Dovecot, mail_crypt, global keys, permissions
Hello,
I'm using Dovecot v2.3 with the mail_crypt plugin and global keys. I am seeing this error immediately after imap login then after this error imap logs out. I'm hoping this is a simple permissions problem and the key can not be read rather than an underlying configuration issue.
I do not know what this UID 5395 refers to.
2023-08-11T04:14:14.539308-04:00 hostname dovecot: imap(username@domain.org)<492738><zO4WTKECnvRoDWll>: Error: Mailbox INBOX: UID=5395: read() failed: read(/var/mail/mailboxes/domain.org/username/mail/mailboxes/INBOX/dbox-Mails/u.5395) failed: Private key not available: mailbox_attribute_get(INBOX, /priv/vendor/vendor.dovecot/pvt/crypt/privkeys/e9f195fe9fd1953d08e815ba6fda9b6c5ae1ed692c9adade2f958c322552cbb0) failed: Mailbox attributes not enabled (FETCH BODY[HEADER])
#ls -ld crypt drwxr-xr-x 2 root root 4096 Jul 25 08:52 crypt/
# cd crypt #ls -l * -r-------- 1 root root 241 Jul 25 15:43 master.key -rw-r--r-- 1 root root 178 Jul 25 15:43 master.pub
Thanks. Dave.
Seems like you are missing mail_attribute_dict?
Aki
On 11/08/2023 11:32 EEST David Mehler dave.mehler@gmail.com wrote:
Hello,
I'm using Dovecot v2.3 with the mail_crypt plugin and global keys. I am seeing this error immediately after imap login then after this error imap logs out. I'm hoping this is a simple permissions problem and the key can not be read rather than an underlying configuration issue.
I do not know what this UID 5395 refers to.
2023-08-11T04:14:14.539308-04:00 hostname dovecot: imap(username@domain.org)<492738><zO4WTKECnvRoDWll>: Error: Mailbox INBOX: UID=5395: read() failed: read(/var/mail/mailboxes/domain.org/username/mail/mailboxes/INBOX/dbox-Mails/u.5395) failed: Private key not available: mailbox_attribute_get(INBOX, /priv/vendor/vendor.dovecot/pvt/crypt/privkeys/e9f195fe9fd1953d08e815ba6fda9b6c5ae1ed692c9adade2f958c322552cbb0) failed: Mailbox attributes not enabled (FETCH BODY[HEADER])
#ls -ld crypt drwxr-xr-x 2 root root 4096 Jul 25 08:52 crypt/
# cd crypt #ls -l * -r-------- 1 root root 241 Jul 25 15:43 master.key -rw-r--r-- 1 root root 178 Jul 25 15:43 master.pub
Thanks. Dave.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Hello,
Thanks for your reply. That didn't do it, still having the issue? Any other suggestions? Is there any other information I can provide?
Thanks. Dave.
On 8/11/23, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Seems like you are missing mail_attribute_dict?
Aki
On 11/08/2023 11:32 EEST David Mehler dave.mehler@gmail.com wrote:
Hello,
I'm using Dovecot v2.3 with the mail_crypt plugin and global keys. I am seeing this error immediately after imap login then after this error imap logs out. I'm hoping this is a simple permissions problem and the key can not be read rather than an underlying configuration issue.
I do not know what this UID 5395 refers to.
2023-08-11T04:14:14.539308-04:00 hostname dovecot: imap(username@domain.org)<492738><zO4WTKECnvRoDWll>: Error: Mailbox INBOX: UID=5395: read() failed: read(/var/mail/mailboxes/domain.org/username/mail/mailboxes/INBOX/dbox-Mails/u.5395) failed: Private key not available: mailbox_attribute_get(INBOX, /priv/vendor/vendor.dovecot/pvt/crypt/privkeys/e9f195fe9fd1953d08e815ba6fda9b6c5ae1ed692c9adade2f958c322552cbb0) failed: Mailbox attributes not enabled (FETCH BODY[HEADER])
#ls -ld crypt drwxr-xr-x 2 root root 4096 Jul 25 08:52 crypt/
# cd crypt #ls -l * -r-------- 1 root root 241 Jul 25 15:43 master.key -rw-r--r-- 1 root root 178 Jul 25 15:43 master.pub
Thanks. Dave.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Do you still get same error?
Can you send doveconf -n
?
Aki
On 12/08/2023 14:45 EEST David Mehler dave.mehler@gmail.com wrote:
Hello,
Thanks for your reply. That didn't do it, still having the issue? Any other suggestions? Is there any other information I can provide?
Thanks. Dave.
On 8/11/23, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Seems like you are missing mail_attribute_dict?
