Re: Sieve by the addressee
> On 20 Feb 2021, at 11:02, Shawn Heisey wrote:
>
> On 2/20/2021 8:50 AM, Markus Schönhaber wrote:
>> I consider it a better idea to filter mailing list messages by their
>> List-ID header.
>
> I agree with Markus. It's what I do. This works well:
>
> if header :regex "list-id" "solr-user.lucene.apache.org"
> {
>fileinto "asf.solr-user";
>stop;
> }
if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
set :lower "listname" "${1}";
addheader "X-Listname" "${listname}";
fileinto :create "${listname}";
stop; }
> I do not know if List-ID is common to all mailing list software, but even if
> it's not, there should be something available in the message headers that you
> can use.
It is not universal, but it is nearly so. There are still some old lists
running old software that do not support I, but they are few enough that I no
longer have rules to catch those lists.
--
A bad day using a Mac is better than a good day using Windows
Re: Sieve by the addressee
On 20/02/2021 18:02, Shawn Heisey wrote:
> On 2/20/2021 8:50 AM, Markus Schönhaber wrote:
>> I consider it a better idea to filter mailing list messages by their
>> List-ID header.
>
> I agree with Markus. It's what I do. This works well:
>
> if header :regex "list-id" "solr-user.lucene.apache.org"
> {
> fileinto "asf.solr-user";
> stop;
> }
>
> I do not know if List-ID is common to all mailing list software, but
> even if it's not, there should be something available in the message
> headers that you can use.
It's not, but it's fairly common. A few years ago someone posted a
strategy for procmail that handled almost any kind of mailinglist
software. I've translated that to the following sieve script (which, now
that I look at it, could probably do with a bit of optimisation):
# split out the various list forms
# Apparently, mutt-users has some odd format, so handle it specially.
if exists "list-post" {
if header :regex "list-post" "
> Thanks,
> Shawn
OpenPGP_signature
Description: OpenPGP digital signature
Re: Sieve by the addressee
Hi all!
On 20/02/2021 19:02, Shawn Heisey wrote:
> On 2/20/2021 8:50 AM, Markus Schönhaber wrote:
>> I consider it a better idea to filter mailing list messages by their
>> List-ID header.
>
> I agree with Markus. It's what I do. This works well:
>
> if header :regex "list-id" "solr-user.lucene.apache.org"
I use :contains or :is ...
> {
> fileinto "asf.solr-user";
> stop;
> }
>
> I do not know if List-ID is common to all mailing list software, but
It should be - RFC2919 defines it and at least mailman set's it.
> even if it's not, there should be something available in the message
> headers that you can use.
MfG,
Bernd
--
Bernd Petrovitsch Email : be...@petrovitsch.priv.at
There is NO CLOUD, just other people's computers. - FSFE
LUGA : http://www.luga.at
Re: Sieve by the addressee
On 2/20/2021 8:50 AM, Markus Schönhaber wrote:
I consider it a better idea to filter mailing list messages by their
List-ID header.
I agree with Markus. It's what I do. This works well:
if header :regex "list-id" "solr-user.lucene.apache.org"
{
fileinto "asf.solr-user";
stop;
}
I do not know if List-ID is common to all mailing list software, but
even if it's not, there should be something available in the message
headers that you can use.
Thanks,
Shawn
Re: Sieve by the addressee
20.02.21, 15:44 +0100, m...@shadrinden.ru:
> I have a sieve that is supposed to put all messages addressed to this mailing
> list into a separate folder:
>
> if anyof (address :is "to" "m...@shadrinden.ru",
> address :is "to" "dovecot@dovecot.org") {
> fileinto "mail_list";
> stop;
> }
>
> Generally, it's working, but today I have got two mailing list messages that
> weren't put in that folder, they arrived straight into INBOX. I suppose that
> was because they were replies and were addressed to the person who asked the
> questions, so they had his address in "To:", and only in "Cc:" they had
> dovecot@dovecot.org.
>
> So, am I right that, when filtering messages by the addressee, it's generally
> a good idea to use not just "to", but ["to", "cc', "bcc"] ?
I consider it a better idea to filter mailing list messages by their
List-ID header.
--
Regards
mks
Sieve by the addressee
Hi, everyone!
