Hi everyone, I'm trying to configure my email server to encrypt mails on a per user basis. I have the following in my conf: mail_plugins = $mail_plugins mail_crypt mail_attribute_dict = file:%h/Mail/dovecot-attributes plugin { mail_crypt_curve = secp521r1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes mail_crypt_private_password = %N{password} } And I'm getting %password unknown variable error. I use pam to store the passwords. All I want is to be able to hash the user password and use that to encrypt/decrypt the keys. Can someone _please_ help me? -- All the best, Efe The funny quote of this email is trivial and left as an exercise. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20230227/4ece0c7a/attachment.sig>
> On 27/02/2023 22:00 EET efeizbudak <efeizbudak at disroot.org> wrote: > > > Hi everyone, > > I'm trying to configure my email server to encrypt mails on a per user > basis. I have the following in my conf: > > mail_plugins = $mail_plugins mail_crypt > mail_attribute_dict = file:%h/Mail/dovecot-attributes > > plugin { > mail_crypt_curve = secp521r1 > mail_crypt_save_version = 2 > mail_crypt_require_encrypted_user_key = yes > mail_crypt_private_password = %N{password} > } > > And I'm getting %password unknown variable error. I use pam to store the > passwords. All I want is to be able to hash the user password and use > that to encrypt/decrypt the keys. Can someone _please_ help me? > > -- > All the best, > Efe >Hi! This does not work because %password is not passed to protocols by default. For security reasons. Try adding in your passdb (not userdb): override_fields = userdb_mail_crypt_private_password=%N{password} PS. there are several threads about setting up mail crypt with user password, you might want to look at them. Aki
Reasonably Related Threads
- bash script hook lda_mailbox_autocreate for generate mail-crypt user encrypted private key with user password
- bash script hook lda_mailbox_autocreate for generate mail-crypt user encrypted private key with user password
- Setting up the mail-crypt plugin with virtual accounts that have no home directories
- MailCrypt: Encrypted user keys configuration with LDAP & cryptokey generate
- Best mail encryption solution for per-user