Aki
On 11/08/2023 11:32 EEST David Mehler dave.mehler@gmail.com wrote:
Hello,
I'm using Dovecot v2.3 with the mail_crypt plugin and global keys. I am seeing this error immediately after imap login then after this error imap logs out. I'm hoping this is a simple permissions problem and the key can not be read rather than an underlying configuration issue.
I do not know what this UID 5395 refers to.
2023-08-11T04:14:14.539308-04:00 hostname dovecot: imap(username@domain.org)<492738><zO4WTKECnvRoDWll>: Error: Mailbox INBOX: UID=5395: read() failed: read(/var/mail/mailboxes/domain.org/username/mail/mailboxes/INBOX/dbox-Mails/u.5395) failed: Private key not available: mailbox_attribute_get(INBOX, /priv/vendor/vendor.dovecot/pvt/crypt/privkeys/e9f195fe9fd1953d08e815ba6fda9b6c5ae1ed692c9adade2f958c322552cbb0) failed: Mailbox attributes not enabled (FETCH BODY[HEADER])
#ls -ld crypt drwxr-xr-x 2 root root 4096 Jul 25 08:52 crypt/
# cd crypt #ls -l * -r-------- 1 root root 241 Jul 25 15:43 master.key -rw-r--r-- 1 root root 178 Jul 25 15:43 master.pub
Thanks. Dave.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Hello Aki and all,
Thanks for your reply. Yes I am still getting the error. Here's the error and doveconf -n hope it helps.
Suggestions welcome. Thanks. Dave.
#tail -f mail.log 2023-08-21T09:08:26.344272-04:00 hostname dovecot: imap-login: Login: user=username@example.com, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=713431, TLS, session=<sXHnkm4Da9ZoDWll> 2023-08-21T09:08:38.521137-04:00 hostname dovecot: imap(username@example.com)<713431><sXHnkm4Da9ZoDWll>: Error: Mailbox INBOX: UID=5396: read() failed: read(/var/vmail/mailboxes/example.com/username/mail/mailboxes/INBOX/dbox-Mails/u.5396) failed: Decryption error: no private key available (read reason=header stream) 2023-08-21T09:08:38.521343-04:00 hostname dovecot: imap(username@example.com)<713431><sXHnkm4Da9ZoDWll>: Disconnected: FETCH failed: Mailbox INBOX: UID=5396: read() failed: read(/var/vmail/mailboxes/example.com/username/mail/mailboxes/INBOX/dbox-Mails/u.5396) failed: Decryption error: no private key available (read reason=header stream) in=5157 out=1132718 deleted=0 expunged=0 trashed=0 hdr_count=893 hdr_bytes=890058 body_count=1 body_bytes=4268
#doveconf -n # 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.19 (4eae2f79) # OS: Linux 4.19.0 x86_64 Debian 12.1 # Hostname: hostname.example.com auth_mechanisms = plain login dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf } listen = * lmtp_rcpt_check_quota = yes mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_gid = vmail mail_home = /var/vmail/mailboxes/%d/%n mail_location = dbox:~/mail:LAYOUT=fs mail_plugins = acl quota mail_crypt welcome mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace { list = children location = maildir:/var/vmail/public:INDEXPVT=~/public prefix = public/ separator = / subscriptions = no type = public } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { acl = vfile:/etc/dovecot/dovecot-acl imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * last_login_dict = proxy::lastlogin last_login_key = # hidden, use -P to show it mail_crypt_global_private_key = # hidden, use -P to show it mail_crypt_global_public_key = # hidden, use -P to show it mail_crypt_save_version = 2 quota = count:User quota quota2 = maildir:Shared quota:ns=public/ quota_exceeded_message = User %u has exhausted allowed storage space. quota_grace = 10%% quota_max_mail_size = 100M quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M quota_rule3 = SPAM:ignore quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_vsizes = yes quota_warning = storage=100%% quota-warning +100 %u quota_warning2 = storage=95%% quota-warning +95 %u quota_warning3 = storage=80%% quota-warning +80 %u quota_warning4 = -storage=100%% quota-warning -100 %u sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve sieve_before = /var/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms stats_refresh = 30 secs stats_track_cmds = yes welcome_script = welcome %u welcome_wait = no } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { client_limit = 1 inet_listener imap { port = 143 } } service lmtp { client_limit = 1 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/dovecot-quota { group = postfix mode = 0660 user = postfix } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } user = vmail } service stats { fifo_listener stats-mail { mode = 0644 user = vmail } inet_listener { address = 127.0.0.1 port = 24242 } } service welcome { executable = script /usr/local/bin/welcome.sh unix_listener welcome { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert =
On 8/21/23, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Do you still get same error?
Can you send
doveconf -n
?Aki
On 12/08/2023 14:45 EEST David Mehler dave.mehler@gmail.com wrote:
Hello,
Thanks for your reply. That didn't do it, still having the issue? Any other suggestions? Is there any other information I can provide?
