search for: userdb_mail_crypt_private_password

...d for the > >>> private key. Otherwise anyone could just decrypt it by looking at your database where the hashed > >>> password is.. > >>> > >>> So: > >>> > >>> password_query = SELECT email as user, password, '%w' AS userdb_mail_crypt_private_password FROM > >>> virtual_users WHERE email='%u' > >>> > >>> Aki > >>> > >>> Hi Aki, > >>> > >>> Thank you very much for your help, i realy appreciate that. > >>> > >>> Ok so if i unders...

...aintext* password as the password for the >>> private key. Otherwise anyone could just decrypt it by looking at your database where the hashed >>> password is.. >>> >>> So: >>> >>> password_query = SELECT email as user, password, '%w' AS userdb_mail_crypt_private_password FROM >>> virtual_users WHERE email='%u' >>> >>> Aki >>> >>> Hi Aki, >>> >>> Thank you very much for your help, i realy appreciate that. >>> >>> Ok so if i understand it correctly i'll have to use: >>&...

...aintext* password as the password for the >>> private key. Otherwise anyone could just decrypt it by looking at your database where the hashed >>> password is.. >>> >>> So: >>> >>> password_query = SELECT email as user, password, '%w' AS userdb_mail_crypt_private_password FROM >>> virtual_users WHERE email='%u' >>> >>> Aki >>> >>> Hi Aki, >>> >>> Thank you very much for your help, i realy appreciate that. >>> >>> Ok so if i understand it correctly i'll have to use: >>&...

...password as the password for the > >> private key. Otherwise anyone could just decrypt it by looking at your database where the hashed > >> password is.. > >> > >> So: > >> > >> password_query = SELECT email as user, password, '%w' AS userdb_mail_crypt_private_password FROM > >> virtual_users WHERE email='%u' > >> > >> Aki > >> > >> Hi Aki, > >> > >> Thank you very much for your help, i realy appreciate that. > >> > >> Ok so if i understand it correctly i'll have to u...

...password for the >>>> private key. Otherwise anyone could just decrypt it by looking at your database where the hashed >>>> password is.. >>>> >>>> So: >>>> >>>> password_query = SELECT email as user, password, '%w' AS userdb_mail_crypt_private_password FROM >>>> virtual_users WHERE email='%u' >>>> >>>> Aki >>>> >>>> Hi Aki, >>>> >>>> Thank you very much for your help, i realy appreciate that. >>>> >>>> Ok so if i understand it corre...

...a hashed value? >> >> I'm using a passwd file for authentication. >> >> I feel uncomfortable saving the private password in plaintext in that file. >> >> Regards >> > > > > > You can try in passdb return > > > userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password} > > > Aki > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190904/0bb9ee11/attachment-0001.html>

...ail_crypt_private_password) for EC private key. For above I have plugin config > mail_plugins = $mail_plugins mail_crypt > plugin { > mail_crypt_curve = secp256k1 > mail_crypt_require_encrypted_user_key = yes > mail_crypt_save_version = 2 > } And for returning userdb_mail_crypt_private_password, I have sql query > password_query = SELECT username, password, \ > SHA2( CONCAT('%w',salt), 512 ) AS userdb_mail_crypt_private_password \ > FROM virtual_users WHERE username='%u'; But how I generate key of user automatically? Note for generating key of user, I...

...is way you can export it only when you successfully > log in to LDAP. Good point regarding LDAP but right now I am using PostgreSQL as backend for storing my accounts and use the following "password_query" parameter: password_query = SELECT username AS user, password, '%w' AS userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u' So based on the Dovecot Variables wiki documentation you mention I could adapt my "password_query" parameter to the following in order to use a SHA512 hash of the password: password_query = SELECT username AS user, password, '%{sha512:w}&...

...on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. > > > To avoid this, you should probably have > > > protocol imap { > > > ??? passdb { > > > ????? driver = static > > > ????? args =userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password} > > > } > > > and initialize the keypair using doveadm and set the password to this value there. > > > > > > This requires some user management tools though so that the password is changed with doveadm when user...

An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20230304/f769686e/attachment.htm>

...he smartest thing to do, as I indeed figured dovecot would probably just use that as a plain text string. ;-) I've now opted to do the following (I'm using PostgreSQL BTW): password_query = SELECT \ email as user, password, \ encode(digest('%w', 'sha256'), 'hex') AS userdb_mail_crypt_private_password \ FROM virtual_users WHERE email='%u'; Please advice if you think that this is more sensible. Also, could you give an overview of in which logs and/or other locations these passwords might show up? I'd like to clean up after myself. Thanks in advance. ------- Original Message ------...

In Folder key plugin operation mode, using the following password query: password_query = SELECT \ email as user, password, \ '%w' AS userdb_mail_crypt_private_password \ FROM virtual_users WHERE email='%u'; Say I have two 'email' users...will each 'email' have a 'userdb_mail_crypt_private_password' field with a plaintext password (%w) in it? And is the 'userdb_mail_crypt_private_password' used automatically to decrypt the...

...ecp521r1 # or some other preferred curve mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes # necessary for encrypting keys with user password } # File: /etc/dovecot/dovecot-sql.conf.ext password_query = SELECT \ email as user, password, \ '%w' AS userdb_mail_crypt_private_password \ FROM virtual_users WHERE email='%u'; My first question is: Is it possible to configure mail_attribute_dict in such a way as to not use home directories. Since I only use virtual accounts, without those accounts having home directories, can I somehow tell dovecot to save the attribut...

An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20230304/a3753b6e/attachment-0001.htm>

...d figured dovecot would probably just use that as a plain text string. ;-) I've now opted to do the following (I'm using PostgreSQL BTW): >> >> password_query = SELECT \ >> email as user, password, \ >> encode(digest('%w', 'sha256'), 'hex') AS userdb_mail_crypt_private_password \ >> FROM virtual_users WHERE email='%u'; >> >> Please advice if you think that this is more sensible. >> >> Also, could you give an overview of in which logs and/or other locations these passwords might show up? I'd like to clean up after myself. >>...

An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20230305/f943341b/attachment-0001.htm>

...rst question about mail_attribute_dict was simply to use other available variables to point to the virtual user's maildir paths. Like so: /var/mail/%d/%u/dovecot-attributes As for the second question: When I asked it, I was uncertain if dovecot would be able to cope with a hashed password for userdb_mail_crypt_private_password. I somehow believed dovecot required a plain text password there, as per the '%w' in the example password_query. Turns out this was not the case. Simply providing the already hashed password of the password field did the trick. So: password_query = SELECT \ email as user, password, \...

Hello, Can the mail_crypt "folder keys" feature be used with encrypted user keys in passwd-file without sql database? It seems that there is no guide in the docs. Best regards, narangd -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20200805/1878e415/attachment.html>

...gt; For above I have plugin config > > > > > > mail_plugins = $mail_plugins mail_crypt > > plugin { > > mail_crypt_curve = secp256k1 > > mail_crypt_require_encrypted_user_key = yes > > mail_crypt_save_version = 2 > > } > > > And for returning userdb_mail_crypt_private_password, I have sql query > > > > > > password_query = SELECT username, password, \ > > SHA2( CONCAT('%w',salt), 512 ) AS userdb_mail_crypt_private_password \ > > > FROM virtual_users WHERE username='%u'; > > > But how I generate key of user automat...