Hard to say.
If you are logging is master_user, there will be different password than normal
user. Usually. With your setup, you can only access user's mail if you are
using the exact same password that the user was using.
Your logs seem to indicate that you are logging as master_user, so you are
probably unable to access mails.
Aki
> On 29/08/2022 10:51 EEST Serveria Support <supp...@serveria.com> wrote:
>
>
> Emm, sorry for the confusion, there are two users authenticating -
> master user "postmaster" and the second user called "test". I have just
> obfuscated users by replacing usernames with myuser. So no, this
> shouldn't be the issue.
>
> Any other suggestions?
>
> On 2022-08-29 10:30, Aki Tuomi wrote:
> >> On 29/08/2022 09:26 EEST Serveria Support <supp...@serveria.com>
> >> wrote:
> >>
> >>
> >> It's a testing install my main goal is to make it work. I will play
> >> around with password encryption before going live.
> >>
> >> I have enabled all possible debugging yet I can's see the value you
> >> mentioned in the log file. Could you please point me?
> >>
> >> Aug 29 01:46:30 mx dovecot: auth-worker(648543): Debug: conn
> >> unix:auth-worker (pid=648542,uid=110): auth-worker<1>:
> >> sql(myu...@mydomain.xyz,xx.xx.xx.xx,<Y+4ayVrnJ9VV/kpz>): query: SELECT
> >> mailbox.password, mailbox.allow_nets FROM mailbox,domain WHERE
> >> mailbox.username='myu...@mydomain.xyz' AND mailbox.`enableimaptls`=1
> >> AND
> >> mailbox.active=1 AND mailbox.domain=domain.domain AND
> >> domain.backupmx=0
> >> AND domain.active=1
> >
> > it's not set here.
> >
> >
> >> Aug 29 01:46:30 mx dovecot: auth-worker(648543): Debug: conn
> >> unix:auth-worker (pid=648542,uid=110): auth-worker<2>:
> >> sql(myu...@mydomain.xyz,xx.xx.xx.xx,<Y+4ayVrnJ9VV/kpz>): SELECT
> >> LOWER('myu...@mydomain.xyz') AS master_user,
> >> LOWER(CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode,
> >> '/', mailbox.maildir)) AS home, CONCAT(mailbox.mailboxformat, ':~/',
> >> mailbox.mailboxfolder) AS mail, CONCAT('*:bytes=',
> >> mailbox.quota*1048576) AS quota_rule FROM mailbox,domain WHERE
> >> mailbox.username='myu...@mydomain.xyz' AND mailbox.`enableimaptls`=1
> >> AND
> >> mailbox.active=1 AND mailbox.domain=domain.domain AND
> >> domain.backupmx=0
> >> AND domain.active=1
> >
> > it's not set here either.
> >
> > So. You are doing master user login, and are wondering why user's
> > password is not available?
> >
> > Master user logins are not really compatible with using user's
> > password as encryption key.
> >
> > Aki
> >
> >>
> >> On 2022-08-29 07:56, Aki Tuomi wrote:
> >> >> On 28/08/2022 09:20 EEST Serveria Support <supp...@serveria.com>
> >> >> wrote:
> >> >>
> >> >>
> >> >> I'm trying to setup Dovecot with mail-crypt plugin with per-user
> >> >> encryption.
> >> >>
> >> >> I have configured mail-crypt plugin as per official guide here:
> >> >> https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/
> >> >>
> >> >> After that I created a user and an encrypted key by running this
> >> >> command: doveadm -o \plugin/mail_crypt_private_password=12345 mailbox
> >> >> cryptokey generate -u m...@example.org -URf (replacing dummy data ofc)
> >> >>
> >> >> I can log in to webmail (and Dovecot) just fine, emails are getting
> >> >> sent
> >> >> and delivered. I have also checked the storage and the messages seem
> >> >> to
> >> >> be stored encrypted.
> >> >>
> >> >> However, I can't read the emails in webmail (just headers can be seen)
> >> >> and in Dovecot logs I can see the following error:
> >> >>
> >> >> failed: Private key not available: Cannot decrypt key ### Cannot
> >> >> decrypt
> >> >> key ### <8632: Password not available (FETCH RFC822.HEADER)
> >> >>
> >> >> There seems to be an issue with mySQL query. The query I'm using
> >> >> (Select
> >> >> username as "user", password,"%w" as
> >> >> userdb_mail_crypt_private_password
> >> >> from mailbox;) seems to work just fine, when run from mysql prompt it
> >> >> outputs the usernames and passwords, but the error is still there
> >> >> (Cannot decrypt key ### Password not available).
> >> >>
> >> >> Any ideas? What am I missing
> >> >
> >> > Hi!
> >> >
> >> > First of all, it's super-unsafe to use user's password like that as
> >> > private password, at least run it through SHA256. This prevents
> >> > dovecot from doing expansions on it by accident.
> >> >
> >> > Secondly, enable mail_debug=yes and auth_debug=yes, run it again, and
> >> > make sure the correct value gets added as
> >> > 'plugin/mail_crypt_private_password' when using with webmail.
> >> >
> >> > Aki
