similar to: Mailcrypt plugin private password

Do I have to replace the "password" part with the actual password or can I just copy it like that? Will dovecot create the keypair automatically or do I have to use doveadm? 4. Sep. 2019, 08:33 von aki.tuomi at open-xchange.com: > > > > On 4.9.2019 9.21, **** **** via dovecot wrote: > >> Hello there, >> >> is there a way to make the

Is any of the password schemes supported or is there a reason you chose pkcs5? 4. Sep. 2019, 08:45 von aki.tuomi at open-xchange.com: > > It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. > > > To avoid

It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. To avoid this, you should probably have protocol imap { ??? passdb { ????? driver = static ????? args = userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password} }

On 4.9.2019 9.21, **** **** via dovecot wrote: > Hello there, > > is there a way to make the mailcrypt plugin use the user's password or > at least store it in a hashed value? > > I'm using a passwd file for authentication. > > I feel uncomfortable saving the private password in plaintext in that > file. > > Regards You can try in passdb return

Hi - perhaps someone can help me. Starting from a good and well-functioning mailserver setup, I have installed MailCrypt as per the instructions (I think) to have the per-user passworded keys setup. dovecot.conf /Added:/ mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt dovecot-sql.conf.ext /commented this/ #password_query = SELECT email as user,

??????? Original Message ??????? On Tuesday, July 2, 2019 6:32 PM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > I don't actually recommend using password directly from user as password for private keys, I recommend running them thru some hash / pkcs5 before that. That's a great idea and makes things even safer. I don't know much about PKCS5 but would SHA512 also

Hello Community, (sorry to be more busy, hence more running questions in parallel :) ) As mentioned in another post, I am testing mail_crypt plugin. I was wondering how to really secure the process sothat even the admin cannot have any access to the other users mail content. My current config is simple: - using per-folder keys (hence the per-user spaces are preserved) - put the

https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz.sig Note that the download URLs are now https with a certificate from Let's Encrypt. * dovecot.list.index.log rotation sizes/times were changed so that the .log file stays smaller and .log.2 is deleted sooner. + Added mail_crypt plugin that allows encryption of stored emails.

https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz.sig Note that the download URLs are now https with a certificate from Let's Encrypt. * dovecot.list.index.log rotation sizes/times were changed so that the .log file stays smaller and .log.2 is deleted sooner. + Added mail_crypt plugin that allows encryption of stored emails.

Hi everybody, I have a question about the Dovecot Mailcrypt Plugin. I'm trying to understand what the security of this plugin is based on. The encryption with private and public key and elliptic curves is basically a good thing. But the keys are in the file system together with the encrypted mails. The passwords for the private keys are in the user database. I guess the passwords have to

I try to use Mailcrypt encrypted user keys with conjustion with dbsync replication(Dovecot 2.3.6 in FreeBSD 12.0 enviroment) but was unsuccessful. If I provide a password in mail_crypt_private_password variable directly in Dovecot config all things works as expected plugin { mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes

Hi, I try to use the MailCrypt plugin with Floder encryption and encrypted user keys, using LDAP. I use Dovecot 2.2.27 (c0f36b0) I follow the wiki: https://wiki2.dovecot.org/Plugins/MailCrypt doveconf -n and dovecot-ldap.conf.ext attached to this message. I well configured slapd to let dovecot's dn query the userPassword (hashed password SSHA). I use fusiondirectory-mail plugin:

Hai, Do you have advice about Dovecot plugins for mail encryption: https://wiki2.dovecot.org/Plugins/MailCrypt https://0xacab.org/riseuplabs/trees I like NaCL based encryption but the MailCrypt plugin is better because it's maintained by Dovecot developers (is this correct?) Hard to understand MailCrypt docs so may I ask, may I provide per user encryption? I don't like global

I read the mailcrypt plugin document on the wiki and had couple questions. 1. If I want per-user encryption am I correct I should configure global keys with all related settings override in the userdb lookup? 2. If I do not want to encrypt some user accounts, is it enough to omit the mail_crypt_global_private_key from the userdb lookup? In other word, mail_plugins still active with

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 14/09/2019 16:08 Daniel Niewerth via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

What it is way most best for causing bash script run (as root) of time mailbox created (lda_mailbox_autocreate)? I use dovecot 2.3.4.1 in Debian 10. And I use of mail-crypt-plugin https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/ I setup mail-crypt for requiring user encrypted EC key (mail_crypt_require_encrypted_user_key = yes). I want for passphrase encrypt EC key using client

Hi everybody, I run two redundant Dovecot servers with a shared Maildir on a GlusterFS volume and a SQL authentication backend based on a mirrored MariaDB database. Because of the splitbrain situation I would like to add two Dovecot Director as proxies. Since a few days I am trying to get the setup running. In the meantime I have achieved that the clients can successfully authenticate on the

I've successfully implemented the mail_crypt plugin on v2.2.27 and it's working like a champ, but some of our administrative operations require access to Maildir messages in plaintext. I've found numerous threads detailing help with mail_crypt setup, but none of my research has yielded a method of decrypting the stored messages. Relevant plugin config: mail_crypt_curve =

> On 11 April 2019 17:44 David Salisbury via dovecot <dovecot at dovecot.org> wrote: > > > On 4/11/2019 1:50 AM, Aki Tuomi wrote: > > > >> ... > >> So, not being an expert at encryption, what are the ramifications of > >> those digests being read as different values in the two different > >> places???? I do notice that the