similar to: Another mail_crypt question: figure out to password secure using mysql

> On May 26, 2017 at 5:13 PM "dovecot at avv.solutions" <dovecot at avv.solutions> wrote: > > > Hello Community, > > (sorry to be more busy, hence more running questions in parallel :) ) > > As mentioned in another post, I am testing mail_crypt plugin. > > I was wondering how to really secure the process sothat even the admin > cannot have any

Hello, Can the mail_crypt "folder keys" feature be used with encrypted user keys in passwd-file without sql database? It seems that there is no guide in the docs. Best regards, narangd -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20200805/1878e415/attachment.html>

??????? Original Message ??????? On Tuesday, July 2, 2019 6:32 PM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > I don't actually recommend using password directly from user as password for private keys, I recommend running them thru some hash / pkcs5 before that. That's a great idea and makes things even safer. I don't know much about PKCS5 but would SHA512 also

What it is way most best for causing bash script run (as root) of time mailbox created (lda_mailbox_autocreate)? I use dovecot 2.3.4.1 in Debian 10. And I use of mail-crypt-plugin https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/ I setup mail-crypt for requiring user encrypted EC key (mail_crypt_require_encrypted_user_key = yes). I want for passphrase encrypt EC key using client

> Technically creating and encrypting folder key does not > require decrypting user's private key. All folder keys > are encrypted with user's public key. Problem is for that this is a new user. The new user has no private key. I need for generating that private key. It do not the sense encrypts something using a key public if there is no private key. Both key public and private

Hi everyone, I'm trying to configure my email server to encrypt mails on a per user basis. I have the following in my conf: mail_plugins = $mail_plugins mail_crypt mail_attribute_dict = file:%h/Mail/dovecot-attributes plugin { mail_crypt_curve = secp521r1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes mail_crypt_private_password =

Do I have to replace the "password" part with the actual password or can I just copy it like that? Will dovecot create the keypair automatically or do I have to use doveadm? 4. Sep. 2019, 08:33 von aki.tuomi at open-xchange.com: > > > > On 4.9.2019 9.21, **** **** via dovecot wrote: > >> Hello there, >> >> is there a way to make the

Is any of the password schemes supported or is there a reason you chose pkcs5? 4. Sep. 2019, 08:45 von aki.tuomi at open-xchange.com: > > It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. > > > To avoid

??????? Original Message ??????? On Tuesday, July 2, 2019 6:21 PM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > Hi, you need to escape % with %%. We are aware of a bug affecting when % comes in from some field via userdb, and we are looking into how to fix this. Hi Aki, Thank you very much for your very fast answer. I will then simply double the percent character as workaround

Hello there, is there a way to make the mailcrypt plugin use the user's password or at least store it in a hashed value? I'm using a passwd file for authentication. I feel uncomfortable saving the private password in plaintext in that file. Regards -------------- next part -------------- An HTML attachment was scrubbed... URL:

mail_crypt_private_password cannot be hashed, as it's used to encrypt the key. Aki > On 06/08/2020 10:06 secure.light.0417.road <secure.light.0417.road at protonmail.com> wrote: > > > I've tried to append the field "userdb_mail_crypt_private_password=<same-hashed-password-in-passwd-file>" to the end of each user line in userdb as passwd-file. And use

Hello, I am using the mail_crypt plugin with Dovecot 2.3 and have issues trying to use a mail crypt private password which contains a percent "%" character as you can see below: $ doveadm -o plugin/mail_crypt_private_password=SomethingWith\%Percent mailbox cryptokey generate -u email at domain.tld -URf doveadm(email at domain.tld): Error: Failed to expand plugin setting

Hai, Do you have advice about Dovecot plugins for mail encryption: https://wiki2.dovecot.org/Plugins/MailCrypt https://0xacab.org/riseuplabs/trees I like NaCL based encryption but the MailCrypt plugin is better because it's maintained by Dovecot developers (is this correct?) Hard to understand MailCrypt docs so may I ask, may I provide per user encryption? I don't like global

Hello everybody, hope you?re all well! We have a really strange bug with our dovecot setup. After weeks and month of debugging we?re finally reached the point when we ask you for help. Our basic setup is quite simple: a single dovecot 2.3.10 (0da0eff44) install on Debian 10 with LDAP as user/passdb and sieve, imap_sieve and mail_crypt as mail_plugins. For the mail_crypt we have a special rule

Hello Aki, Thank you for getting back. I tried your suggestion, but nope... I also checked the perms on dirss/files to be vmail rw(x)------ ; yet does not changed the beahaviour :( On 05/26/2017 12:29 PM, Aki Tuomi wrote: > You probably want to set subscriptions=no, so they will be done in the > parent namespace instead. > > Aki > > > On 26.05.2017 13:22, dovecot at

Hi again, I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts. After an initial topic from me about encrypting already existent mail, I could now use some pointers on how to set up the mail-crypt plugin for pure virtual accounts (i.e. that have no matching system users and/or home directories. I hope somebody can clarify a few things that are not

An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20230304/f769686e/attachment.htm>

Aki really thanks for reply,, I hope for continue the conversation, >> Do you have advice about Dovecot plugins for mail encryption: >> >> https://wiki2.dovecot.org/Plugins/MailCrypt >> https://0xacab.org/riseuplabs/trees >> >> I like NaCL based encryption but the MailCrypt plugin is better >> because it's maintained by Dovecot developers (is this

An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20230304/a3753b6e/attachment-0001.htm>

An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20230305/f943341b/attachment-0001.htm>