similar to: Best mail encryption solution for per-user

> On 26 May 2018 at 10:36 mail at sjemm.net wrote: > > > May 23, 2018 10:10 AM, mail at sjemm.net wrote: > > May 23, 2018 9:46 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: > > > >> On 23.05.2018 10:15, mail at sjemm.net wrote: > >> > >>> May 23, 2018 8:31 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote:

On 27.05.2018 21:16, mail at sjemm.net wrote: > May 27, 2018 8:52 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >>> On 26 May 2018 at 10:36 mail at sjemm.net wrote: >>> >>> May 23, 2018 10:10 AM, mail at sjemm.net wrote: >>> May 23, 2018 9:46 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >>> >>> On

On 23.05.2018 09:13, mail at sjemm.net wrote: > May 20, 2018 8:01 PM, mail at sjemm.net wrote: >> May 20, 2018 2:47 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >> >>>> On 19 May 2018 at 16:40 mail at sjemm.net wrote: >>>> >>>> May 18, 2018 10:01 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >>>>

> On 19 May 2018 at 16:40 mail at sjemm.net wrote: > > > May 18, 2018 10:01 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: > >> On 18 May 2018 at 21:44 mail at sjemm.net wrote: > >> > >> May 18, 2018 4:43 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: > >> On 18 May 2018 at 17:38 mail at sjemm.net wrote: >

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> It's a known issue that the password will be set to silly value, most likely 'yes'. </div> <div> <br> </div> <div> You should generate the user key during provisioning with `doveadm cryptokey generate -Uu

> Technically creating and encrypting folder key does not > require decrypting user's private key. All folder keys > are encrypted with user's public key. Problem is for that this is a new user. The new user has no private key. I need for generating that private key. It do not the sense encrypts something using a key public if there is no private key. Both key public and private

What it is way most best for causing bash script run (as root) of time mailbox created (lda_mailbox_autocreate)? I use dovecot 2.3.4.1 in Debian 10. And I use of mail-crypt-plugin https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/ I setup mail-crypt for requiring user encrypted EC key (mail_crypt_require_encrypted_user_key = yes). I want for passphrase encrypt EC key using client

Hello everyone, I successfully set up the mail_crypt plugin using folder keys, and require user's key to be encrypted with a password using mail_crypt_require_encrypted_user_key = yes. As I'm trying to streamline the process of creating a user, and want to develop an application in PHP to help me in that process, I'm very interested in the doveadm HTTP API. Although the

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Technically creating and encrypting folder key does not require decrypting user's private key. All folder keys are encrypted with user's public key. </div> <div> <br> </div> <div> Aki </div>

Hi - perhaps someone can help me. Starting from a good and well-functioning mailserver setup, I have installed MailCrypt as per the instructions (I think) to have the per-user passworded keys setup. dovecot.conf /Added:/ mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt dovecot-sql.conf.ext /commented this/ #password_query = SELECT email as user,

So I believe I generated a key successfully with: 'doveadm mailbox cryptokey generate -u user -UR' because I got the output with the check mark and the Public ID string of characters. However I still can't read the CRYPTED emails when logging in with IMAP.. i'm still getting the following error in the mail log: Error: read() failed: read(/var/vmail/[domain .

mail_crypt_private_password cannot be hashed, as it's used to encrypt the key. Aki > On 06/08/2020 10:06 secure.light.0417.road <secure.light.0417.road at protonmail.com> wrote: > > > I've tried to append the field "userdb_mail_crypt_private_password=<same-hashed-password-in-passwd-file>" to the end of each user line in userdb as passwd-file. And use

Hi, Thanks for the notice! But yes, I was aware of this. For future reference though, would you mind telling me how I would go about doing this? I take it I'd first have to re-encrypt the user keys, before changing the account password. So before changing the password for a user in my PostgreSQL database, I would do the following: doveadm mailbox cryptokey password -u 'user at

Hello, I am using the mail_crypt plugin with Dovecot 2.3 and have issues trying to use a mail crypt private password which contains a percent "%" character as you can see below: $ doveadm -o plugin/mail_crypt_private_password=SomethingWith\%Percent mailbox cryptokey generate -u email at domain.tld -URf doveadm(email at domain.tld): Error: Failed to expand plugin setting

Hi, Yeah, I just realized myself that what I did there was probably not the smartest thing to do, as I indeed figured dovecot would probably just use that as a plain text string. ;-) I've now opted to do the following (I'm using PostgreSQL BTW): password_query = SELECT \ email as user, password, \ encode(digest('%w', 'sha256'), 'hex') AS

Hi again, I was able to solve both questions. I was overthinking things. A solution to the first question about mail_attribute_dict was simply to use other available variables to point to the virtual user's maildir paths. Like so: /var/mail/%d/%u/dovecot-attributes As for the second question: When I asked it, I was uncertain if dovecot would be able to cope with a hashed password for

> > > Hello, > > I am using the mail_crypt plugin with Dovecot 2.3 and have issues trying to use a mail crypt private password which contains a percent "%" character as you can see below: > > $ doveadm -o plugin/mail_crypt_private_password=SomethingWith\%Percent mailbox cryptokey generate -u email at domain.tld -URf > > doveadm(email at domain.tld):

> On May 26, 2017 at 5:13 PM "dovecot at avv.solutions" <dovecot at avv.solutions> wrote: > > > Hello Community, > > (sorry to be more busy, hence more running questions in parallel :) ) > > As mentioned in another post, I am testing mail_crypt plugin. > > I was wondering how to really secure the process sothat even the admin > cannot have any

Hi, What would be a good backup method for mail stored encrypted with mail_crypt per user(folder). As the administrator does not have the key (the user has) i'm thinking: - the user must backup his/her email via the mail client, but as an admin you want to be able to restore mail when needed on the server itself or on a new server. - the admin creates a backup of the vmail folder per user

Hi again, I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts. After an initial topic from me about encrypting already existent mail, I could now use some pointers on how to set up the mail-crypt plugin for pure virtual accounts (i.e. that have no matching system users and/or home directories. I hope somebody can clarify a few things that are not