I have a sieve that is supposed to put all messages addressed to this mailing
list into a separate folder:
if anyof (address :is "to" "m...@shadrinden.ru",
address :is "to" "dovecot@dovecot.org") {
fileinto "mail_list";
stop;
}
Generally, it's working, but today I have got two mailing list messages that
weren't put in that folder, they arrived straight into INBOX. I suppose that
was because they were replies and were addressed to the person who asked the
questions, so they had his address in "To:", and only in "Cc:" they had
dovecot@dovecot.org.
So, am I right that, when filtering messages by the addressee, it's generally a
good idea to use not just "to", but ["to", "cc', "bcc"] ?
--
Respectfully,
Denis Shadrin
Re: mail_crypt_global_private_key: Couldn't parse private key: Unknown/invalid PEM key type
The easier way to get to this same result:
~$ openssl ecparam -genkey -name secp521r1 | openssl pkey -aes-256-cbc -passout
pass:foobar
Deciding whether these parameters are safe is your job, I personally think
secp521r1 is reasonably safe.
Aki
> On 20/02/2021 14:39 Antti Antinoja wrote:
>
>
> https://github.com/dovecot/core/blob/master/src/plugins/mail-crypt/test-mail-global-key.c
> <- This test code has an encrypted private key included.
>
> After decoding this I learned that it looks different than the one we used.
>
> Dovecot test code key:
>
> -BEGIN ENCRYPTED PRIVATE KEY-
> MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAip6qJckQDOqwICCAAw
> HQYJYIZIAWUDBAEqBBAW7OhPTeSLR8LKpf0f6GkvBIGQfNkaJhvs6UeVKdd7cstS
> 1DR5rXMkN7OEmScM9cFY6P5k37gcUIPVnu4+91XeA5156rpiPJrpGdfzkr8O5Qjd
> l1drrdzgHjdq8OefmDu0A324YwnRKxFDLTr9G2LU2HhbezkLcWQp1RHH6l5tQqKp
> 6bwNb2w79xBoMXJ3z1VjpINfOpFrz3ynqYjQxly2+B86
> -END ENCRYPTED PRIVATE KEY-
>
> Our key:
>
> -BEGIN EC PRIVATE KEY-
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-256-CTR,F7C4B1E7041D0A455B1F9E08046DA401
>
> Pta8OAtA3ujv0vSMctiHiTd2j0GSSdzV57QGmUwCMMQp7QoqBHt/dDMEPbPF5lG1
> j0PDu5/FVuTtUlRZS16+NSWiorgkvVHTh3+47tx/uviQwQP/43tEaFpf77SAZlDw
> xB2SjM4Zv1hdSpjxWDGGJFBDv/2/dj9UpTxwkAwuX+QQhRlVzSyr0BAXG9yOq/GT
> ws8Q5GevzvHGh1YyPgpL9jtbizGIa4US0f7hEfGGHfJ/3RIdz0xeihv8Ga0huj48
> dS/QScE7Bv+Ymzzcg2dlvY96G5xRIOwB8ADwR/lwbw==
> -END EC PRIVATE KEY-
>
> Compared these two keys to the examples at:
>
> * https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
>
> ... and learned that mine was in encrypted 'EC specific' format whereas the
> test key was in encrypted 'PKCS8' format.
>
> The solution was to convert our private key to pkcs8 format:
>
> cat private_key_encrypted.pem | base64 -d | \
> openssl pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 | \
> base64 -w0 > private_key_encrypted_pkcs8.pem
>
> Do you think these parameters are safe?
>
> Cheers,
> Antti
>
> On Sat, 20 Feb 2021 12:38:00 +0200
> Aki Tuomi wrote:
>
> > Can you tell us what you did differently?
> >
> > Aki
> >
> > On 20 February 2021 11.33.15 EET, Antti Antinoja wrote:
> > >Got it! My private test key was in wrong format.
