-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 24 May 2014, Stanislas SABATIER wrote:
Dovecot is handling the final delivery, through mail-filter plugin as
follow :
1. both users contexts are created from user_db queries
2. mail-filter plugin is init for user2
3. /mail_user_created/ for user2
4. mai-filter plugin arguments are parsed for user2
5. â?¦/mail_allocated/ then /mail_save_begin/ for user2 (at this stage,
the email is encrypted with users2 params)
6. Dovecot tells to LMTP that mail for user2 is delivered
7. then, â?? we are still in user2 context â??, an other
/mail_allocated/ is run, followed by a /istream_opened/
8. mail user context is swithed to user3 --> /mail_user_created/ -->
plugin's args parsed --> â?¦ /mail_allocated/
9. andâ?¦ Dovecot tells to LMTP that mail for user3 is delivered
So, it appears that Dovecot is re-using user2's email to pass it to
user3 by opening an istream in user2's context. In my configuration,
Dovecot can't do that because it has not the user2's private rsa key to
reopen the email it has just encrypted, so it passes the email to user3
with user2 encryption params.
Final result : user3 is receiving the email encrypted with user2's rsa key !
Problem : how to force Dovecot to deinit then reinit mail-filter plugin
for each user to be sure that each email is encrypted with the right key
before it is saved to users' mailboxes ?
If your observation are true, you cannot. I sligthly remember a discussion
about a plugin, that changes the message content. Timo answered that with
"that is not supported". Also, see:
http://wiki2.dovecot.org/Plugins/MailFilter
"(TODO: Modifying the mail during writing would be possible with some code
changes.) " in first paragraph.
Encrypting the message is "to modify the mail" IMHO.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBU5BdM3z1H7kL/d9rAQJk9ggAotNs87I4IbLwWQEcX9Rt3NGmwxzDfcMF
B5z9/O2C/xv3Kp4FVS5rGg1j1g4fQKVyhDvSaJ3ClrN5M1OyFRa8bqvM2sQ8ID88
TcU6HVDvE4SjL85rpUogvOJhkrhIjpd2Kj+X3AcuxdOAerXg5cK9b5ATH1FeS2RT
vyrWLcDXZuaZS36aCgiCMm0UBT3hAWGZAlJEm5x2Fyi3uIHbyT57rxLTXekhtmOA
hw+oOUXfaTSOGMb4F9XK6dfWz8ss2jdmADL2RYiCzU/5DPoBWdL8nRs2lHRA+e+h
E6lIbHu38NW0fEUGxJmL7LpvMgAIpHL6Mi7P7zHJ9iignJHnSTccIw==
=Yn7c
-----END PGP SIGNATURE-----