Thanks. Dave.
On 8/11/23, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Seems like you are missing mail_attribute_dict?
Aki
On 11/08/2023 11:32 EEST David Mehler dave.mehler@gmail.com wrote:
Hello,
I'm using Dovecot v2.3 with the mail_crypt plugin and global keys. I am seeing this error immediately after imap login then after this error imap logs out. I'm hoping this is a simple permissions problem and the key can not be read rather than an underlying configuration issue.
I do not know what this UID 5395 refers to.
2023-08-11T04:14:14.539308-04:00 hostname dovecot: imap(username@domain.org)<492738><zO4WTKECnvRoDWll>: Error: Mailbox INBOX: UID=5395: read() failed: read(/var/mail/mailboxes/domain.org/username/mail/mailboxes/INBOX/dbox-Mails/u.5395) failed: Private key not available: mailbox_attribute_get(INBOX, /priv/vendor/vendor.dovecot/pvt/crypt/privkeys/e9f195fe9fd1953d08e815ba6fda9b6c5ae1ed692c9adade2f958c322552cbb0) failed: Mailbox attributes not enabled (FETCH BODY[HEADER])
#ls -ld crypt drwxr-xr-x 2 root root 4096 Jul 25 08:52 crypt/
# cd crypt #ls -l * -r-------- 1 root root 241 Jul 25 15:43 master.key -rw-r--r-- 1 root root 178 Jul 25 15:43 master.pub
Thanks. Dave.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Right, i somehow missed the bit where it says "global keys" in the mail subject...
Can you do these?
Firstly, dewrap the file with https://github.com/dovecot/tools/blob/main/dbox-dewrap.pl
perl dbox-dewrap.pl /var/vmail/mailboxes/example.com/username/mail/mailboxes/INBOX/dbox-Mails/u.5396 > encrypted
then run
doveadm dump -tdcrypt-file encrypted
and
doveadm dump -tdcrypt-key /path/to/private/key
then see if the key digest matches?
Aki
On 26/08/2023 19:46 EEST David Mehler dave.mehler@gmail.com wrote:
Hello Aki and all,
Thanks for your reply. Yes I am still getting the error. Here's the error and doveconf -n hope it helps.
Suggestions welcome. Thanks. Dave.
#tail -f mail.log 2023-08-21T09:08:26.344272-04:00 hostname dovecot: imap-login: Login: user=username@example.com, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, mpid=713431, TLS, session=<sXHnkm4Da9ZoDWll> 2023-08-21T09:08:38.521137-04:00 hostname dovecot: imap(username@example.com)<713431><sXHnkm4Da9ZoDWll>: Error: Mailbox INBOX: UID=5396: read() failed: read(/var/vmail/mailboxes/example.com/username/mail/mailboxes/INBOX/dbox-Mails/u.5396) failed: Decryption error: no private key available (read
<snip/>
On 8/21/23, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Do you still get same error?
Can you send
doveconf -n
?Aki
On 12/08/2023 14:45 EEST David Mehler dave.mehler@gmail.com wrote:
Hello,
Thanks for your reply. That didn't do it, still having the issue? Any other suggestions? Is there any other information I can provide?
Thanks. Dave.
On 8/11/23, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Seems like you are missing mail_attribute_dict?
Aki
On 11/08/2023 11:32 EEST David Mehler dave.mehler@gmail.com wrote:
Hello,
I'm using Dovecot v2.3 with the mail_crypt plugin and global keys. I am seeing this error immediately after imap login then after this error imap logs out. I'm hoping this is a simple permissions problem and the key can not be read rather than an underlying configuration issue.
I do not know what this UID 5395 refers to.
2023-08-11T04:14:14.539308-04:00 hostname dovecot: imap(username@domain.org)<492738><zO4WTKECnvRoDWll>: Error: Mailbox INBOX: UID=5395: read() failed: read(/var/mail/mailboxes/domain.org/username/mail/mailboxes/INBOX/dbox-Mails/u.5395) failed: Private key not available: mailbox_attribute_get(INBOX, /priv/vendor/vendor.dovecot/pvt/crypt/privkeys/e9f195fe9fd1953d08e815ba6fda9b6c5ae1ed692c9adade2f958c322552cbb0) failed: Mailbox attributes not enabled (FETCH BODY[HEADER])
#ls -ld crypt drwxr-xr-x 2 root root 4096 Jul 25 08:52 crypt/
# cd crypt #ls -l * -r-------- 1 root root 241 Jul 25 15:43 master.key -rw-r--r-- 1 root root 178 Jul 25 15:43 master.pub
Thanks. Dave.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
participants (2)
-
Aki Tuomi
-
David Mehler