Re: Sieve by the addressee
> On 20 Feb 2021, at 11:02, Shawn Heisey wrote: > > On 2/20/2021 8:50 AM, Markus Schönhaber wrote: >> I consider it a better idea to filter mailing list messages by their >> List-ID header. > > I agree with Markus. It's what I do. This works well: > > if header :regex "list-id" "solr-user.lucene.apache.org" > { >fileinto "asf.solr-user"; >stop; > } if header :regex "list-id" "<([a-z_0-9-]+)[.@]" { set :lower "listname" "${1}"; addheader "X-Listname" "${listname}"; fileinto :create "${listname}"; stop; } > I do not know if List-ID is common to all mailing list software, but even if > it's not, there should be something available in the message headers that you > can use. It is not universal, but it is nearly so. There are still some old lists running old software that do not support I, but they are few enough that I no longer have rules to catch those lists. -- A bad day using a Mac is better than a good day using Windows
Re: Sieve by the addressee
On 20/02/2021 18:02, Shawn Heisey wrote: > On 2/20/2021 8:50 AM, Markus Schönhaber wrote: >> I consider it a better idea to filter mailing list messages by their >> List-ID header. > > I agree with Markus. It's what I do. This works well: > > if header :regex "list-id" "solr-user.lucene.apache.org" > { > fileinto "asf.solr-user"; > stop; > } > > I do not know if List-ID is common to all mailing list software, but > even if it's not, there should be something available in the message > headers that you can use. It's not, but it's fairly common. A few years ago someone posted a strategy for procmail that handled almost any kind of mailinglist software. I've translated that to the following sieve script (which, now that I look at it, could probably do with a bit of optimisation): # split out the various list forms # Apparently, mutt-users has some odd format, so handle it specially. if exists "list-post" { if header :regex "list-post" " > Thanks, > Shawn OpenPGP_signature Description: OpenPGP digital signature
Re: Sieve by the addressee
Hi all! On 20/02/2021 19:02, Shawn Heisey wrote: > On 2/20/2021 8:50 AM, Markus Schönhaber wrote: >> I consider it a better idea to filter mailing list messages by their >> List-ID header. > > I agree with Markus. It's what I do. This works well: > > if header :regex "list-id" "solr-user.lucene.apache.org" I use :contains or :is ... > { > fileinto "asf.solr-user"; > stop; > } > > I do not know if List-ID is common to all mailing list software, but It should be - RFC2919 defines it and at least mailman set's it. > even if it's not, there should be something available in the message > headers that you can use. MfG, Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at There is NO CLOUD, just other people's computers. - FSFE LUGA : http://www.luga.at
Re: Sieve by the addressee
On 2/20/2021 8:50 AM, Markus Schönhaber wrote: I consider it a better idea to filter mailing list messages by their List-ID header. I agree with Markus. It's what I do. This works well: if header :regex "list-id" "solr-user.lucene.apache.org" { fileinto "asf.solr-user"; stop; } I do not know if List-ID is common to all mailing list software, but even if it's not, there should be something available in the message headers that you can use. Thanks, Shawn
Re: Sieve by the addressee
20.02.21, 15:44 +0100, m...@shadrinden.ru: > I have a sieve that is supposed to put all messages addressed to this mailing > list into a separate folder: > > if anyof (address :is "to" "m...@shadrinden.ru", > address :is "to" "dovecot@dovecot.org") { > fileinto "mail_list"; > stop; > } > > Generally, it's working, but today I have got two mailing list messages that > weren't put in that folder, they arrived straight into INBOX. I suppose that > was because they were replies and were addressed to the person who asked the > questions, so they had his address in "To:", and only in "Cc:" they had > dovecot@dovecot.org. > > So, am I right that, when filtering messages by the addressee, it's generally > a good idea to use not just "to", but ["to", "cc', "bcc"] ? I consider it a better idea to filter mailing list messages by their List-ID header. -- Regards mks
