similar to: mail_crypt folder keys without sql database

mail_crypt_private_password cannot be hashed, as it's used to encrypt the key. Aki > On 06/08/2020 10:06 secure.light.0417.road <secure.light.0417.road at protonmail.com> wrote: > > > I've tried to append the field "userdb_mail_crypt_private_password=<same-hashed-password-in-passwd-file>" to the end of each user line in userdb as passwd-file. And use

What it is way most best for causing bash script run (as root) of time mailbox created (lda_mailbox_autocreate)? I use dovecot 2.3.4.1 in Debian 10. And I use of mail-crypt-plugin https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/ I setup mail-crypt for requiring user encrypted EC key (mail_crypt_require_encrypted_user_key = yes). I want for passphrase encrypt EC key using client

> Technically creating and encrypting folder key does not > require decrypting user's private key. All folder keys > are encrypted with user's public key. Problem is for that this is a new user. The new user has no private key. I need for generating that private key. It do not the sense encrypts something using a key public if there is no private key. Both key public and private

Hello Community, (sorry to be more busy, hence more running questions in parallel :) ) As mentioned in another post, I am testing mail_crypt plugin. I was wondering how to really secure the process sothat even the admin cannot have any access to the other users mail content. My current config is simple: - using per-folder keys (hence the per-user spaces are preserved) - put the

An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20230304/f769686e/attachment.htm>

An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20230305/f943341b/attachment-0001.htm>

An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20230304/a3753b6e/attachment-0001.htm>

Hi everyone, I'm trying to configure my email server to encrypt mails on a per user basis. I have the following in my conf: mail_plugins = $mail_plugins mail_crypt mail_attribute_dict = file:%h/Mail/dovecot-attributes plugin { mail_crypt_curve = secp521r1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes mail_crypt_private_password =

Hi again, I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts. After an initial topic from me about encrypting already existent mail, I could now use some pointers on how to set up the mail-crypt plugin for pure virtual accounts (i.e. that have no matching system users and/or home directories. I hope somebody can clarify a few things that are not

> On 06/08/2020 13:52 secure.light.0417.road <secure.light.0417.road at protonmail.com> wrote: > > > Ah, right. The hashed password can't be used to encrypt. > > I want to remove possibility to decrypt mails using materials in mail servers in VPS. I've thought about below scenario: > > 1. The client generates asymmetric keys in local. > 2. The client

Hai, Do you have advice about Dovecot plugins for mail encryption: https://wiki2.dovecot.org/Plugins/MailCrypt https://0xacab.org/riseuplabs/trees I like NaCL based encryption but the MailCrypt plugin is better because it's maintained by Dovecot developers (is this correct?) Hard to understand MailCrypt docs so may I ask, may I provide per user encryption? I don't like global

Aki really thanks for reply,, I hope for continue the conversation, >> Do you have advice about Dovecot plugins for mail encryption: >> >> https://wiki2.dovecot.org/Plugins/MailCrypt >> https://0xacab.org/riseuplabs/trees >> >> I like NaCL based encryption but the MailCrypt plugin is better >> because it's maintained by Dovecot developers (is this

mail_attribute_dict = file:%h/Maildir/dovecot-attributes > dovecot.conf Apparently so?)) ----- ???????? ????????? ----- > ??: "Evgeniy Korneechev" <ekorneechev at altlinux.org> > ????: "dovecot" <dovecot at dovecot.org> > ????????????: ???????, 17 ?????? 2017 ? 17:32:38 > ????: Re: Plugin "mail_crypt" does not work > Hi, guys. Also,

??????? Original Message ??????? On Tuesday, July 2, 2019 6:32 PM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > I don't actually recommend using password directly from user as password for private keys, I recommend running them thru some hash / pkcs5 before that. That's a great idea and makes things even safer. I don't know much about PKCS5 but would SHA512 also

We tried these rights: [root at mail44 dovecot]# ls -la ????? 80 drwxr-xr-x 8 root root 4096 ??? 13 13:17 . drwxr-xr-x 98 root root 12288 ??? 11 11:47 .. drwxrwxrwx 2 root root 4096 ??? 10 15:58 eckey drwxr-xr-x 2 root root 4096 ??? 13 12:42 eckey2 drwxr-xr-x 2 vmail vmail 4096 ??? 11 09:14 RSAkey [root at mail44 dovecot]# cd eckey2 [root at mail44 eckey2]# ls -la ????? 16

Hello, I am using the mail_crypt plugin with Dovecot 2.3 and have issues trying to use a mail crypt private password which contains a percent "%" character as you can see below: $ doveadm -o plugin/mail_crypt_private_password=SomethingWith\%Percent mailbox cryptokey generate -u email at domain.tld -URf doveadm(email at domain.tld): Error: Failed to expand plugin setting

So I believe I generated a key successfully with: 'doveadm mailbox cryptokey generate -u user -UR' because I got the output with the check mark and the Public ID string of characters. However I still can't read the CRYPTED emails when logging in with IMAP.. i'm still getting the following error in the mail log: Error: read() failed: read(/var/vmail/[domain .

So when I tried this way I got the following output: user'@'host:~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR user'@'host:~$ And when I tried this way I got the following output: user'@'host:~$doveadm -o plugin/mail_crypt_private_password=desired_password mailbox cryptokey generate -u user -UR Folder

How do I enable the mail-crypt-plugin globally? Do I have to place 'mail_plugins = $mail_plugins mail_crypt' inside ever conf.d file where there is a protocol code block? Like for example the protocol lda codeblock in 15-lda.conf and the protocol imap codeblock in 20-imap.conf I placed 'mail_plugins = $mail_plugins mail_crypt' in 20-lmtp.conf inside the protocol lmtp code block,

> On May 26, 2017 at 5:13 PM "dovecot at avv.solutions" <dovecot at avv.solutions> wrote: > > > Hello Community, > > (sorry to be more busy, hence more running questions in parallel :) ) > > As mentioned in another post, I am testing mail_crypt plugin. > > I was wondering how to really secure the process sothat even the admin > cannot have any