Ben Burk
2021-May-22 23:52 UTC
Issue with dovecot v2.3.4.1 and mail_crypt plugin. Email received, but not encrypted on disk until moved out of root Maildir folder. IMAP child crashes when mail is read from folder message was moved to.
Recently I attempted enabling the mail_crypt plugin on a per user basis
as summarized below:
uname -a
Linux smtp 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64
GNU/Linux
dovecot --version
2.3.4.1 (f79e8e7e4)
$ cat /etc/dovecot/conf.d/10-mailcrypt.conf
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt
plugin {
? mail_crypt_curve = secp521r1
? mail_crypt_save_version = 2
? mail_crypt_require_encrypted_user_key = yes
}
cat dovecot-sql.conf.ext
driver = mysql
connect = host=127.0.0.1 dbname=VVVVV user=WWWWWW password=XXXXXX
user_query = SELECT user, \
? concat('*:bytes=', quota) AS quota_rule, \
? '/mail/%d/%n' AS home, \
? uid, gid \
? FROM virtual_users WHERE user='%u';
password_query = SELECT user, password, crypt as
userdb_mail_crypt_save_version, '%w' AS
userdb_mail_crypt_private_password FROM virtual_users WHERE user='%u';
dovecot -n
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-16-amd64 x86_64 Debian 10.9
# Hostname: smtp.burk.tech
auth_verbose = yes
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_location = maildir:~/Maildir:LAYOUT=fs
mail_plugins = quota mail_crypt
mail_privileged_group = mail
namespace inbox {
? inbox = yes
? location ? mailbox Drafts {
??? auto = subscribe
??? special_use = \Drafts
? }
? mailbox Junk {
??? auto = subscribe
??? special_use = \Junk
? }
? mailbox Sent {
??? auto = subscribe
??? special_use = \Sent
? }
? mailbox Trash {
??? auto = subscribe
??? special_use = \Trash
? }
? prefix ? type = private
}
passdb {
? driver = pam
}
plugin {
? mail_crypt_curve = secp521r1
? mail_crypt_require_encrypted_user_key = # hidden, use -P to show it
? mail_crypt_save_version = 2
}
protocols = imap
service auth {
? unix_listener /var/spool/postfix/private/auth {
??? group = postfix
??? mode = 0660
??? user = postfix
? }
? unix_listener auth-userdb {
??? mode = 0777
? }
}
service lmtp {
? unix_listener /var/spool/postfix/private/dovecot-lmtp {
??? group = postfix
??? mode = 0600
??? user = postfix
? }
}
ssl = required
ssl_cert = </etc/dovecot/fullchain.cer.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
userdb {
? driver = passwd
}
verbose_ssl = yes
protocol lmtp {
? hostname = smtp.burk.tech
? postmaster_address = postmaster at burk.tech
}
protocol imap {
? mail_max_userip_connections = 50
}
The issue I've noticed occurs when the following settings above are
enabled and mail is received into the root of the Maildir fs, then mail
is moved to another folder (including a file being deleted). Upon a
client's retrieval of messages from the folder where mail was moved to,
the log spits out the following:
May 22 19:18:15 smtp dovecot: imap-login: Login: user=<ben>,
method=PLAIN, rip=XXX.XXX.XXX.XXX, lip=YYY.YYY.YYY.YYY, mpid=31682, TLS,
session=<7oASZPPCkN9EdIVp>
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>:
Error:
Mailbox Trash: Saving mail: save: read() failed:
read(/mail/burk.tech/ben/Maildir/Receipts/cur/1621724316.M515979P30417.smtp,S=2903,W=2964:2,S)
failed: Private key not available: Cannot decrypt key
f9e7a6b9dd24535a29915fb46336047b07ae5b9fea5eda8e03cf9a8fa009f88b: Cannot
decrypt key
876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87:
Password not available
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>:
Error:
Mailbox Trash: copy: i_stream_read() failed:
read(/mail/burk.tech/ben/Maildir/Receipts/cur/1621724316.M515979P30417.smtp,S=2903,W=2964:2,S)
failed: Private key not available: Cannot decrypt key