Sieve by the addressee
Hi, everyone! I have a sieve that is supposed to put all messages addressed to this mailing list into a separate folder: if anyof (address :is "to" "m...@shadrinden.ru", address :is "to" "dovecot@dovecot.org") { fileinto "mail_list"; stop; } Generally, it's working, but today I have got two mailing list messages that weren't put in that folder, they arrived straight into INBOX. I suppose that was because they were replies and were addressed to the person who asked the questions, so they had his address in "To:", and only in "Cc:" they had dovecot@dovecot.org. So, am I right that, when filtering messages by the addressee, it's generally a good idea to use not just "to", but ["to", "cc', "bcc"] ? -- Respectfully, Denis Shadrin
Re: mail_crypt_global_private_key: Couldn't parse private key: Unknown/invalid PEM key type
The easier way to get to this same result: ~$ openssl ecparam -genkey -name secp521r1 | openssl pkey -aes-256-cbc -passout pass:foobar Deciding whether these parameters are safe is your job, I personally think secp521r1 is reasonably safe. Aki > On 20/02/2021 14:39 Antti Antinoja wrote: > > > https://github.com/dovecot/core/blob/master/src/plugins/mail-crypt/test-mail-global-key.c > <- This test code has an encrypted private key included. > > After decoding this I learned that it looks different than the one we used. > > Dovecot test code key: > > -BEGIN ENCRYPTED PRIVATE KEY- > MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAip6qJckQDOqwICCAAw > HQYJYIZIAWUDBAEqBBAW7OhPTeSLR8LKpf0f6GkvBIGQfNkaJhvs6UeVKdd7cstS > 1DR5rXMkN7OEmScM9cFY6P5k37gcUIPVnu4+91XeA5156rpiPJrpGdfzkr8O5Qjd > l1drrdzgHjdq8OefmDu0A324YwnRKxFDLTr9G2LU2HhbezkLcWQp1RHH6l5tQqKp > 6bwNb2w79xBoMXJ3z1VjpINfOpFrz3ynqYjQxly2+B86 > -END ENCRYPTED PRIVATE KEY- > > Our key: > > -BEGIN EC PRIVATE KEY- > Proc-Type: 4,ENCRYPTED > DEK-Info: AES-256-CTR,F7C4B1E7041D0A455B1F9E08046DA401 > > Pta8OAtA3ujv0vSMctiHiTd2j0GSSdzV57QGmUwCMMQp7QoqBHt/dDMEPbPF5lG1 > j0PDu5/FVuTtUlRZS16+NSWiorgkvVHTh3+47tx/uviQwQP/43tEaFpf77SAZlDw > xB2SjM4Zv1hdSpjxWDGGJFBDv/2/dj9UpTxwkAwuX+QQhRlVzSyr0BAXG9yOq/GT > ws8Q5GevzvHGh1YyPgpL9jtbizGIa4US0f7hEfGGHfJ/3RIdz0xeihv8Ga0huj48 > dS/QScE7Bv+Ymzzcg2dlvY96G5xRIOwB8ADwR/lwbw== > -END EC PRIVATE KEY- > > Compared these two keys to the examples at: > > * https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations > > ... and learned that mine was in encrypted 'EC specific' format whereas the > test key was in encrypted 'PKCS8' format. > > The solution was to convert our private key to pkcs8 format: > > cat private_key_encrypted.pem | base64 -d | \ > openssl pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 | \ > base64 -w0 > private_key_encrypted_pkcs8.pem > > Do you think these parameters are safe? > > Cheers, > Antti > > On Sat, 20 Feb 2021 12:38:00 +0200 > Aki Tuomi wrote: > > > Can you tell us what you did differently? > > > > Aki > > > > On 20 February 2021 11.33.15 EET, Antti Antinoja wrote: > > >Got it! My private test key was in wrong format. > > > > > >Cheers, > > >Antti > > > > > >On Sat, 20 Feb 2021 14:15:07 +0800 > > >Antti Antinoja wrote: > > > > > >> Version: Dovecot 2.3.13 (89f716dc2) > > >> > > >> Issue: Dovecot states it can't parse the private key > > >> > > >> = Background = > > >> > > >> == Creating private EC key == > > >> > > >> * Curve: secp521r1 > > >> * Encryption: aes-256-ctr > > >> * Format: pkey > > >> * Enacapsulation: Base64 > > >> > > >> # openssl ecparam -name secp521r1 -genkey | openssl pkey |\ > > >> openssl ec -aes-256-ctr | base64 -w0 > > > >test_keys_remove/private_key_encrypted.pem > > >> > > >> == Extract public key == > > >> > > >> # cat test_keys_remove/private_key_encrypted.pem | base64 -d |\ > > >> openssl ec -pubout | base64 -w0 > test_keys_remove/public_key.pem > > >> > > >> == Checking keys == > > >> > > >> * 592 Feb 20 07:27 private_key_encrypted.pem: > > >> > > >LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K > > >> > > >> * 360 Feb 20 07:28 public_key.pem: > > >> > > >LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SExUTWFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== > > >> > > >> == Notes == > > >> > > >> * The keys are then saved in database and fetched to userdb by > > >Dovecot via passdb lookup (Details in the logs) > > >> * mail-crypt settings: > > >> > > >> mail_plugins = $mail_plugins mail_crypt > > >> plugin { > > >> mail_crypt_curve = secp521r1 > > >> mail_crypt_save_version = 0 > > >> } > > >> > > >> * Note: User record on database has mail_crypt_save_version = 2 as > > >can be seen from the log extract below. > > >> > > >> = Dovecot log on client IMAP message retrieval = > > >> > > >> Feb 20 07:45:01 pf1 dovecot[19612]: auth: Debug: > > >sql(te...@g1.fi,x.x.x.x,): Performing passdb lookup > > >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: > > >sql(te...@g1.fi,x.x.x.x,): Finished passdb lookup > > >> Feb 20 07:45:02 pf1 dovecot[19612]: auth:
Re: mail_crypt_global_private_key: Couldn't parse private key: Unknown/invalid PEM key type
https://github.com/dovecot/core/blob/master/src/plugins/mail-crypt/test-mail-global-key.c <- This test code has an encrypted private key included. After decoding this I learned that it looks different than the one we used. Dovecot test code key: -BEGIN ENCRYPTED PRIVATE KEY- MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAip6qJckQDOqwICCAAw HQYJYIZIAWUDBAEqBBAW7OhPTeSLR8LKpf0f6GkvBIGQfNkaJhvs6UeVKdd7cstS 1DR5rXMkN7OEmScM9cFY6P5k37gcUIPVnu4+91XeA5156rpiPJrpGdfzkr8O5Qjd l1drrdzgHjdq8OefmDu0A324YwnRKxFDLTr9G2LU2HhbezkLcWQp1RHH6l5tQqKp 6bwNb2w79xBoMXJ3z1VjpINfOpFrz3ynqYjQxly2+B86 -END ENCRYPTED PRIVATE KEY- Our key: -BEGIN EC PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CTR,F7C4B1E7041D0A455B1F9E08046DA401 Pta8OAtA3ujv0vSMctiHiTd2j0GSSdzV57QGmUwCMMQp7QoqBHt/dDMEPbPF5lG1 j0PDu5/FVuTtUlRZS16+NSWiorgkvVHTh3+47tx/uviQwQP/43tEaFpf77SAZlDw xB2SjM4Zv1hdSpjxWDGGJFBDv/2/dj9UpTxwkAwuX+QQhRlVzSyr0BAXG9yOq/GT ws8Q5GevzvHGh1YyPgpL9jtbizGIa4US0f7hEfGGHfJ/3RIdz0xeihv8Ga0huj48 dS/QScE7Bv+Ymzzcg2dlvY96G5xRIOwB8ADwR/lwbw== -END EC PRIVATE KEY- Compared these two keys to the examples at: * https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations ... and learned that mine was in encrypted 'EC specific' format whereas the test key was in encrypted 'PKCS8' format. The solution was to convert our private key to pkcs8 format: cat private_key_encrypted.pem | base64 -d | \ openssl pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 | \ base64 -w0 > private_key_encrypted_pkcs8.pem Do you think these parameters are safe? Cheers, Antti On Sat, 20 Feb 2021 12:38:00 +0200 Aki Tuomi wrote: > Can you tell us what you did differently? > > Aki > > On 20 February 2021 11.33.15 EET, Antti Antinoja wrote: > >Got it! My private test key was in wrong format. > > > >Cheers, > >Antti > > > >On Sat, 20 Feb 2021 14:15:07 +0800 > >Antti Antinoja wrote: > > > >> Version: Dovecot 2.3.13 (89f716dc2) > >> > >> Issue: Dovecot states it can't parse the private key > >> > >> = Background = > >> > >> == Creating private EC key == > >> > >> * Curve: secp521r1 > >> * Encryption: aes-256-ctr > >> * Format: pkey > >> * Enacapsulation: Base64 > >> > >> # openssl ecparam -name secp521r1 -genkey | openssl pkey |\ > >> openssl ec -aes-256-ctr | base64 -w0 > > >test_keys_remove/private_key_encrypted.pem > >> > >> == Extract public key == > >> > >> # cat test_keys_remove/private_key_encrypted.pem | base64 -d |\ > >> openssl ec -pubout | base64 -w0 > test_keys_remove/public_key.pem > >> > >> == Checking keys == > >> > >> * 592 Feb 20 07:27 private_key_encrypted.pem: > >> > >LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K > >> > >> * 360 Feb 20 07:28 public_key.pem: > >> > >LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SExUTWFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== > >> > >> == Notes == > >> > >> * The keys are then saved in database and fetched to userdb by > >Dovecot via passdb lookup (Details in the logs) > >> * mail-crypt settings: > >> > >> mail_plugins = $mail_plugins mail_crypt > >> plugin { > >> mail_crypt_curve = secp521r1 > >> mail_crypt_save_version = 0 > >> } > >> > >> * Note: User record on database has mail_crypt_save_version = 2 as > >can be seen from the log extract below. > >> > >> = Dovecot log on client IMAP message retrieval = > >> > >> Feb 20 07:45:01 pf1 dovecot[19612]: auth: Debug: > >sql(te...@g1.fi,x.x.x.x,): Performing passdb lookup > >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: > >sql(te...@g1.fi,x.x.x.x,): Finished passdb lookup > >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: > >auth(te...@g1.fi,x.x.x.x,): Auth request finished > >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: client passdb out: > >OK 1 user=te...@g1.fi > >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: > >sql(te...@g1.fi,x.x.x.x,): Performing userdb lookup > >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: > >sql(te...@g1.fi,x.x.x.x,): Finished userdb lookup > >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: master userdb out: > >USER1609957377 te...@g1.fi >
Re: mail_crypt_global_private_key: Couldn't parse private key: Unknown/invalid PEM key type
Can you tell us what you did differently? Aki On 20 February 2021 11.33.15 EET, Antti Antinoja wrote: >Got it! My private test key was in wrong format. > >Cheers, >Antti > >On Sat, 20 Feb 2021 14:15:07 +0800 >Antti Antinoja wrote: > >> Version: Dovecot 2.3.13 (89f716dc2) >> >> Issue: Dovecot states it can't parse the private key >> >> = Background = >> >> == Creating private EC key == >> >> * Curve: secp521r1 >> * Encryption: aes-256-ctr >> * Format: pkey >> * Enacapsulation: Base64 >> >> # openssl ecparam -name secp521r1 -genkey | openssl pkey |\ >> openssl ec -aes-256-ctr | base64 -w0 > >test_keys_remove/private_key_encrypted.pem >> >> == Extract public key == >> >> # cat test_keys_remove/private_key_encrypted.pem | base64 -d |\ >> openssl ec -pubout | base64 -w0 > test_keys_remove/public_key.pem >> >> == Checking keys == >> >> * 592 Feb 20 07:27 private_key_encrypted.pem: >> >LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K >> >> * 360 Feb 20 07:28 public_key.pem: >> >LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SExUTWFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== >> >> == Notes == >> >> * The keys are then saved in database and fetched to userdb by >Dovecot via passdb lookup (Details in the logs) >> * mail-crypt settings: >> >> mail_plugins = $mail_plugins mail_crypt >> plugin { >> mail_crypt_curve = secp521r1 >> mail_crypt_save_version = 0 >> } >> >> * Note: User record on database has mail_crypt_save_version = 2 as >can be seen from the log extract below. >> >> = Dovecot log on client IMAP message retrieval = >> >> Feb 20 07:45:01 pf1 dovecot[19612]: auth: Debug: >sql(te...@g1.fi,x.x.x.x,): Performing passdb lookup >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: >sql(te...@g1.fi,x.x.x.x,): Finished passdb lookup >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: >auth(te...@g1.fi,x.x.x.x,): Auth request finished >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: client passdb out: >OK 1 user=te...@g1.fi >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: >sql(te...