Hi, I tried to enable encrypted folder keys using mail-crypt-plugin. It works as expected when using unencrypted folder keys. When I add mail_crypt_require_encrypted_user_key = yes as shown below, I somehow manage to crash dovecot: dovecot: lmtp(82060): Fatal: master: service(lmtp): child 82060 killed with signal 6 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set service lmtp { drop_priv_before_exec=yes }) dovecot: lmtp(67814): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount== 1) lmtp(root): Info: msgid=<07e3a23b2aaea60b at mx.2718282.net>: save failed to INBOX: generate_keypair(INBOX) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key My config files: # 2.3.14 (cee3cbc0d): /etc/mail/imap.conf # OS: OpenBSD 6.9 amd64 auth_verbose = yes debug_log_path = /var/log/dovecot info_log_path = /var/log/dovecot mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_debug = yes namespace inbox { ... } passdb { args = /etc/mail/imap-sqlite.conf driver = sql } plugin { mail_crypt_curve = secp521r1 mail_crypt_require_encrypted_user_key = yes mail_crypt_save_version = 2 } protocols = imap lmtp service imap-login { ... } ssl = required ssl_cert = </etc/ssl/rsa.crt ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes userdb { args = /etc/mail/imap-sqlite.conf driver = sql override_fields = uid=vmail gid=vmail } # file: /etc/mail/imap-sqlite.conf driver = sqlite connect = /etc/mail/sqlite.db default_pass_scheme = BLF-CRYPT user_query = SELECT '/home/vmail/'||destination AS home FROM virtuals WHERE email = '%u' password_query = SELECT email as user, password, '%w' AS \ userdb_mail_crypt_private_password FROM credentials WHERE email = '%u'
Hi! This is because you do not have private password set during delivery. To use this feature like this you need to make sure the user keys are generated using doveadm mail cryptokey generate -u user -U before delivery. Aki> On 28/05/2021 12:54 Daniel Schuermann <dovecot at 2718282.net> wrote: > > > Hi, > > I tried to enable encrypted folder keys using mail-crypt-plugin. > It works as expected when using unencrypted folder keys. > When I add > > mail_crypt_require_encrypted_user_key = yes > > as shown below, I somehow manage to crash dovecot: > > dovecot: lmtp(82060): Fatal: master: service(lmtp): > child 82060 killed with signal 6 (core not dumped - > https://dovecot.org/bugreport.html#coredumps - > set service lmtp { drop_priv_before_exec=yes }) > > dovecot: lmtp(67814): Panic: file mail-user.c: line 229 (mail_user_deinit): > assertion failed: ((*user)->refcount== 1) > > lmtp(root): Info: msgid=<07e3a23b2aaea60b at mx.2718282.net>: > save failed to INBOX: generate_keypair(INBOX) failed: > mail_crypt_require_encrypted_user_key set, > cannot generate user keypair without password or key > > My config files: > > # 2.3.14 (cee3cbc0d): /etc/mail/imap.conf > # OS: OpenBSD 6.9 amd64 > auth_verbose = yes > debug_log_path = /var/log/dovecot > info_log_path = /var/log/dovecot > mail_attribute_dict = file:%h/Maildir/dovecot-attributes > mail_debug = yes > namespace inbox { > ... > } > passdb { > args = /etc/mail/imap-sqlite.conf > driver = sql > } > plugin { > mail_crypt_curve = secp521r1 > mail_crypt_require_encrypted_user_key = yes > mail_crypt_save_version = 2 > } > protocols = imap lmtp > service imap-login { > ... > } > ssl = required > ssl_cert = </etc/ssl/rsa.crt > ssl_key = # hidden, use -P to show it > ssl_min_protocol = TLSv1.2 > ssl_prefer_server_ciphers = yes > userdb { > args = /etc/mail/imap-sqlite.conf > driver = sql > override_fields = uid=vmail gid=vmail > } > > # file: /etc/mail/imap-sqlite.conf > driver = sqlite > connect = /etc/mail/sqlite.db > default_pass_scheme = BLF-CRYPT > user_query = SELECT '/home/vmail/'||destination AS home FROM virtuals WHERE email = '%u' > password_query = SELECT email as user, password, '%w' AS \ > userdb_mail_crypt_private_password FROM credentials WHERE email = '%u'