Hi everyone,
I'm trying to configure my email server to encrypt mails on a per user
basis. I have the following in my conf:
mail_plugins = $mail_plugins mail_crypt
mail_attribute_dict = file:%h/Mail/dovecot-attributes
plugin {
mail_crypt_curve = secp521r1
mail_crypt_save_version = 2
mail_crypt_require_encrypted_user_key = yes
mail_crypt_private_password = %N{password}
}
And I'm getting %password unknown variable error. I use pam to store the
passwords. All I want is to be able to hash the user password and use
that to encrypt/decrypt the keys. Can someone _please_ help me?
--
All the best,
Efe
The funny quote of this email is trivial and left as an exercise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20230227/4ece0c7a/attachment.sig>
> On 27/02/2023 22:00 EET efeizbudak <efeizbudak at disroot.org> wrote: > > > Hi everyone, > > I'm trying to configure my email server to encrypt mails on a per user > basis. I have the following in my conf: > > mail_plugins = $mail_plugins mail_crypt > mail_attribute_dict = file:%h/Mail/dovecot-attributes > > plugin { > mail_crypt_curve = secp521r1 > mail_crypt_save_version = 2 > mail_crypt_require_encrypted_user_key = yes > mail_crypt_private_password = %N{password} > } > > And I'm getting %password unknown variable error. I use pam to store the > passwords. All I want is to be able to hash the user password and use > that to encrypt/decrypt the keys. Can someone _please_ help me? > > -- > All the best, > Efe >Hi! This does not work because %password is not passed to protocols by default. For security reasons. Try adding in your passdb (not userdb): override_fields = userdb_mail_crypt_private_password=%N{password} PS. there are several threads about setting up mail crypt with user password, you might want to look at them. Aki
Maybe Matching Threads
- bash script hook lda_mailbox_autocreate for generate mail-crypt user encrypted private key with user password
- bash script hook lda_mailbox_autocreate for generate mail-crypt user encrypted private key with user password
- Setting up the mail-crypt plugin with virtual accounts that have no home directories
- MailCrypt: Encrypted user keys configuration with LDAP & cryptokey generate
- Best mail encryption solution for per-user