Re: dmarc user can't receive email because of encrypted storage
On 2023-05-05 14:29, efeizbudak--- via dovecot wrote: On 2023-05-05 09:09, Aki Tuomi via dovecot wrote: On 05/05/2023 05:49 EEST efeizbudak--- via dovecot wrote: > try > > doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox > cryptokey generate -U -u dmarc > > maybe it works? > > Aki This gives the same error as the above that starts with doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key Ok, since this is getting too annoying I tested out that doveadm -o plugin/mail_crypt_private_password=foo mailbox cryptokey generate -u dmarc -U at least works for me with that setting. I've made an issue of this, because it's not supposed to work like this. Although it can end up as documentation task. Aki That worked! Thank you!! Sorry, I've missed one important part. After running this command and creating the keys, the emails are now received fine on the account but how can I actually read them? I've tried to log into the account using something like mutt -f imap://dm...@domain.com/Inbox but the login fails I guess because the user has keys but no password to login. How can I decrypt the mail on this account using the generated keys? I've also tried doveadm fetch -u dmarc "text" MAILBOX INBOX UNSEEN which gives me an error about password not being available. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-05 09:09, Aki Tuomi via dovecot wrote: On 05/05/2023 05:49 EEST efeizbudak--- via dovecot wrote: > try > > doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox > cryptokey generate -U -u dmarc > > maybe it works? > > Aki This gives the same error as the above that starts with doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key Ok, since this is getting too annoying I tested out that doveadm -o plugin/mail_crypt_private_password=foo mailbox cryptokey generate -u dmarc -U at least works for me with that setting. I've made an issue of this, because it's not supposed to work like this. Although it can end up as documentation task. Aki That worked! Thank you!! ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-04 21:31, Aki Tuomi via dovecot wrote: On 04/05/2023 21:28 EEST efeizbu...@disroot.org wrote: On 2023-05-04 21:25, Aki Tuomi wrote: >> On 04/05/2023 21:20 EEST efeizbu...@disroot.org wrote: >> >> >> On 2023-05-04 21:16, Aki Tuomi wrote: >> >> On 04/05/2023 21:09 EEST Aki Tuomi via dovecot >> >> wrote: >> >> >> >> >> >> > On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: >> >> > >> >> > >> >> > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: >> >> > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot >> >> > >> wrote: >> >> > >> >> >> > >> >> >> > >> Hi all, >> >> > >> >> >> > >> So recently google has been trying to send email to dm...@domain.com >> >> > >> on >> >> > >> my server but I'm using encrypted storage and since the dmarc user has >> >> > >> no password the email is being rejected with the error: >> >> > >> >> >> > >> May 4 16:51:50 domain dovecot: >> >> > >> lda(dmarc)<3326>: Error: sieve: >> >> > >> msgid=<10341808348719730...@google.com>: failed to store into mailbox >> >> > >> 'INBOX': generate_keypair(INBOX) failed: >> >> > >> mail_crypt_require_encrypted_user_key set, cannot generate user >> >> > >> keypair >> >> > >> without password or key >> >> > >> >> >> > >> How can I fix this, or at least read what the mail says? Would it be >> >> > >> safe to just give dmarc user a strong password? >> >> > > >> >> > > You can run >> >> > > >> >> > > doveadm mailbox cryptokey generate -U dmarc -N >> >> > > >> >> > > so the user will have a keypair generated. Then it should work. >> >> > > >> >> > > Aki >> >> > >> >> > I'm getting >> >> > >> >> > generate: invalid option -- 'N' >> >> > >> >> > should I just run it without -N ? >> >> > >> >> > Thank you! >> >> >> >> Please keep responses on the list. >> >> >> >> Try -n password? I have a faint recall of a buggy version like this. >> >> >> >> Aki >> > >> >> Sorry for replying twice, I'm getting >> >> doveadm(root): Error: Couldn't drop privileges: User is missing UID >> >> (see >> > mail_uid setting) >> >> when I try to run it without the -N op >> > >> > Sorry, my bad. >> > >> > doveadm