> > >
> > >Cheers,
> > >Antti
> > >
> > >On Sat, 20 Feb 2021 14:15:07 +0800
> > >Antti Antinoja wrote:
> > >
> > >> Version: Dovecot 2.3.13 (89f716dc2)
> > >>
> > >> Issue: Dovecot states it can't parse the private key
> > >>
> > >> = Background =
> > >>
> > >> == Creating private EC key ==
> > >>
> > >> * Curve: secp521r1
> > >> * Encryption: aes-256-ctr
> > >> * Format: pkey
> > >> * Enacapsulation: Base64
> > >>
> > >> # openssl ecparam -name secp521r1 -genkey | openssl pkey |\
> > >> openssl ec -aes-256-ctr | base64 -w0 >
> > >test_keys_remove/private_key_encrypted.pem
> > >>
> > >> == Extract public key ==
> > >>
> > >> # cat test_keys_remove/private_key_encrypted.pem | base64 -d |\
> > >> openssl ec -pubout | base64 -w0 > test_keys_remove/public_key.pem
> > >>
> > >> == Checking keys ==
> > >>
> > >> * 592 Feb 20 07:27 private_key_encrypted.pem:
> > >>
> > >LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
> > >>
> > >> * 360 Feb 20 07:28 public_key.pem:
> > >>
> > >LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SExUTWFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==
> > >>
> > >> == Notes ==
> > >>
> > >> * The keys are then saved in database and fetched to userdb by
> > >Dovecot via passdb lookup (Details in the logs)
> > >> * mail-crypt settings:
> > >>
> > >> mail_plugins = $mail_plugins mail_crypt
> > >> plugin {
> > >> mail_crypt_curve = secp521r1
> > >> mail_crypt_save_version = 0
> > >> }
> > >>
> > >> * Note: User record on database has mail_crypt_save_version = 2 as
> > >can be seen from the log extract below.
> > >>
> > >> = Dovecot log on client IMAP message retrieval =
> > >>
> > >> Feb 20 07:45:01 pf1 dovecot[19612]: auth: Debug:
> > >sql(te...@g1.fi,x.x.x.x,): Performing passdb lookup
> > >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
> > >sql(te...@g1.fi,x.x.x.x,): Finished passdb lookup
> > >> Feb 20 07:45:02 pf1 dovecot[19612]: auth:
Re: mail_crypt_global_private_key: Couldn't parse private key: Unknown/invalid PEM key type
https://github.com/dovecot/core/blob/master/src/plugins/mail-crypt/test-mail-global-key.c
<- This test code has an encrypted private key included.
After decoding this I learned that it looks different than the one we used.
Dovecot test code key:
-BEGIN ENCRYPTED PRIVATE KEY-
MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAip6qJckQDOqwICCAAw
HQYJYIZIAWUDBAEqBBAW7OhPTeSLR8LKpf0f6GkvBIGQfNkaJhvs6UeVKdd7cstS
1DR5rXMkN7OEmScM9cFY6P5k37gcUIPVnu4+91XeA5156rpiPJrpGdfzkr8O5Qjd
l1drrdzgHjdq8OefmDu0A324YwnRKxFDLTr9G2LU2HhbezkLcWQp1RHH6l5tQqKp
6bwNb2w79xBoMXJ3z1VjpINfOpFrz3ynqYjQxly2+B86
-END ENCRYPTED PRIVATE KEY-
Our key:
-BEGIN EC PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CTR,F7C4B1E7041D0A455B1F9E08046DA401
Pta8OAtA3ujv0vSMctiHiTd2j0GSSdzV57QGmUwCMMQp7QoqBHt/dDMEPbPF5lG1
j0PDu5/FVuTtUlRZS16+NSWiorgkvVHTh3+47tx/uviQwQP/43tEaFpf77SAZlDw
xB2SjM4Zv1hdSpjxWDGGJFBDv/2/dj9UpTxwkAwuX+QQhRlVzSyr0BAXG9yOq/GT
ws8Q5GevzvHGh1YyPgpL9jtbizGIa4US0f7hEfGGHfJ/3RIdz0xeihv8Ga0huj48
dS/QScE7Bv+Ymzzcg2dlvY96G5xRIOwB8ADwR/lwbw==
-END EC PRIVATE KEY-
Compared these two keys to the examples at:
* https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
... and learned that mine was in encrypted 'EC specific' format whereas the
test key was in encrypted 'PKCS8' format.
The solution was to convert our private key to pkcs8 format:
cat private_key_encrypted.pem | base64 -d | \
openssl pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 | \
base64 -w0 > private_key_encrypted_pkcs8.pem
Do you think these parameters are safe?
Cheers,
Antti
On Sat, 20 Feb 2021 12:38:00 +0200
Aki Tuomi wrote:
> Can you tell us what you did differently?
>
> Aki
>
> On 20 February 2021 11.33.15 EET, Antti Antinoja wrote:
> >Got it! My private test key was in wrong format.
