similar to: Best mail encryption solution for per-user

On 23.05.2018 09:13, mail at sjemm.net wrote: > May 20, 2018 8:01 PM, mail at sjemm.net wrote: >> May 20, 2018 2:47 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >> >>>> On 19 May 2018 at 16:40 mail at sjemm.net wrote: >>>> >>>> May 18, 2018 10:01 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >>>>

On 23.05.2018 10:15, mail at sjemm.net wrote: > May 23, 2018 8:31 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >> On 23.05.2018 09:13, mail at sjemm.net wrote: >> >>> May 20, 2018 8:01 PM, mail at sjemm.net wrote: >>>> May 20, 2018 2:47 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >>> On 19 May 2018 at 16:40 mail

> On 26 May 2018 at 10:36 mail at sjemm.net wrote: > > > May 23, 2018 10:10 AM, mail at sjemm.net wrote: > > May 23, 2018 9:46 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: > > > >> On 23.05.2018 10:15, mail at sjemm.net wrote: > >> > >>> May 23, 2018 8:31 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote:

On 27.05.2018 21:16, mail at sjemm.net wrote: > May 27, 2018 8:52 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >>> On 26 May 2018 at 10:36 mail at sjemm.net wrote: >>> >>> May 23, 2018 10:10 AM, mail at sjemm.net wrote: >>> May 23, 2018 9:46 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >>> >>> On

Hello everyone, I successfully set up the mail_crypt plugin using folder keys, and require user's key to be encrypted with a password using mail_crypt_require_encrypted_user_key = yes. As I'm trying to streamline the process of creating a user, and want to develop an application in PHP to help me in that process, I'm very interested in the doveadm HTTP API. Although the

Hi - perhaps someone can help me. Starting from a good and well-functioning mailserver setup, I have installed MailCrypt as per the instructions (I think) to have the per-user passworded keys setup. dovecot.conf /Added:/ mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt dovecot-sql.conf.ext /commented this/ #password_query = SELECT email as user,

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Technically creating and encrypting folder key does not require decrypting user's private key. All folder keys are encrypted with user's public key. </div> <div> <br> </div> <div> Aki </div>

What it is way most best for causing bash script run (as root) of time mailbox created (lda_mailbox_autocreate)? I use dovecot 2.3.4.1 in Debian 10. And I use of mail-crypt-plugin https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/ I setup mail-crypt for requiring user encrypted EC key (mail_crypt_require_encrypted_user_key = yes). I want for passphrase encrypt EC key using client

Hi again, I was able to solve both questions. I was overthinking things. A solution to the first question about mail_attribute_dict was simply to use other available variables to point to the virtual user's maildir paths. Like so: /var/mail/%d/%u/dovecot-attributes As for the second question: When I asked it, I was uncertain if dovecot would be able to cope with a hashed password for

Hi, Yeah, I just realized myself that what I did there was probably not the smartest thing to do, as I indeed figured dovecot would probably just use that as a plain text string. ;-) I've now opted to do the following (I'm using PostgreSQL BTW): password_query = SELECT \ email as user, password, \ encode(digest('%w', 'sha256'), 'hex') AS

Hi, Thanks for the notice! But yes, I was aware of this. For future reference though, would you mind telling me how I would go about doing this? I take it I'd first have to re-encrypt the user keys, before changing the account password. So before changing the password for a user in my PostgreSQL database, I would do the following: doveadm mailbox cryptokey password -u 'user at

Hi again, I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts. After an initial topic from me about encrypting already existent mail, I could now use some pointers on how to set up the mail-crypt plugin for pure virtual accounts (i.e. that have no matching system users and/or home directories. I hope somebody can clarify a few things that are not

Hi everyone, I'm trying to configure my email server to encrypt mails on a per user basis. I have the following in my conf: mail_plugins = $mail_plugins mail_crypt mail_attribute_dict = file:%h/Mail/dovecot-attributes plugin { mail_crypt_curve = secp521r1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes mail_crypt_private_password =

So I believe I generated a key successfully with: 'doveadm mailbox cryptokey generate -u user -UR' because I got the output with the check mark and the Public ID string of characters. However I still can't read the CRYPTED emails when logging in with IMAP.. i'm still getting the following error in the mail log: Error: read() failed: read(/var/vmail/[domain .

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> It's a known issue that the password will be set to silly value, most likely 'yes'. </div> <div> <br> </div> <div> You should generate the user key during provisioning with `doveadm cryptokey generate -Uu

> Technically creating and encrypting folder key does not > require decrypting user's private key. All folder keys > are encrypted with user's public key. Problem is for that this is a new user. The new user has no private key. I need for generating that private key. It do not the sense encrypts something using a key public if there is no private key. Both key public and private

mail_crypt_private_password cannot be hashed, as it's used to encrypt the key. Aki > On 06/08/2020 10:06 secure.light.0417.road <secure.light.0417.road at protonmail.com> wrote: > > > I've tried to append the field "userdb_mail_crypt_private_password=<same-hashed-password-in-passwd-file>" to the end of each user line in userdb as passwd-file. And use

Hi, What would be a good backup method for mail stored encrypted with mail_crypt per user(folder). As the administrator does not have the key (the user has) i'm thinking: - the user must backup his/her email via the mail client, but as an admin you want to be able to restore mail when needed on the server itself or on a new server. - the admin creates a backup of the vmail folder per user

Quoting tai74 at vfemail.net: > Aki really thanks for reply,, I hope for continue the conversation, > >>> Do you have advice about Dovecot plugins for mail encryption: >>> >>> https://wiki2.dovecot.org/Plugins/MailCrypt >>> https://0xacab.org/riseuplabs/trees >>> >>> I like NaCL based encryption but the MailCrypt plugin is better

> On February 9, 2018 at 3:20 AM tai74 at vfemail.net wrote: > > > > Hai, > > Do you have advice about Dovecot plugins for mail encryption: > > https://wiki2.dovecot.org/Plugins/MailCrypt > > https://0xacab.org/riseuplabs/trees > > I like NaCL based encryption but the MailCrypt plugin is better > because it's maintained by Dovecot developers