[Dovecot] Plugin mail-filter tangles

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Thu Jun 5 12:06:11 UTC 2014

Hash: SHA1

On Sat, 24 May 2014, Stanislas SABATIER wrote:

> Dovecot is handling the final delivery, through mail-filter plugin as
> follow :
> 1. both users contexts are created from user_db queries
> 2. mail-filter plugin is init for user2
> 3. /mail_user_created/ for user2
> 4. mai-filter plugin arguments are parsed for user2
> 5. â?¦/mail_allocated/ then /mail_save_begin/ for user2 (at this stage,
>    the email is encrypted with users2 params)
> 6. Dovecot tells to LMTP that mail for user2 is delivered
> 7. then, â?? we are still in user2 context â??, an other
>    /mail_allocated/ is run, followed by a /istream_opened/
> 8. mail user context is swithed to user3 --> /mail_user_created/ -->
>    plugin's args parsed --> â?¦ /mail_allocated/
> 9. andâ?¦ Dovecot tells to LMTP that mail for user3 is delivered
> So, it appears that Dovecot is re-using user2's email to pass it to
> user3 by opening an istream in user2's context. In my configuration,
> Dovecot can't do that because it has not the user2's private rsa key to
> reopen the email it has just encrypted, so it passes the email to user3
> with user2 encryption params.
> Final result : user3 is receiving the email encrypted with user2's rsa key !
> Problem : how to force Dovecot to deinit then reinit mail-filter plugin
> for each user to be sure that each email is encrypted with the right key
> before it is saved to users' mailboxes ?

If your observation are true, you cannot. I sligthly remember a discussion 
about a plugin, that changes the message content. Timo answered that with 
"that is not supported". Also, see:


"(TODO: Modifying the mail during writing would be possible with some code 
changes.) " in first paragraph.

Encrypting the message is "to modify the mail" IMHO.

- -- 
Steffen Kaiser
Version: GnuPG v1.4.11 (GNU/Linux)


More information about the dovecot mailing list