> >
> >Cheers,
> >Antti
> >
> >On Sat, 20 Feb 2021 14:15:07 +0800
> >Antti Antinoja wrote:
> >
> >> Version: Dovecot 2.3.13 (89f716dc2)
> >>
> >> Issue: Dovecot states it can't parse the private key
> >>
> >> = Background =
> >>
> >> == Creating private EC key ==
> >>
> >> * Curve: secp521r1
> >> * Encryption: aes-256-ctr
> >> * Format: pkey
> >> * Enacapsulation: Base64
> >>
> >> # openssl ecparam -name secp521r1 -genkey | openssl pkey |\
> >> openssl ec -aes-256-ctr | base64 -w0 >
> >test_keys_remove/private_key_encrypted.pem
> >>
> >> == Extract public key ==
> >>
> >> # cat test_keys_remove/private_key_encrypted.pem | base64 -d |\
> >> openssl ec -pubout | base64 -w0 > test_keys_remove/public_key.pem
> >>
> >> == Checking keys ==
> >>
> >> * 592 Feb 20 07:27 private_key_encrypted.pem:
> >>
> >LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
> >>
> >> * 360 Feb 20 07:28 public_key.pem:
> >>
> >LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SExUTWFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==
> >>
> >> == Notes ==
> >>
> >> * The keys are then saved in database and fetched to userdb by
> >Dovecot via passdb lookup (Details in the logs)
> >> * mail-crypt settings:
> >>
> >> mail_plugins = $mail_plugins mail_crypt
> >> plugin {
> >> mail_crypt_curve = secp521r1
> >> mail_crypt_save_version = 0
> >> }
> >>
> >> * Note: User record on database has mail_crypt_save_version = 2 as
> >can be seen from the log extract below.
> >>
> >> = Dovecot log on client IMAP message retrieval =
> >>
> >> Feb 20 07:45:01 pf1 dovecot[19612]: auth: Debug:
> >sql(te...@g1.fi,x.x.x.x,): Performing passdb lookup
> >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
> >sql(te...@g1.fi,x.x.x.x,): Finished passdb lookup
> >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
> >auth(te...@g1.fi,x.x.x.x,): Auth request finished
> >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: client passdb out:
> >OK 1 user=te...@g1.fi
> >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
> >sql(te...@g1.fi,x.x.x.x,): Performing userdb lookup
> >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
> >sql(te...@g1.fi,x.x.x.x,): Finished userdb lookup
> >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: master userdb out:
> >USER1609957377 te...@g1.fi
>
Re: mail_crypt_global_private_key: Couldn't parse private key: Unknown/invalid PEM key type
Can you tell us what you did differently?
Aki
On 20 February 2021 11.33.15 EET, Antti Antinoja wrote:
>Got it! My private test key was in wrong format.
>
>Cheers,
>Antti
>
>On Sat, 20 Feb 2021 14:15:07 +0800
>Antti Antinoja wrote:
>
>> Version: Dovecot 2.3.13 (89f716dc2)
>>
>> Issue: Dovecot states it can't parse the private key
>>
>> = Background =
>>
>> == Creating private EC key ==
>>
>> * Curve: secp521r1
>> * Encryption: aes-256-ctr
>> * Format: pkey
>> * Enacapsulation: Base64
>>
>> # openssl ecparam -name secp521r1 -genkey | openssl pkey |\
>> openssl ec -aes-256-ctr | base64 -w0 >
>test_keys_remove/private_key_encrypted.pem
>>
>> == Extract public key ==
>>
>> # cat test_keys_remove/private_key_encrypted.pem | base64 -d |\
>> openssl ec -pubout | base64 -w0 > test_keys_remove/public_key.pem
>>
>> == Checking keys ==
>>
>> * 592 Feb 20 07:27 private_key_encrypted.pem:
>>
>LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
>>
>> * 360 Feb 20 07:28 public_key.pem:
>>
>LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SExUTWFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==
>>
>> == Notes ==
>>
>> * The keys are then saved in database and fetched to userdb by
>Dovecot via passdb lookup (Details in the logs)
>> * mail-crypt settings:
>>
>> mail_plugins = $mail_plugins mail_crypt
>> plugin {
>> mail_crypt_curve = secp521r1
>> mail_crypt_save_version = 0
>> }
>>
>> * Note: User record on database has mail_crypt_save_version = 2 as
>can be seen from the log extract below.
