Issue with dovecot v2.3.4.1 and mail_crypt plugin. Email received, but not encrypted on disk until moved out of root Maildir folder. IMAP child crashes when mail is read from folder message was moved to.

Sun May 23 02:52:27 EEST 2021

Recently I attempted enabling the mail_crypt plugin on a per user basis 
as summarized below:

uname -a

Linux smtp 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 
GNU/Linux

dovecot --version

2.3.4.1 (f79e8e7e4)

$ cat /etc/dovecot/conf.d/10-mailcrypt.conf

mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt

plugin {
   mail_crypt_curve = secp521r1
   mail_crypt_save_version = 2
   mail_crypt_require_encrypted_user_key = yes
}

cat dovecot-sql.conf.ext

driver = mysql
connect = host=127.0.0.1 dbname=VVVVV user=WWWWWW password=XXXXXX
user_query = SELECT user, \
   concat('*:bytes=', quota) AS quota_rule, \
   '/mail/%d/%n' AS home, \
   uid, gid \
   FROM virtual_users WHERE user='%u';
password_query = SELECT user, password, crypt as 
userdb_mail_crypt_save_version, '%w' AS 
userdb_mail_crypt_private_password FROM virtual_users WHERE user='%u';

dovecot -n

# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-16-amd64 x86_64 Debian 10.9
# Hostname: smtp.burk.tech
auth_verbose = yes
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_location = maildir:~/Maildir:LAYOUT=fs
mail_plugins = quota mail_crypt
mail_privileged_group = mail
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     auto = subscribe
     special_use = \Drafts
   }
   mailbox Junk {
     auto = subscribe
     special_use = \Junk
   }
   mailbox Sent {
     auto = subscribe
     special_use = \Sent
   }
   mailbox Trash {
     auto = subscribe
     special_use = \Trash
   }
   prefix =
   type = private
}
passdb {
   driver = pam
}
plugin {
   mail_crypt_curve = secp521r1
   mail_crypt_require_encrypted_user_key = # hidden, use -P to show it
   mail_crypt_save_version = 2
}
protocols = imap
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0660
     user = postfix
   }
   unix_listener auth-userdb {
     mode = 0777
   }
}
service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0600
     user = postfix
   }
}
ssl = required
ssl_cert = </etc/dovecot/fullchain.cer.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
userdb {
   driver = passwd
}
verbose_ssl = yes
protocol lmtp {
   hostname = smtp.burk.tech
   postmaster_address = postmaster at burk.tech
}
protocol imap {
   mail_max_userip_connections = 50
}

The issue I've noticed occurs when the following settings above are 
enabled and mail is received into the root of the Maildir fs, then mail 
is moved to another folder (including a file being deleted). Upon a 
client's retrieval of messages from the folder where mail was moved to, 
the log spits out the following:

May 22 19:18:15 smtp dovecot: imap-login: Login: user=<ben>, 
method=PLAIN, rip=XXX.XXX.XXX.XXX, lip=YYY.YYY.YYY.YYY, mpid=31682, TLS, 
session=<7oASZPPCkN9EdIVp>
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Error: 
Mailbox Trash: Saving mail: save: read() failed: 
read(/mail/burk.tech/ben/Maildir/Receipts/cur/1621724316.M515979P30417.smtp,S=2903,W=2964:2,S) 
failed: Private key not available: Cannot decrypt key 
f9e7a6b9dd24535a29915fb46336047b07ae5b9fea5eda8e03cf9a8fa009f88b: Cannot 
decrypt key 
876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87: 
Password not available
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Error: 
Mailbox Trash: copy: i_stream_read() failed: 
read(/mail/burk.tech/ben/Maildir/Receipts/cur/1621724316.M515979P30417.smtp,S=2903,W=2964:2,S) 
failed: Private key not available: Cannot decrypt key 
f9e7a6b9dd24535a29915fb46336047b07ae5b9fea5eda8e03cf9a8fa009f88b: Cannot 
decrypt key 
876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87: 
Password not available
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Error: 
Mailbox Trash: Saving mail: read() failed: 
read(/mail/burk.tech/ben/Maildir/Receipts/cur/1621724316.M515979P30417.smtp,S=2903,W=2964:2,S) 
failed: Private key not available: Cannot decrypt key 
f9e7a6b9dd24535a29915fb46336047b07ae5b9fea5eda8e03cf9a8fa009f88b: Cannot 
decrypt key 
876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87: 
Password not available (read reason=)
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Panic: 
file ostream-encrypt.c: line 631 (o_stream_encrypt_close): assertion 
failed: (estream->finalized || estream->ctx_sym == NULL || 
estream->ostream.ostream.stream_errno != 0)
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Error: 
Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xdb73b) 
[0x7fdb3ce7273b] -> /usr/lib/dovecot/libdovecot.so.0(+0xdb7d1) 
[0x7fdb3ce727d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x4a199) 
[0x7fdb3cde1199] -> /usr/lib/dovecot/libdovecot.so.0(+0x49276) 
[0x7fdb3cde0276] -> /usr/lib/dovecot/libdovecot.so.0(+0xffd5e) 
[0x7fdb3ce96d5e] -> 
/usr/lib/dovecot/libdovecot.so.0(o_stream_destroy+0x16) [0x7fdb3ce96d86] 
-> /usr/lib/dovecot/libdovecot-storage.so.0(maildir_save_finish+0x18d) 
[0x7fdb3cfa946d] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_save_cancel+0x4d) 
[0x7fdb3cf8167d] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mail_storage_copy+0x122) 
[0x7fdb3cf73f22] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x5badc) 
[0x7fdb3cf81adc] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_move+0x31) 
[0x7fdb3cf81c11] -> dovecot/imap(+0x128f5) [0x563bd267a8f5] -> 
dovecot/imap(command_exec+0x70) [0x563bd2687dc0] -> 
dovecot/imap(+0x1e3f2) [0x563bd26863f2] -> dovecot/imap(+0x1e494) 
[0x563bd2686494] -> dovecot/imap(client_handle_input+0x1b5) 
[0x563bd2686845] -> dovecot/imap(client_input+0x7e) [0x563bd2686d6e] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x6f) [0x7fdb3ce88bef] 
-> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x136) 
[0x7fdb3ce8a1e6] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) 
[0x7fdb3ce88c8c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) 
[0x7fdb3ce88df0] -> 
/usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7fdb3ce09123] -> dovecot/imap(main+0x325) [0x563bd2678bf5] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fdb3cbf209b] 
-> dovecot/imap(_start+0x2a) [0x563bd2678d8a]
May 22 19:18:15 smtp dovecot: imap-login: Debug: SSL alert: close notify
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>: Fatal: 
master: service(imap): child 31682 killed with signal 6 (core dumps 
disabled - https://dovecot.org/bugreport.html#coredumps)

My keys for the user are as follows:

ben at smtp.burk.tech :~$ doveadm mailbox cryptokey list -U
doveadm(ben): Error: net_connect_unix(/var/run/dovecot/stats-writer) 
failed: Permission denied
Folder Active Public ID
        yes 876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87

I've checked and it appears that the mail as its received into the root 
of Maildir is not initially encrypted. It is stored plaintext. However, 
when the mail is moved, it is then properly encrypted.

ben at smtp.burk.tech :~/Maildir/cur$ file 1621726534.31820_1.smtp\:2\,
1621726534.31820_1.smtp:2,: SMTP mail, ASCII text

ben at smtp.burk.tech :~/Maildir/Receipts/cur$ file 
1621726595.M343917P30832.smtp\,S\=2927\,W\=2988\:2\,S
1621726595.M343917P30832.smtp,S=2927,W=2988:2,S: MailCrypt

-- 
Ben Burk
BURK.TECH System Administrator