[Dovecot] Plugin mail-filter tangles

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Thu Jun 5 12:06:11 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 24 May 2014, Stanislas SABATIER wrote:

> Dovecot is handling the final delivery, through mail-filter plugin as
> follow :
>
> 1. both users contexts are created from user_db queries
> 2. mail-filter plugin is init for user2
> 3. /mail_user_created/ for user2
> 4. mai-filter plugin arguments are parsed for user2
> 5. â?¦/mail_allocated/ then /mail_save_begin/ for user2 (at this stage,
>    the email is encrypted with users2 params)
> 6. Dovecot tells to LMTP that mail for user2 is delivered
> 7. then, â?? we are still in user2 context â??, an other
>    /mail_allocated/ is run, followed by a /istream_opened/
> 8. mail user context is swithed to user3 --> /mail_user_created/ -->
>    plugin's args parsed --> â?¦ /mail_allocated/
> 9. andâ?¦ Dovecot tells to LMTP that mail for user3 is delivered
>
> So, it appears that Dovecot is re-using user2's email to pass it to
> user3 by opening an istream in user2's context. In my configuration,
> Dovecot can't do that because it has not the user2's private rsa key to
> reopen the email it has just encrypted, so it passes the email to user3
> with user2 encryption params.
> Final result : user3 is receiving the email encrypted with user2's rsa key !
>
> Problem : how to force Dovecot to deinit then reinit mail-filter plugin
> for each user to be sure that each email is encrypted with the right key
> before it is saved to users' mailboxes ?

If your observation are true, you cannot. I sligthly remember a discussion 
about a plugin, that changes the message content. Timo answered that with 
"that is not supported". Also, see:

http://wiki2.dovecot.org/Plugins/MailFilter

"(TODO: Modifying the mail during writing would be possible with some code 
changes.) " in first paragraph.

Encrypting the message is "to modify the mail" IMHO.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU5BdM3z1H7kL/d9rAQJk9ggAotNs87I4IbLwWQEcX9Rt3NGmwxzDfcMF
B5z9/O2C/xv3Kp4FVS5rGg1j1g4fQKVyhDvSaJ3ClrN5M1OyFRa8bqvM2sQ8ID88
TcU6HVDvE4SjL85rpUogvOJhkrhIjpd2Kj+X3AcuxdOAerXg5cK9b5ATH1FeS2RT
vyrWLcDXZuaZS36aCgiCMm0UBT3hAWGZAlJEm5x2Fyi3uIHbyT57rxLTXekhtmOA
hw+oOUXfaTSOGMb4F9XK6dfWz8ss2jdmADL2RYiCzU/5DPoBWdL8nRs2lHRA+e+h
E6lIbHu38NW0fEUGxJmL7LpvMgAIpHL6Mi7P7zHJ9iignJHnSTccIw==
=Yn7c
-----END PGP SIGNATURE-----

More information about the dovecot mailing list