[Sorry I just hit reply there was no list reply-to]
Bingo! I missed that part. I thought it was done when it moved from new to
cur (or other folders) Will get to work with the exim->Dovecot-lda tomorrow.
Thanks so much.
-Original Message-
From: Aki Tuomi via dovecot [mailto:dovecot@dovecot.org]
Sent: Thursday, June 15, 2023 11:04 AM
To: Rick Cooper; Rick Cooper via dovecot
Subject: RE: Cannot get mail-crypt plugin to work
This email came from an external source. Do NOT click ANY links
or open ANY attachments unless you know for CERTAIN who the source is.
Don't trust the name.
(Bob Thomas Dealerships I.T. Department)
=
> On 15/06/2023 17:14 EEST Rick Cooper via dovecot
wrote:
>
>
> -Original Message-
> From: Aki Tuomi [mailto:aki.tu...@open-xchange.com]
> Sent: Thursday, June 15, 2023 10:02 AM
> To: rcoo...@dwford.com; rcooper--- via dovecot
> Subject: Re: Cannot get mail-crypt plugin to work
>
>
> > On 15/06/2023 15:32 EEST rcooper--- via dovecot
> wrote:
> >
> >
> > dovecot 2.2.27 and then 2.2.36 (tried both)
> > Trying to enable mail-crypt in global key mode. Nothing is ever
encrypted,
> even when I move mail from folder to folder.
> > I have tried everything available to find here, google, etc and I assume
I
> am missing something fundamental.
> > Debug log shows the plugin loading
> > Jun 15 08:26:00 srv2 dovecot: POP3(rick): Debug: Loading modules from
> directory: /usr/lib/dovecot
> > Jun 15 08:26:00 srv2 dovecot: POP3(rick): Debug: Module loaded:
> /usr/lib/dovecot/lib10_mail_crypt_plugin.so
> > Jun 15 08:26:00 srv2 dovecot: POP3(rick): Debug: mail_crypt_plugin:
> mail_crypt_curve setting missing - generating EC keys disabled (I assume
> because global not per user)
> >
> > my 10-mailcrypt.conf in .conf.d
> > mail_plugins = $mail_plugins mail_crypt
> >
> > plugin {
> > mail_crypt_global_private_key = > mail_crypt_global_public_key = > mail_crypt_save_version = 2
> > }
> >
> >
> > I have also tried base64 encoded .pem files inline. I have also added
the
> mail_plugins line to my protocol definitions to no avail and when I do
that
> dovecot -n shows the lines as mail_plugins = " mail_crypt mail_crypt" so I
> assume it's a mistake to add mail_plugins = $mail_plugins mail_crypt to
the
> protocol sections. Some online tutorials say must do this and others do
not
> mention it at all.
> >
> > Just looking for some guidance as to where to go next.
>
>
> Hi!
>
> Mail crypt plugin does not encrypt anything for you, only new or migrated
> emails are encrypted. If you want to encrypt your mailbox, you need to use
> doveadm sync/backup to migrate your mailbox.
>
> Aki
>
> I understand that, however it does state new mail should be encrypted and
if
> I send an email from another email account to the account that is on a
> testing server with the mail-crypt plug-in active that email is not
> encrypted. It was also my understanding that best practice is to get the
> plug-in functioning with new mail before running through the process of
> encrypting old mail. I would assume that, at a min, when dovecot moves an
> email from new to cur it would be encrypted or when I move an email from
> Inbox to a sub folder and back it would be encrypted. The need her is to
> have email encrypted at rest in compliance with FTC safeguard rules. So is
> am I reading incorrectly that dovecot encrypts new emails automatically?
Well, when you move mails from new to cur, they are actually hardlinked
(like mv does), not copied. Also same tends to happen when you move mails
between folders.
The best way to test it, is to deliver mail to dovecot. But this has to be
happen using dovecot lmtp or dovecot-lda, if you deliver with postfix
directly to maildir, dovecot has no way to encrypt your mail.
If you want to encrypt existing mail, I recommend you use doveadm
sync/backup to do this.
Aki
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org