How can I set the global private key in conf? I was following the
official mail-crypt tutorial. This is what I have in dovecot.conf
mail-crypt section:
mail_crypt_curve = secp521r1
mail_crypt_save_version = 2
mail_crypt_require_encrypted_user_key = yes
On 2022-09-14 17:23, hi@zakaria.website wrote:
On 2022-09-14 14:41, Serveria Support wrote:
Hi,
This log shows no errors. Running doveadm fetch command gives me this:
doveadm(u...@mydomain.xyz): Error: fetch(text) failed for box=INBOX
uid=15: read() failed:
read(/var/vmail/vmail1/mydomain.xyz/a/b/d/xxxxxxxx-2022.09.09.05.52.29//Maildir/cur/1663034263.M491074P1457418.mx,S=2217,W=2266:2,S)
failed: Private key not available: Cannot decrypt key
fd98762c573b8c54805884838695bd5b7eaeb9e0b0d326434c2f63a95a905a89:
Cannot decrypt key
10fed5d3e938ce19a20046b84f29e50a271f6404f0760037996b4cf2d1ecfeb7:
Password not available
On 2022-09-13 14:43, hi@zakaria.website wrote:
On 2022-09-02 20:40, Serveria Support wrote:
I tried it but it doesn't seem to make any difference at all.
Can someone please assist me with reading logs? Does this log below
mean Dovecot is trying to use master_user again or simply reading
master_user password file?
Sep 2 15:35:33 mx dovecot: auth: Debug: Read auth token secret from
/run/dovecot/auth-token-secret.dat
Sep 2 15:35:33 mx dovecot: auth: Debug: passwd-file
/etc/dovecot/dovecot-master-users: Read 1 users in 0 secs
Sep 2 15:35:33 mx dovecot: auth: Debug: auth client connected
(pid=900284)
Sep 2 15:35:33 mx dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011secured=tls#011session=Vfxm1bbnRo9/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=36678#011local_name=127.0.0.1#011resp=AHRlc3RvQG1haWxjaXRhZGVsLnh5egA0SFBYMWt0OSE=
(previous base64 data may contain sensitive data)
Everything ok here?
Sep 2 15:25:34 mx dovecot: auth: Debug: auth client connected
(pid=899859)
Sep 2 15:25:34 mx dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011secured=tls#011session=97OusbbnXI1/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=36188#011local_name=127.0.0.1#011resp=AHRlc3RvQG1haWxjaXRhZGVsLnh5egA0SFBYMWt0OSE=
(previous base64 data may contain sensitive data)
Sep 2 15:25:34 mx dovecot: auth: Debug:
sql(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing
passdb lookup
Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn
unix:auth-worker (pid=899853,uid=110): auth-worker<3>: Handling
PASSV request
Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn
unix:auth-worker (pid=899853,uid=110): auth-worker<3>:
sql(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing
passdb lookup
Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn
unix:auth-worker (pid=899853,uid=110): auth-worker<3>:
sql(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): query: SELECT
mailbox.password, mailbox.allow_nets FROM mailbox,domain WHERE
mailbox.username='us...@mydomain.xyz' AND mailbox.`enableimaptls`=1
AND mailbox.active=1 AND mailbox.domain=domain.domain AND
domain.backupmx=0 AND domain.active=1
Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn
unix:auth-worker (pid=899853,uid=110): auth-worker<3>:
sql(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished
passdb lookup
Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn
unix:auth-worker (pid=899853,uid=110): auth-worker<3>: Finished
Sep 2 15:25:34 mx dovecot: auth: Debug:
sql(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished
passdb lookup
Sep 2 15:25:34 mx dovecot: auth: Debug:
auth(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Auth request
finished
Sep 2 15:25:34 mx dovecot: auth: Debug: client passdb out:
OK#0111#011user=us...@mydomain.xyz
Sep 2 15:25:34 mx dovecot: auth: Debug: master in:
REQUEST#0111998585857#011899859#0111#01131314e9e09e38b194a05b78bfe279780#011session_pid=899860#011request_auth_token
Sep 2 15:25:34 mx dovecot: auth: Debug:
sql(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing
userdb lookup
Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn
unix:auth-worker (pid=899853,uid=110): auth-worker<4>: Handling USER
request
Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn
unix:auth-worker (pid=899853,uid=110): auth-worker<4>:
sql(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing
userdb lookup
Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn
unix:auth-worker (pid=899853,uid=110): auth-worker<4>:
sql(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): SELECT
LOWER(CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode,
'/', mailbox.maildir)) AS home, CONCAT(mailbox.mailboxformat, ':~/',
mailbox.mailboxfolder) AS mail, CONCAT('*:bytes=',
mailbox.quota*1048576) AS quota_rule FROM mailbox,domain WHERE
mailbox.username='us...@mydomain.xyz' AND mailbox.`enableimaptls`=1
AND mailbox.active=1 AND mailbox.domain=domain.domain AND
domain.backupmx=0 AND domain.active=1
Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn
unix:auth-worker (pid=899853,uid=110): auth-worker<4>:
sql(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished
userdb lookup
Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn
unix:auth-worker (pid=899853,uid=110): auth-worker<4>: Finished
Sep 2 15:25:34 mx dovecot: auth: Debug:
sql(us...@mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished
userdb lookup
Sep 2 15:25:34 mx dovecot: auth: Debug: master userdb out:
USER#0111998585857#011us...@mydomain.xyz#011home=/var/vmail/vmail1/mydomain.xyz/t/e/s/xxxxx-2022.08.30.06.07.08/#011mail=maildir:~/Maildir#011quota_rule=*:bytes=1073741824#011auth_mech=PLAIN#011auth_token=fac9c351492fd6073176272c79ff65b1b3e87f37
Sep 2 15:25:34 mx dovecot:
imap(us...@mydomain.xyz)<899860><97OusbbnXI1/AAAB>: Debug: Added
userdb setting: mail=maildir:~/Maildir
Sep 2 15:25:34 mx dovecot:
imap(us...@mydomain.xyz)<899860><97OusbbnXI1/AAAB>: Debug: Added
userdb setting: plugin/quota_rule=*:bytes=1073741824
Sep 2 15:25:34 mx dovecot:
imap(us...@mydomain.xyz)<899860><97OusbbnXI1/AAAB>: Debug: Effective
uid=2000, gid=2000,
home=/var/vmail/vmail1/mydomain.xyz/t/e/s/xxxxx-2022.08.30.06.07.08/
Any ideas?
On 2022-09-02 20:08, dove...@ptld.com wrote:
password_query = SELECT \
username as user, password, \
'%w' AS userdb_mail_crypt_private_password \
FROM mailbox WHERE username="%u";
Try if using ' instead of " makes a difference.
FROM mailbox WHERE username='%u';
The logs doesn't show any errors?
Private key not available? Isn't clear enough?
Did you set the global private key in dovecot config?
The error is saying the private key that meant to be used to decrypt
emails is not found, thus it must be the path you set in mail crypt
plugin definition is incorrect or private key file have either wrong
ownership or permissions.
Notice it has to be in .pem format as well.