...
try
doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox cryptokey generate -U -u dmarc
maybe it works?
Aki This gives the same error as the above that starts with
doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
On 05/05/2023 05:49 EEST efeizbudak--- via dovecot <dovecot@dovecot.org> wrote:
try
doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox cryptokey generate -U -u dmarc
maybe it works?
Aki This gives the same error as the above that starts with
doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
Ok, since this is getting too annoying I tested out that
doveadm -o plugin/mail_crypt_private_password=foo mailbox cryptokey generate -u dmarc -U
at least works for me with that setting.
I've made an issue of this, because it's not supposed to work like this. Although it can end up as documentation task.
Aki
On 2023-05-05 09:09, Aki Tuomi via dovecot wrote:
On 05/05/2023 05:49 EEST efeizbudak--- via dovecot <dovecot@dovecot.org> wrote:
try
doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox cryptokey generate -U -u dmarc
maybe it works?
Aki This gives the same error as the above that starts with
doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
Ok, since this is getting too annoying I tested out that
doveadm -o plugin/mail_crypt_private_password=foo mailbox cryptokey generate -u dmarc -U
at least works for me with that setting.
I've made an issue of this, because it's not supposed to work like this. Although it can end up as documentation task.
Aki That worked! Thank you!!
On 2023-05-05 14:29, efeizbudak--- via dovecot wrote:
On 2023-05-05 09:09, Aki Tuomi via dovecot wrote:
On 05/05/2023 05:49 EEST efeizbudak--- via dovecot <dovecot@dovecot.org> wrote:
try
doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox cryptokey generate -U -u dmarc
maybe it works?
Aki This gives the same error as the above that starts with
doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
Ok, since this is getting too annoying I tested out that
doveadm -o plugin/mail_crypt_private_password=foo mailbox cryptokey generate -u dmarc -U
at least works for me with that setting.
I've made an issue of this, because it's not supposed to work like this. Although it can end up as documentation task.
Aki That worked! Thank you!! Sorry, I've missed one important part. After running this command and creating the keys, the emails are now received fine on the account but how can I actually read them? I've tried to log into the account using something like
mutt -f imap://dmarc@domain.com/Inbox
but the login fails I guess because the user has keys but no password to login. How can I decrypt the mail on this account using the generated keys? I've also tried
doveadm fetch -u dmarc "text" MAILBOX INBOX UNSEEN
which gives me an error about password not being available.
On 05/05/2023 14:57 EEST efeizbudak@disroot.org wrote:
On 2023-05-05 14:29, efeizbudak--- via dovecot wrote:
On 2023-05-05 09:09, Aki Tuomi via dovecot wrote:
On 05/05/2023 05:49 EEST efeizbudak--- via dovecot <dovecot@dovecot.org> wrote:
try
doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox cryptokey generate -U -u dmarc
maybe it works?
Aki This gives the same error as the above that starts with
doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
Ok, since this is getting too annoying I tested out that
doveadm -o plugin/mail_crypt_private_password=foo mailbox cryptokey generate -u dmarc -U
at least works for me with that setting.
I've made an issue of this, because it's not supposed to work like this. Although it can end up as documentation task.
Aki That worked! Thank you!! Sorry, I've missed one important part. After running this command and creating the keys, the emails are now received fine on the account but how can I actually read them? I've tried to log into the account using something like
mutt -f imap://dmarc@domain.com/Inbox
but the login fails I guess because the user has keys but no password to login. How can I decrypt the mail on this account using the generated keys? I've also tried
doveadm fetch -u dmarc "text" MAILBOX INBOX UNSEEN
which gives me an error about password not being available.
Well yes. There have been so many threads on this on the mailing list so I'll just summarize it here:
If you are going to use per-user-passwords, you need to hash them. In config, you need to export this in passdb. Otherwise it will never end up in plugin environment. Hash them to avoid certain characters making a mess and also to make it more secure.
You **must** either make your users to log in to to Dovecot before receiving email, **or** include cryptokey management in your provisioning workflow. Remember to hash the password when providing it over -o plugin/mail_crypt_private_password.
Dovecot has no facility to ask the password over IMAP when you try to read the mail.
Doing per-user-password encryption is difficult to get right.
Aki
On 2023-05-04 21:09, Aki Tuomi wrote:
On 04/05/2023 21:08 EEST efeizbudak@disroot.org wrote:
On 2023-05-04 20:53, Aki Tuomi via dovecot wrote:
On 04/05/2023 20:11 EEST efeizbudak--- via dovecot <dovecot@dovecot.org> wrote:
Hi all,
So recently google has been trying to send email to dmarc@domain.com on my server but I'm using encrypted storage and since the dmarc user has no password the email is being rejected with the error:
May 4 16:51:50 domain dovecot: lda(dmarc)<3326><l0J9NabiU2T+DAAA1iAyAg>: Error: sieve: msgid=<10341808348719730099@google.com>: failed to store into mailbox 'INBOX': generate_keypair(INBOX) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
How can I fix this, or at least read what the mail says? Would it be safe to just give dmarc user a strong password?
You can run
doveadm mailbox cryptokey generate -U dmarc -N
so the user will have a keypair generated. Then it should work.
Aki
I'm getting
generate: invalid option -- 'N'
should I just run it without -N ?
Thank you!
Please keep responses on the list.
Try -n password? I have a faint recall of a buggy version like this.
Aki Unfortunately doesn't work. I've also tried
doveadm mailbox cryptokey password -N -U dmarc
doveadm mailbox cryptokey generate -N -U dmarc
doveadm mailbox cryptokey generate -U dmarc -n password
participants (2)
-
Aki Tuomi
-
efeizbudak@disroot.org