[Dovecot] Plugin mail-filter tangles

Stanislas SABATIER s.sabatier at pobox.com
Sat May 24 16:14:38 UTC 2014 

System installed : Dovecot 2.2.12 as IMAP server and Postfix as MTA.
Dovecot and Postfix connected via LMTP
+ Dovecot mail plugin 'mail-filter' to encrypt/decrypt emails on the fly
with public/private users' RSA keys.

Case study :
You have 3 (virtuals) users belonging to 3 different domains, all
managed by your Dovecot server.
One of these users is connected to Dovecot with MUA Thunderbird, and
he's writing an email to someone outside of yours domains, but he puts
the two others users' email addresses in CC :
mail from user1 at domain1.dovecot --> to: someone at outside, CC:
user2 at domain2.dovecot, user3 at domaine3.dovecot

What happens (as far as I can understand) :
The email is submitted to Postfix : one copy is delivered outside, the
other is passed to Dovecot via LMTP for user2 & user3 @dovecot
Dovecot is handling the final delivery, through mail-filter plugin as
follow :

 1. both users contexts are created from user_db queries
 2. mail-filter plugin is init for user2
 3. /mail_user_created/ for user2
 4. mai-filter plugin arguments are parsed for user2
 5. …/mail_allocated/ then /mail_save_begin/ for user2 (at this stage,
    the email is encrypted with users2 params)
 6. Dovecot tells to LMTP that mail for user2 is delivered
 7. then, — we are still in user2 context —, an other
    /mail_allocated/ is run, followed by a /istream_opened/
 8. mail user context is swithed to user3 --> /mail_user_created/ -->
    plugin's args parsed --> … /mail_allocated/
 9. and… Dovecot tells to LMTP that mail for user3 is delivered

So, it appears that Dovecot is re-using user2's email to pass it to
user3 by opening an istream in user2's context. In my configuration,
Dovecot can't do that because it has not the user2's private rsa key to
reopen the email it has just encrypted, so it passes the email to user3
with user2 encryption params.
Final result : user3 is receiving the email encrypted with user2's rsa key !

Problem : how to force Dovecot to deinit then reinit mail-filter plugin
for each user to be sure that each email is encrypted with the right key
before it is saved to users' mailboxes ?

Thank you in advance for your help.

Stan.

More information about the dovecot mailing list