similar to: Best mail encryption solution for per-user

> On 26 May 2018 at 10:36 mail at sjemm.net wrote: > > > May 23, 2018 10:10 AM, mail at sjemm.net wrote: > > May 23, 2018 9:46 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: > > > >> On 23.05.2018 10:15, mail at sjemm.net wrote: > >> > >>> May 23, 2018 8:31 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote:

On 23.05.2018 10:15, mail at sjemm.net wrote: > May 23, 2018 8:31 AM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >> On 23.05.2018 09:13, mail at sjemm.net wrote: >> >>> May 20, 2018 8:01 PM, mail at sjemm.net wrote: >>>> May 20, 2018 2:47 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >>> On 19 May 2018 at 16:40 mail

On 23.05.2018 09:13, mail at sjemm.net wrote: > May 20, 2018 8:01 PM, mail at sjemm.net wrote: >> May 20, 2018 2:47 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >> >>>> On 19 May 2018 at 16:40 mail at sjemm.net wrote: >>>> >>>> May 18, 2018 10:01 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: >>>>

> On 19 May 2018 at 16:40 mail at sjemm.net wrote: > > > May 18, 2018 10:01 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: > >> On 18 May 2018 at 21:44 mail at sjemm.net wrote: > >> > >> May 18, 2018 4:43 PM, "Aki Tuomi" <aki.tuomi at dovecot.fi> wrote: > >> On 18 May 2018 at 17:38 mail at sjemm.net wrote: >

Hello everyone, I successfully set up the mail_crypt plugin using folder keys, and require user's key to be encrypted with a password using mail_crypt_require_encrypted_user_key = yes. As I'm trying to streamline the process of creating a user, and want to develop an application in PHP to help me in that process, I'm very interested in the doveadm HTTP API. Although the

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Technically creating and encrypting folder key does not require decrypting user's private key. All folder keys are encrypted with user's public key. </div> <div> <br> </div> <div> Aki </div>

What it is way most best for causing bash script run (as root) of time mailbox created (lda_mailbox_autocreate)? I use dovecot 2.3.4.1 in Debian 10. And I use of mail-crypt-plugin https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/ I setup mail-crypt for requiring user encrypted EC key (mail_crypt_require_encrypted_user_key = yes). I want for passphrase encrypt EC key using client

Hi - perhaps someone can help me. Starting from a good and well-functioning mailserver setup, I have installed MailCrypt as per the instructions (I think) to have the per-user passworded keys setup. dovecot.conf /Added:/ mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt dovecot-sql.conf.ext /commented this/ #password_query = SELECT email as user,

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> It's a known issue that the password will be set to silly value, most likely 'yes'. </div> <div> <br> </div> <div> You should generate the user key during provisioning with `doveadm cryptokey generate -Uu

So I believe I generated a key successfully with: 'doveadm mailbox cryptokey generate -u user -UR' because I got the output with the check mark and the Public ID string of characters. However I still can't read the CRYPTED emails when logging in with IMAP.. i'm still getting the following error in the mail log: Error: read() failed: read(/var/vmail/[domain .

> Technically creating and encrypting folder key does not > require decrypting user's private key. All folder keys > are encrypted with user's public key. Problem is for that this is a new user. The new user has no private key. I need for generating that private key. It do not the sense encrypts something using a key public if there is no private key. Both key public and private

mail_crypt_private_password cannot be hashed, as it's used to encrypt the key. Aki > On 06/08/2020 10:06 secure.light.0417.road <secure.light.0417.road at protonmail.com> wrote: > > > I've tried to append the field "userdb_mail_crypt_private_password=<same-hashed-password-in-passwd-file>" to the end of each user line in userdb as passwd-file. And use

Hi, Thanks for the notice! But yes, I was aware of this. For future reference though, would you mind telling me how I would go about doing this? I take it I'd first have to re-encrypt the user keys, before changing the account password. So before changing the password for a user in my PostgreSQL database, I would do the following: doveadm mailbox cryptokey password -u 'user at

??????? Original Message ??????? On Tuesday, July 2, 2019 6:32 PM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > I don't actually recommend using password directly from user as password for private keys, I recommend running them thru some hash / pkcs5 before that. That's a great idea and makes things even safer. I don't know much about PKCS5 but would SHA512 also

>> Can you try >> >> doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR >> >> Aki > > I tried that and got the following: > > [user at host](https://dovecot.org/mailman/listinfo/dovecot) :~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user

So when I tried this way I got the following output: user'@'host:~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR user'@'host:~$ And when I tried this way I got the following output: user'@'host:~$doveadm -o plugin/mail_crypt_private_password=desired_password mailbox cryptokey generate -u user -UR Folder

Hello, I am using the mail_crypt plugin with Dovecot 2.3 and have issues trying to use a mail crypt private password which contains a percent "%" character as you can see below: $ doveadm -o plugin/mail_crypt_private_password=SomethingWith\%Percent mailbox cryptokey generate -u email at domain.tld -URf doveadm(email at domain.tld): Error: Failed to expand plugin setting

Hi, Yeah, I just realized myself that what I did there was probably not the smartest thing to do, as I indeed figured dovecot would probably just use that as a plain text string. ;-) I've now opted to do the following (I'm using PostgreSQL BTW): password_query = SELECT \ email as user, password, \ encode(digest('%w', 'sha256'), 'hex') AS

> Can you try > > doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR > > Aki I tried that and got the following: user at host:~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR Folder Public ID user at host:~$ Then I sent a new email to the mail server, and I

Hi again, I was able to solve both questions. I was overthinking things. A solution to the first question about mail_attribute_dict was simply to use other available variables to point to the virtual user's maildir paths. Like so: /var/mail/%d/%u/dovecot-attributes As for the second question: When I asked it, I was uncertain if dovecot would be able to cope with a hashed password for