@g1.fi,x.x.x.x,): Performing userdb lookup >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: >sql(te...@g1.fi,x.x.x.x,): Finished userdb lookup >> Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: master userdb out: >USER1609957377 te...@g1.fi >mail_crypt_global_private_password=key_pass_we_know_this_is_correct >mail_crypt_global_private_key=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K >mail_crypt_global_public_key=LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SEx > UT >> >WFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== >mail_crypt_save_version=2 quota_rule=*:bytes=0 >home=/var/vmail/g1.fi/test1 uid=1 gid=1 >auth_mech=PLAIN auth_token=66d2d0f66bcce2758235fb53dbfe821804c6e79c >> Feb 20 07:45:02 pf1 dovecot[19612]: imap-login: Login: >user=, method=PLAIN, rip=x.x.x.x, lip=y.y,y,y, mpid=19618, >TLS, session= >> Feb 20 07:45:02 pf1 dovecot[19612]: >imap(te...@g1.fi)<19618>: Debug: Added userdb >setting:
Re: mail_crypt_global_private_key: Couldn't parse private key: Unknown/invalid PEM key type
Got it! My private test key was in wrong format. Cheers, Antti On Sat, 20 Feb 2021 14:15:07 +0800 Antti Antinoja wrote: > Version: Dovecot 2.3.13 (89f716dc2) > > Issue: Dovecot states it can't parse the private key > > = Background = > > == Creating private EC key == > > * Curve: secp521r1 > * Encryption: aes-256-ctr > * Format: pkey > * Enacapsulation: Base64 > > # openssl ecparam -name secp521r1 -genkey | openssl pkey |\ > openssl ec -aes-256-ctr | base64 -w0 > > test_keys_remove/private_key_encrypted.pem > > == Extract public key == > > # cat test_keys_remove/private_key_encrypted.pem | base64 -d |\ > openssl ec -pubout | base64 -w0 > test_keys_remove/public_key.pem > > == Checking keys == > > * 592 Feb 20 07:27 private_key_encrypted.pem: > LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K > > * 360 Feb 20 07:28 public_key.pem: > LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SExUTWFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== > > == Notes == > > * The keys are then saved in database and fetched to userdb by Dovecot via > passdb lookup (Details in the logs) > * mail-crypt settings: > > mail_plugins = $mail_plugins mail_crypt > plugin { > mail_crypt_curve = secp521r1 > mail_crypt_save_version = 0 > } > > * Note: User record on database has mail_crypt_save_version = 2 as can be > seen from the log extract below. > > = Dovecot log on client IMAP message retrieval = > > Feb 20 07:45:01 pf1 dovecot[19612]: auth: Debug: > sql(te...@g1.fi,x.x.x.x,): Performing passdb lookup > Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: > sql(te...@g1.fi,x.x.x.x,): Finished passdb lookup > Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: > auth(te...@g1.fi,x.x.x.x,): Auth request finished > Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: client passdb out: OK 1 > user=te...@g1.fi > Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: > sql(te...@g1.fi,x.x.x.x,): Performing userdb lookup > Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: > sql(te...@g1.fi,x.x.x.x,): Finished userdb lookup > Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: master userdb out: USER > 1609957377 te...@g1.fi > mail_crypt_global_private_password=key_pass_we_know_this_is_correct > mail_crypt_global_private_key=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K > > mail_crypt_global_public_key=LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SEx UT > > WFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== >mail_crypt_save_version=2 quota_rule=*:bytes=0 > home=/var/vmail/g1.fi/test1 uid=1 gid=1 > auth_mech=PLAIN auth_token=66d2d0f66bcce2758235fb53dbfe821804c6e79c > Feb 20 07:45:02 pf1 dovecot[19612]: imap-login: Login: user=, > method=PLAIN, rip=x.x.x.x, lip=y.y,y,y, mpid=19618, TLS, > session= > Feb 20 07:45:02 pf1 dovecot[19612]: > imap(te...@g1.fi)<19618>: Debug: Added userdb setting: >