>>
>> = Dovecot log on client IMAP message retrieval =
>>
>> Feb 20 07:45:01 pf1 dovecot[19612]: auth: Debug:
>sql(te...@g1.fi,x.x.x.x,): Performing passdb lookup
>> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
>sql(te...@g1.fi,x.x.x.x,): Finished passdb lookup
>> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
>auth(te...@g1.fi,x.x.x.x,): Auth request finished
>> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: client passdb out:
>OK 1 user=te...@g1.fi
>> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
>sql(te...@g1.fi,x.x.x.x,): Performing userdb lookup
>> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
>sql(te...@g1.fi,x.x.x.x,): Finished userdb lookup
>> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: master userdb out:
>USER1609957377 te...@g1.fi
>mail_crypt_global_private_password=key_pass_we_know_this_is_correct
>mail_crypt_global_private_key=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
>mail_crypt_global_public_key=LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SEx
> UT
>>
>WFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==
>mail_crypt_save_version=2 quota_rule=*:bytes=0
>home=/var/vmail/g1.fi/test1 uid=1 gid=1
>auth_mech=PLAIN auth_token=66d2d0f66bcce2758235fb53dbfe821804c6e79c
>> Feb 20 07:45:02 pf1 dovecot[19612]: imap-login: Login:
>user=, method=PLAIN, rip=x.x.x.x, lip=y.y,y,y, mpid=19618,
>TLS, session=
>> Feb 20 07:45:02 pf1 dovecot[19612]:
>imap(te...@g1.fi)<19618>: Debug: Added userdb
>setting:
Re: mail_crypt_global_private_key: Couldn't parse private key: Unknown/invalid PEM key type
Got it! My private test key was in wrong format.
Cheers,
Antti
On Sat, 20 Feb 2021 14:15:07 +0800
Antti Antinoja wrote:
> Version: Dovecot 2.3.13 (89f716dc2)
>
> Issue: Dovecot states it can't parse the private key
>
> = Background =
>
> == Creating private EC key ==
>
> * Curve: secp521r1
> * Encryption: aes-256-ctr
> * Format: pkey
> * Enacapsulation: Base64
>
> # openssl ecparam -name secp521r1 -genkey | openssl pkey |\
> openssl ec -aes-256-ctr | base64 -w0 >
> test_keys_remove/private_key_encrypted.pem
>
> == Extract public key ==
>
> # cat test_keys_remove/private_key_encrypted.pem | base64 -d |\
> openssl ec -pubout | base64 -w0 > test_keys_remove/public_key.pem
>
> == Checking keys ==
>
> * 592 Feb 20 07:27 private_key_encrypted.pem:
> LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
>
> * 360 Feb 20 07:28 public_key.pem:
> LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SExUTWFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==
>
> == Notes ==
>
> * The keys are then saved in database and fetched to userdb by Dovecot via
> passdb lookup (Details in the logs)
> * mail-crypt settings:
>
> mail_plugins = $mail_plugins mail_crypt
> plugin {
> mail_crypt_curve = secp521r1
> mail_crypt_save_version = 0
> }
>
> * Note: User record on database has mail_crypt_save_version = 2 as can be
> seen from the log extract below.
>
> = Dovecot log on client IMAP message retrieval =
>
> Feb 20 07:45:01 pf1 dovecot[19612]: auth: Debug:
> sql(te...@g1.fi,x.x.x.x,): Performing passdb lookup
> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
> sql(te...@g1.fi,x.x.x.x,): Finished passdb lookup
> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
> auth(te...@g1.fi,x.x.x.x,): Auth request finished
> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: client passdb out: OK 1
> user=te...@g1.fi
> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
> sql(te...@g1.fi,x.x.x.x,): Performing userdb lookup
> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug:
> sql(te...@g1.fi,x.x.x.x,): Finished userdb lookup
> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: master userdb out: USER
> 1609957377 te...@g1.fi
> mail_crypt_global_private_password=key_pass_we_know_this_is_correct
> mail_crypt_global_private_key=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
>
> mail_crypt_global_public_key=LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SEx
UT
>
> WFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==
>mail_crypt_save_version=2 quota_rule=*:bytes=0
> home=/var/vmail/g1.fi/test1 uid=1 gid=1
> auth_mech=PLAIN auth_token=66d2d0f66bcce2758235fb53dbfe821804c6e79c
> Feb 20 07:45:02 pf1 dovecot[19612]: imap-login: Login: user=,
> method=PLAIN, rip=x.x.x.x, lip=y.y,y,y, mpid=19618, TLS,
> session=
> Feb 20 07:45:02 pf1 dovecot[19612]:
> imap(te...@g1.fi)<19618>: Debug: Added userdb setting:
>
