Re: Mail-crypt won't encrypt emails
Please provide doveconf -n Also set mail_debug=yes and provide logs. Remember that dovecot can only encrypt mails if you are using LMTP or dovecot-lda to deliver mails. Aki On 01/12/2019 23:10 Serveria Support via dovecot wrote: Hi, (Reposting as my previous post got zero replies.) We're running Dovecot 2.2.36 and we need to set up the mail-crypt plugin to encrypt all incoming and outgoing emails. Outgoing emails seem to get encrypted fine but the incoming ones don't. We tried everything including this config: mail_attribute_dict = file:%h/Maildir/dovecot-attributesmail_plugins = $mail_plugins mail_cryptplugin {mail_crypt_global_private_key = mail_crypt_global_public_key = mail_crypt_save_version = 2 } also this one: plugin { mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 } but to no avail. There are no visible errors, Dovecot restarts fine and outgoing emails get encrypted. Any ideas? -- Kind Regards, Support TeamSERVERIA.COMRiga, LV-1063, LatviaUS: +1 (213) 224-7938LV: + (371) 22330032 Skype: bighostlvsupp...@serveria.comwww.serveria.com --- Aki Tuomi
Re: Mail-crypt won't encrypt emails
The plugin encrypts mail to be written encrypted at rest /on/ the server, and then decrypts the same mail when it is read /off/ the server. If it is working correctly mails sent will arrive at their destination readable. You need to go to the user directory where the mail is residing (example): /mail/vhosts//username/cur (wherever your user mail resides) Choose any mail (example... '1546546546546.Mdffgdfg535435.domain,S=4355435W=4r34534:3,S' ) will look something like that (I have obfuscated the actual example but it will look similar). Now try and view it on the server using > postcat '1546546546546.Mdffgdfg535435.domain,S=4355435W=4r34534:3,S' 1. If you get an error that looks something like: *** ENVELOPE RECORDS '1546546546546.Mdffgdfg535435.domain,S=4355435W=4r34534:3,S' *** message_size: YPTED postcat: fatal: invalid size record: YPTED??? OR 2. Alternatively you can try and > cat the message like a text file and at the start of the output you will see the string: CRYPTED Then you will know the plugin is working. If it shows the message in plaintext, the plugin is not active. -- Sent from: http://dovecot.2317879.n4.nabble.com/
Mail-crypt won't encrypt emails
Hi, (Reposting as my previous post got zero replies.) We're running Dovecot 2.2.36 and we need to set up the mail-crypt plugin to encrypt all incoming and outgoing emails. Outgoing emails seem to get encrypted fine but the incoming ones don't. We tried everything including this config: mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_global_private_key =
Fast searching from android device with Dovecot/Maildir
Hello, I am using dovecot as an imap server, mail is stored in mail directories. Configuration is below. One mail directory has about 14 Gb of mail in the inbox and .Sent directories. Searching from an Android phone with gmail is slow or doesn't work (it times out). Is there a configuration for Dovecot that can improve this? A better e-mail client for Android? Thanks, John root@giraffe:~# dovecot --version 2.2.27 (c0f36b0) root@giraffe:~# doveconf -an # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-11-amd64 x86_64 Debian 9.11 ... mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } ... protocols = " imap" ...
RE: Cert for ip range?
How can I bind the managesieve to the internal use network/interface? service managesieve-login { inet_listener sieve { address = 192.168.10.0/24 port = 4190 } -Original Message- From: Mark Moseley via dovecot [mailto:dovecot@dovecot.org] Sent: woensdag 27 november 2019 22:06 To: Aki Tuomi Cc: Mark Moseley via dovecot Subject: Re: Cert for ip range? On Wed, Nov 27, 2019 at 11:31 AM Aki Tuomi wrote: > On 27/11/2019 21:28 Mark Moseley via dovecot wrote: > > > On Tue, Nov 26, 2019 at 11:22 PM Aki Tuomi via dovecot wrote: > > > > On 21.11.2019 23.57, Marc Roos via dovecot wrote: > > > Is it possible to configure a network for a cert instead of an ip? > > > > > > Something like this: > > > > > > local 192.0.2.0 { > > > ssl_cert = > > ssl_key = > > } > > > > > > Or > > > > > > local 192.0.2.0/24 (http://192.0.2.0/24) { > > > ssl_cert = > > ssl_key = > > } > > > > > > https://wiki.dovecot.org/SSL/DovecotConfiguration > > > > > > > > > > > > > Local part supports that. > > > > Aki > > > On the same topic (though I can start a new thread if preferable), it doesn't appear that you can use wildcards/patterns in the 'local' name, unless I'm missing something--which is quite likely. > > If it's not possible currently, can I suggest adding that as a feature? That is, instead of having to list out all the various SNI hostnames that a cert should be used for (e.g. "local pop3.example.com (http://pop3.example.com) imap.example.com (http://imap.example.com) pops.example.com (http://pops.example.com) pop.example.com (http://pop.example.com) {" -- and on and on), it'd be handy to be able to just say "local *.example.com (http://example.com) {" and call it a day. I imagine there'd be a bit of a slowdown, since you'd have to loop through patterns on each connection (instead of what I assume is a hash lookup), esp for people with significant amounts of 'local's. > Actually that is supported, but you need to use v2.2.35 or later. Ha, it literally *never* fails (that there's some option I've overlooked 10 times, before asking on the list) 'local' vs 'local_name'. Never noticed the difference before in the docs. Might be worth adding a blurb in https://wiki.dovecot.org/SSL/DovecotConfiguration that 'local_name' takes '*'-style wildcard (at least in the beginning of the hostname). I'll resume my embarrassed silence now. :)
RE: Error: proxy: Remote returned invalid banner: 220
I started over and ended up adding this homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid to the pass_attrs ldap entry. Now the proxy seems to work. pass_attrs = uid=user,userPassword=password,host=host,homeDirectory=userdb_home,uidNu mber=userdb_uid,gidNumber=userdb_gid -Original Message- From: Stephan Bosch [mailto:step...@rename-it.nl] Sent: zondag 1 december 2019 16:30 To: Marc Roos; dovecot Subject: Re: Error: proxy: Remote returned invalid banner: 220 On 29/11/2019 19:01, Marc Roos via dovecot wrote: > I had a working proxy setup added sieve to it, and out of the blue I > get this > > Error: proxy: Remote returned invalid banner: 220 > > No idea what to do, nothing even in the mail list archive Looks a lot like you're mixing up protocols, but I need your configuration to confirm (output from `dovecot -n`). Regards, Stephan.
Re: Error: proxy: Remote returned invalid banner: 220
On 29/11/2019 19:01, Marc Roos via dovecot wrote: I had a working proxy setup added sieve to it, and out of the blue I get this Error: proxy: Remote returned invalid banner: 220 No idea what to do, nothing even in the mail list archive Looks a lot like you're mixing up protocols, but I need your configuration to confirm (output from `dovecot -n`). Regards, Stephan.