On 30/11/2020 13:07 Daniel Niewerth d.niewerth@gmx.de wrote:

Hello everyone,

I have a problem with MailCrypt on my Dovecot installation. I have two Dovecot servers with Maildir on a shared filesystem. In front of the servers is a dovecot director, so that the connections of a user are always directed to the same backend server.

The setup worked fine for almost a year. Since a few weeks I have the occasional problem with my primary mailbox that Dovecot cannot access the decryption key.

So far I have always solved the problem by restoring the servers completely from the last backup. Of course this is not a proper solution.

The following message appears in the logfile: Nov 30 10:56:11 vsrv-dus6-mta01 dovecot: imap(daniel@xxx)<26699><sPhx21C1UdTAqAFk>: Error: Mailbox INBOX: UID=15338: read() failed: read(/var/vmail/mailboxes/xxx/daniel/mail/cur/1606576233.M400743P1901.vsrv-dus6-mta01,S=1958,W=2004:2,) failed: Decryption error: no private key available Nov 30 10:58:39 vsrv-dus6-mta01 dovecot: imap(daniel@xxx)<26788><PPlx5FC1WtTAqAFk>: Error: Mailbox INBOX: UID=15338: read() failed: read(/var/vmail/mailboxes/xxx/daniel/mail/cur/1606576233.M400743P1901.vsrv-dus6-mta01,S=1958,W=2004:2,) failed: Decryption error: no private key available Nov 30 10:58:42 vsrv-dus6-mta01 dovecot: imap(daniel@xxx)<26792><pEqC5FC1W9TAqAFk>: Error: Mailbox INBOX: UID=15338: read() failed: read(/var/vmail/mailboxes/xxx/daniel/mail/cur/1606576233.M400743P1901.vsrv-dus6-mta01,S=1958,W=2004:2,) failed: Decryption error: no private key available

The file "dovecot-attributes" exists and has not been changed according to the timestamp. I can open the file and view its contents.

root@vsrv-dus6-mta01:~# ls -lh /var/vmail/mailboxes/xxx/daniel/Maildir/ total 7,5K -rw------- 1 vmail vmail 7,3K Jan 27 2020 dovecot-attributes root@vsrv-dus6-mta01:~#

When I run "doveadm mailbox cryptokey list" it returns an empty result.

root@vsrv-dus6-mta01:~# doveadm mailbox cryptokey list -u daniel@xxx -U doveadm(daniel@xxx): Warning: mailbox cryptokey list: Nothing was matched. Use -U or specify mask? Folder Active Public ID root@vsrv-dus6-mta01:~#

root@vsrv-dus6-mta01:~# doveadm mailbox cryptokey list -u sabine@xxx -U Folder Active Public ID yes xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx root@vsrv-dus6-mta01:~#

Can anyone tell me anything about the problem?

My Dovecot version: root@vsrv-dus6-mta01:~# dovecot --version 2.3.11.3 (502c39af9) root@vsrv-dus6-mta01:~#

Best regards Daniel

Can you check your mailbox-attributes that it actually contains the encryption key?

Also can you try

doveadm -Dv fetch -u daniel@xxx text 1

and see if it gives any clues where it goes wrong?

Aki