f9e7a6b9dd24535a29915fb46336047b07ae5b9fea5eda8e03cf9a8fa009f88b: Cannot
decrypt key
876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87:
Password not available
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>:
Error:
Mailbox Trash: Saving mail: read() failed:
read(/mail/burk.tech/ben/Maildir/Receipts/cur/1621724316.M515979P30417.smtp,S=2903,W=2964:2,S)
failed: Private key not available: Cannot decrypt key
f9e7a6b9dd24535a29915fb46336047b07ae5b9fea5eda8e03cf9a8fa009f88b: Cannot
decrypt key
876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87:
Password not available (read reason=)
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>:
Panic:
file ostream-encrypt.c: line 631 (o_stream_encrypt_close): assertion
failed: (estream->finalized || estream->ctx_sym == NULL ||
estream->ostream.ostream.stream_errno != 0)
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>:
Error:
Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xdb73b)
[0x7fdb3ce7273b] -> /usr/lib/dovecot/libdovecot.so.0(+0xdb7d1)
[0x7fdb3ce727d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x4a199)
[0x7fdb3cde1199] -> /usr/lib/dovecot/libdovecot.so.0(+0x49276)
[0x7fdb3cde0276] -> /usr/lib/dovecot/libdovecot.so.0(+0xffd5e)
[0x7fdb3ce96d5e] ->
/usr/lib/dovecot/libdovecot.so.0(o_stream_destroy+0x16) [0x7fdb3ce96d86]
-> /usr/lib/dovecot/libdovecot-storage.so.0(maildir_save_finish+0x18d)
[0x7fdb3cfa946d] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_save_cancel+0x4d)
[0x7fdb3cf8167d] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mail_storage_copy+0x122)
[0x7fdb3cf73f22] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x5badc)
[0x7fdb3cf81adc] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_move+0x31)
[0x7fdb3cf81c11] -> dovecot/imap(+0x128f5) [0x563bd267a8f5] ->
dovecot/imap(command_exec+0x70) [0x563bd2687dc0] ->
dovecot/imap(+0x1e3f2) [0x563bd26863f2] -> dovecot/imap(+0x1e494)
[0x563bd2686494] -> dovecot/imap(client_handle_input+0x1b5)
[0x563bd2686845] -> dovecot/imap(client_input+0x7e) [0x563bd2686d6e] ->
/usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x6f) [0x7fdb3ce88bef]
-> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x136)
[0x7fdb3ce8a1e6] ->
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c)
[0x7fdb3ce88c8c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40)
[0x7fdb3ce88df0] ->
/usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13)
[0x7fdb3ce09123] -> dovecot/imap(main+0x325) [0x563bd2678bf5] ->
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fdb3cbf209b]
-> dovecot/imap(_start+0x2a) [0x563bd2678d8a]
May 22 19:18:15 smtp dovecot: imap-login: Debug: SSL alert: close notify
May 22 19:18:15 smtp dovecot: imap(ben)<31682><7oASZPPCkN9EdIVp>:
Fatal:
master: service(imap): child 31682 killed with signal 6 (core dumps
disabled - https://dovecot.org/bugreport.html#coredumps)
My keys for the user are as follows:
ben at smtp.burk.tech :~$ doveadm mailbox cryptokey list -U
doveadm(ben): Error: net_connect_unix(/var/run/dovecot/stats-writer)
failed: Permission denied
Folder Active Public ID
?????? yes 876c6bfbc355a86c3c924a5841bb2e5c6e1b0c5496d5116c4fcb9c511f803c87
I've checked and it appears that the mail as its received into the root
of Maildir is not initially encrypted. It is stored plaintext. However,
when the mail is moved, it is then properly encrypted.
ben at smtp.burk.tech :~/Maildir/cur$ file 1621726534.31820_1.smtp\:2\,
1621726534.31820_1.smtp:2,: SMTP mail, ASCII text
ben at smtp.burk.tech :~/Maildir/Receipts/cur$ file
1621726595.M343917P30832.smtp\,S\=2927\,W\=2988\:2\,S
1621726595.M343917P30832.smtp,S=2927,W=2988:2,S: MailCrypt
--
Ben Burk
BURK.TECH System Administrator