Dovecot cannot access mailcrypt decryption key
On 30/11/2020 13:07 Daniel Niewerth <d.niewerth@gmx.de> wrote:
Hello everyone,
I have a problem with MailCrypt on my Dovecot installation. I have two Dovecot servers with Maildir on a shared filesystem. In front of the servers is a dovecot director, so that the connections of a user are always directed to the same backend server.
The setup worked fine for almost a year. Since a few weeks I have the occasional problem with my primary mailbox that Dovecot cannot access the decryption key.
So far I have always solved the problem by restoring the servers completely from the last backup. Of course this is not a proper solution.
The following message appears in the logfile: Nov 30 10:56:11 vsrv-dus6-mta01 dovecot: imap(daniel@xxx)<26699><sPhx21C1UdTAqAFk>: Error: Mailbox INBOX: UID=15338: read() failed: read(/var/vmail/mailboxes/xxx/daniel/mail/cur/1606576233.M400743P1901.vsrv-dus6-mta01,S=1958,W=2004:2,) failed: Decryption error: no private key available Nov 30 10:58:39 vsrv-dus6-mta01 dovecot: imap(daniel@xxx)<26788><PPlx5FC1WtTAqAFk>: Error: Mailbox INBOX: UID=15338: read() failed: read(/var/vmail/mailboxes/xxx/daniel/mail/cur/1606576233.M400743P1901.vsrv-dus6-mta01,S=1958,W=2004:2,) failed: Decryption error: no private key available Nov 30 10:58:42 vsrv-dus6-mta01 dovecot: imap(daniel@xxx)<26792><pEqC5FC1W9TAqAFk>: Error: Mailbox INBOX: UID=15338: read() failed: read(/var/vmail/mailboxes/xxx/daniel/mail/cur/1606576233.M400743P1901.vsrv-dus6-mta01,S=1958,W=2004:2,) failed: Decryption error: no private key available
The file "dovecot-attributes" exists and has not been changed according to the timestamp. I can open the file and view its contents.
root@vsrv-dus6-mta01:~# ls -lh /var/vmail/mailboxes/xxx/daniel/Maildir/ total 7,5K -rw------- 1 vmail vmail 7,3K Jan 27 2020 dovecot-attributes root@vsrv-dus6-mta01:~#
When I run "doveadm mailbox cryptokey list" it returns an empty result.
root@vsrv-dus6-mta01:~# doveadm mailbox cryptokey list -u daniel@xxx -U doveadm(daniel@xxx): Warning: mailbox cryptokey list: Nothing was matched. Use -U or specify mask? Folder Active Public ID root@vsrv-dus6-mta01:~#
root@vsrv-dus6-mta01:~# doveadm mailbox cryptokey list -u sabine@xxx -U Folder Active Public ID yes xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx root@vsrv-dus6-mta01:~#
Can anyone tell me anything about the problem?
My Dovecot version: root@vsrv-dus6-mta01:~# dovecot --version 2.3.11.3 (502c39af9) root@vsrv-dus6-mta01:~#
Best regards Daniel
Can you check your mailbox-attributes that it actually contains the encryption key?
Also can you try
doveadm -Dv fetch -u daniel@xxx text 1
and see if it gives any clues where it goes wrong?
Aki
participants (2)
-
Aki Tuomi
-
Daniel Niewerth