Hi,
I tried to enable encrypted folder keys using mail-crypt-plugin. It works as expected when using unencrypted folder keys. When I add
mail_crypt_require_encrypted_user_key = yes
as shown below, I somehow manage to crash dovecot:
dovecot: lmtp(82060): Fatal: master: service(lmtp): child 82060 killed with signal 6 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set service lmtp { drop_priv_before_exec=yes })
dovecot: lmtp(67814): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount== 1)
lmtp(root): Info: msgid=07e3a23b2aaea60b@mx.2718282.net: save failed to INBOX: generate_keypair(INBOX) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
My config files:
# 2.3.14 (cee3cbc0d): /etc/mail/imap.conf # OS: OpenBSD 6.9 amd64 auth_verbose = yes debug_log_path = /var/log/dovecot info_log_path = /var/log/dovecot mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_debug = yes namespace inbox { ... } passdb { args = /etc/mail/imap-sqlite.conf driver = sql } plugin { mail_crypt_curve = secp521r1 mail_crypt_require_encrypted_user_key = yes mail_crypt_save_version = 2 } protocols = imap lmtp service imap-login { ... } ssl = required ssl_cert =
# file: /etc/mail/imap-sqlite.conf
driver = sqlite
connect = /etc/mail/sqlite.db
default_pass_scheme = BLF-CRYPT
user_query = SELECT '/home/vmail/'||destination AS home FROM virtuals WHERE email = '%u'
password_query = SELECT email as user, password, '%w' AS
userdb_mail_crypt_private_password FROM credentials WHERE email = '%u'
Hi!
This is because you do not have private password set during delivery. To use this feature like this you need to make sure the user keys are generated using doveadm mail cryptokey generate -u user -U before delivery.
Aki
On 28/05/2021 12:54 Daniel Schuermann dovecot@2718282.net wrote:
Hi,
I tried to enable encrypted folder keys using mail-crypt-plugin. It works as expected when using unencrypted folder keys. When I add
mail_crypt_require_encrypted_user_key = yes
as shown below, I somehow manage to crash dovecot:
dovecot: lmtp(82060): Fatal: master: service(lmtp): child 82060 killed with signal 6 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set service lmtp { drop_priv_before_exec=yes })
dovecot: lmtp(67814): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount== 1)
lmtp(root): Info: msgid=07e3a23b2aaea60b@mx.2718282.net: save failed to INBOX: generate_keypair(INBOX) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key
My config files:
# 2.3.14 (cee3cbc0d): /etc/mail/imap.conf # OS: OpenBSD 6.9 amd64 auth_verbose = yes debug_log_path = /var/log/dovecot info_log_path = /var/log/dovecot mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_debug = yes namespace inbox { ... } passdb { args = /etc/mail/imap-sqlite.conf driver = sql } plugin { mail_crypt_curve = secp521r1 mail_crypt_require_encrypted_user_key = yes mail_crypt_save_version = 2 } protocols = imap lmtp service imap-login { ... } ssl = required ssl_cert =
# file: /etc/mail/imap-sqlite.conf driver = sqlite connect = /etc/mail/sqlite.db default_pass_scheme = BLF-CRYPT user_query = SELECT '/home/vmail/'||destination AS home FROM virtuals WHERE email = '%u' password_query = SELECT email as user, password, '%w' AS
userdb_mail_crypt_private_password FROM credentials WHERE email = '%u'
participants (2)
-
Aki Tuomi
-
Daniel Schuermann