Ok, big progress here! Specifying user password explicitly did the
trick! The command that works is this:
doveadm -o plugin/mail_crypt_private_password=xxxxxxxxxx -Dv fetch -u
u...@mydomain.xyz text 1
Now I have to adjust/write a query which does the same in order to
read/decrypt emails via webmail. I'm going to investigate the master
user issue you mentioned.
On 2022-09-15 08:16, Aki Tuomi wrote:
On 14/09/2022 19:34 EEST Serveria Support <supp...@serveria.com>
wrote:
Thanks for your help. Do you know in which folder the keys are stored?
I'd like to check the permissions...
Some notes here, after reading this thread again:
- Keys are stored in mail_attributes file, which depends on your
config, but usually is %h/dovecot-attributes, which means it'll be in
user's home directory.
- The key format is Dovecot Dcrypt Key, you can use `doveadm mailbox
cryptokey export` to export them in PEM format. Only **global keys**
expect PEM formatted keys, which you are not using.
- If you are using mail_crypt_private_password to encrypt the user
key, you will need to provide this every time you want to access the
user's emails, including using doveadm. Dovecot does not know what
password you are using.
- Your logs indicate that you are, still, using master userdb. This
will not work. You cannot use master users with per-user encryption
passwords in the way you do. If you want to use master users / master
password, you must not encrypt the user key.
- You should really focus on reading your logs, because they really do
indicate that the userdb_mail_crypt_private_password is not exprted in
anywhere, so clearly and obviously you are not able to access the
mails.
Maybe consider removing the master user authentication completely?
Aki
