Re: Mail-crypt won't encrypt emails
Please provide doveconf -n
Also set mail_debug=yes and provide logs.
Remember that dovecot can only encrypt mails if you are using LMTP or dovecot-lda to deliver mails.
Aki
On 01/12/2019 23:10 Serveria Support via dovecot wrote:
Hi,
(Reposting as my previous post got zero replies.)
We're running Dovecot 2.2.36 and we need to set up the mail-crypt plugin to encrypt all incoming and outgoing emails. Outgoing emails seem to get encrypted fine but the incoming ones don't. We tried everything including this config:
mail_attribute_dict = file:%h/Maildir/dovecot-attributesmail_plugins = $mail_plugins mail_cryptplugin {mail_crypt_global_private_key = mail_crypt_global_public_key = mail_crypt_save_version = 2
}
also this one:
plugin {
mail_crypt_curve = prime256v1
mail_crypt_save_version = 2
}
but to no avail. There are no visible errors, Dovecot restarts fine and outgoing emails get encrypted. Any ideas?
--
Kind Regards,
Support TeamSERVERIA.COMRiga, LV-1063, LatviaUS: +1 (213) 224-7938LV: + (371) 22330032
Skype: bighostlvsupp...@serveria.comwww.serveria.com
---
Aki Tuomi
Re: Mail-crypt won't encrypt emails
The plugin encrypts mail to be written encrypted at rest /on/ the server, and then decrypts the same mail when it is read /off/ the server. If it is working correctly mails sent will arrive at their destination readable. You need to go to the user directory where the mail is residing (example): /mail/vhosts//username/cur (wherever your user mail resides) Choose any mail (example... '1546546546546.Mdffgdfg535435.domain,S=4355435W=4r34534:3,S' ) will look something like that (I have obfuscated the actual example but it will look similar). Now try and view it on the server using > postcat '1546546546546.Mdffgdfg535435.domain,S=4355435W=4r34534:3,S' 1. If you get an error that looks something like: *** ENVELOPE RECORDS '1546546546546.Mdffgdfg535435.domain,S=4355435W=4r34534:3,S' *** message_size: YPTED postcat: fatal: invalid size record: YPTED??? OR 2. Alternatively you can try and > cat the message like a text file and at the start of the output you will see the string: CRYPTED Then you will know the plugin is working. If it shows the message in plaintext, the plugin is not active. -- Sent from: http://dovecot.2317879.n4.nabble.com/
Mail-crypt won't encrypt emails
Hi,
(Reposting as my previous post got zero replies.)
We're running Dovecot 2.2.36 and we need to set up the mail-crypt plugin
to encrypt all incoming and outgoing emails. Outgoing emails seem to get
encrypted fine but the incoming ones don't. We tried everything
including this config:
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt
plugin {
mail_crypt_global_private_key =
Fast searching from android device with Dovecot/Maildir
Hello,
I am using dovecot as an imap server, mail is stored in mail directories.
Configuration is below.
One mail directory has about 14 Gb of mail in the inbox and .Sent
directories.
Searching from an Android phone with gmail is slow or doesn't work (it
times out).
Is there a configuration for Dovecot that can improve this? A better
e-mail client
for Android?
Thanks,
John
root@giraffe:~# dovecot --version
2.2.27 (c0f36b0)
root@giraffe:~# doveconf -an
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-11-amd64 x86_64 Debian 9.11
...
mail_location = maildir:~/Maildir
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
...
protocols = " imap"
...
RE: Cert for ip range?
How can I bind the managesieve to the internal use network/interface?
service managesieve-login {
inet_listener sieve {
address = 192.168.10.0/24
port = 4190
}
-Original Message-
From: Mark Moseley via dovecot [mailto:dovecot@dovecot.org]
Sent: woensdag 27 november 2019 22:06
To: Aki Tuomi
Cc: Mark Moseley via dovecot
Subject: Re: Cert for ip range?
On Wed, Nov 27, 2019 at 11:31 AM Aki Tuomi
wrote:
> On 27/11/2019 21:28 Mark Moseley via dovecot
wrote:
>
>
> On Tue, Nov 26, 2019 at 11:22 PM Aki Tuomi via dovecot
wrote:
> >
> > On 21.11.2019 23.57, Marc Roos via dovecot wrote:
> > > Is it possible to configure a network for a cert instead of
an ip?
> > >
> > > Something like this:
> > >
> > > local 192.0.2.0 {
> > > ssl_cert = > > ssl_key = > > }
> > >
> > > Or
> > >
> > > local 192.0.2.0/24 (http://192.0.2.0/24) {
> > > ssl_cert = > > ssl_key = > > }
> > >
> > > https://wiki.dovecot.org/SSL/DovecotConfiguration
> > >
> > >
> > >
> >
> > Local part supports that.
> >
> > Aki
>
>
> On the same topic (though I can start a new thread if
preferable), it doesn't appear that you can use wildcards/patterns in
the 'local' name, unless I'm missing something--which is quite likely.
>
> If it's not possible currently, can I suggest adding that as a
feature? That is, instead of having to list out all the various SNI
hostnames that a cert should be used for (e.g. "local pop3.example.com
(http://pop3.example.com) imap.example.com (http://imap.example.com)
pops.example.com (http://pops.example.com) pop.example.com
(http://pop.example.com) {" -- and on and on), it'd be handy to be
able to just say "local *.example.com (http://example.com) {" and call
it a day. I imagine there'd be a bit of a slowdown, since you'd have to
loop through patterns on each connection (instead of what I assume is a
hash lookup), esp for people with significant amounts of 'local's.
>
Actually that is supported, but you need to use v2.2.35 or later.
Ha, it literally *never* fails (that there's some option I've overlooked
10 times, before asking on the list)
'local' vs 'local_name'. Never noticed the difference before in the
docs. Might be worth adding a blurb in
https://wiki.dovecot.org/SSL/DovecotConfiguration that 'local_name'
takes '*'-style wildcard (at least in the beginning of the hostname).
I'll resume my embarrassed silence now. :)
RE: Error: proxy: Remote returned invalid banner: 220
I started over and ended up adding this homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid to the pass_attrs ldap entry. Now the proxy seems to work. pass_attrs = uid=user,userPassword=password,host=host,homeDirectory=userdb_home,uidNu mber=userdb_uid,gidNumber=userdb_gid -Original Message- From: Stephan Bosch [mailto:step...@rename-it.nl] Sent: zondag 1 december 2019 16:30 To: Marc Roos; dovecot Subject: Re: Error: proxy: Remote returned invalid banner: 220 On 29/11/2019 19:01, Marc Roos via dovecot wrote: > I had a working proxy setup added sieve to it, and out of the blue I > get this > > Error: proxy: Remote returned invalid banner: 220 > > No idea what to do, nothing even in the mail list archive Looks a lot like you're mixing up protocols, but I need your configuration to confirm (output from `dovecot -n`). Regards, Stephan.
Re: Error: proxy: Remote returned invalid banner: 220
On 29/11/2019 19:01, Marc Roos via dovecot wrote: I had a working proxy setup added sieve to it, and out of the blue I get this Error: proxy: Remote returned invalid banner: 220 No idea what to do, nothing even in the mail list archive Looks a lot like you're mixing up protocols, but I need your configuration to confirm (output from `dovecot -n`). Regards, Stephan.