mailbox cryptokey generate -U -u dmarc -n password >> > >> > Aki >> This too gives me >> >> generate: invalid option -- 'n' > > So it seems. Have to investigate this. > > In the mean time, can you try just > > doveadm mailbox cryptokey generate -U -u dmarc > > If you want, you can do > > doveadm mailbox cryptokey password -u user -U -N > > which hopefully should work. > > Aki First one gives, doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key doveadm(dmarc): Warning: mailbox cryptokey generate: Nothing was matched. Use -U or specify mask? doveadm(dmarc): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1) doveadm(dmarc): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7fe3f93e04e2] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7fe3f93e05fe] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc49b) [0x7fe3f93ec49b] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc4d1) [0x7fe3f93ec4d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x53aee) [0x7fe3f9343aee] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x407c9) [0x7fe3f94f47c9] -> doveadm(+0x31bcd) [0x55c2ab3d7bcd] -> doveadm(+0x32632) [0x55c2ab3d8632] -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x22d) [0x55c2ab3d94ad] -> doveadm(doveadm_cmd_run_ver2+0x4c8) [0x55c2ab3e9b88] -> doveadm(doveadm_cmd_try_run_ver2+0x3a) [0x55c2ab3e9bda] -> doveadm(main+0x1d0) [0x55c2ab3c8450] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7fe3f8f9fd0a] -> doveadm(_start+0x2a) [0x55c2ab3c892a] Aborted And the second one gives, password: invalid option -- 'U' Thank you for looking into it! Sorry, this is bit annoying issue. Seems there was a slight oversight when this option was added.. anyways... try doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox cryptokey generate -U -u dmarc maybe it works? Aki This gives the same error as the above that starts with doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-04 21:25, Aki Tuomi wrote: On 04/05/2023 21:20 EEST efeizbu...@disroot.org wrote: On 2023-05-04 21:16, Aki Tuomi wrote: >> On 04/05/2023 21:09 EEST Aki Tuomi via dovecot >> wrote: >> >> >> > On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: >> > >> > >> > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: >> > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot >> > >> wrote: >> > >> >> > >> >> > >> Hi all, >> > >> >> > >> So recently google has been trying to send email to dm...@domain.com >> > >> on >> > >> my server but I'm using encrypted storage and since the dmarc user has >> > >> no password the email is being rejected with the error: >> > >> >> > >> May 4 16:51:50 domain dovecot: >> > >> lda(dmarc)<3326>: Error: sieve: >> > >> msgid=<10341808348719730...@google.com>: failed to store into mailbox >> > >> 'INBOX': generate_keypair(INBOX) failed: >> > >> mail_crypt_require_encrypted_user_key set, cannot generate user >> > >> keypair >> > >> without password or key >> > >> >> > >> How can I fix this, or at least read what the mail says? Would it be >> > >> safe to just give dmarc user a strong password? >> > > >> > > You can run >> > > >> > > doveadm mailbox cryptokey generate -U dmarc -N >> > > >> > > so the user will have a keypair generated. Then it should work. >> > > >> > > Aki >> > >> > I'm getting >> > >> > generate: invalid option -- 'N' >> > >> > should I just run it without -N ? >> > >> > Thank you! >> >> Please keep responses on the list. >> >> Try -n password? I have a faint recall of a buggy version like this. >> >> Aki > >> Sorry for replying twice, I'm getting >> doveadm(root): Error: Couldn't drop privileges: User is missing UID >> (see > mail_uid setting) >> when I try to run it without the -N op > > Sorry, my bad. > > doveadm mailbox cryptokey generate -U -u dmarc -n password > > Aki This too gives me generate: invalid option -- 'n' So it seems. Have to investigate this. In the mean time, can you try just doveadm mailbox cryptokey generate -U -u dmarc If you want, you can do doveadm mailbox cryptokey password -u user -U -N which hopefully should work. Aki First one gives, doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key doveadm(dmarc): Warning: mailbox cryptokey generate: Nothing was matched. Use -U or specify mask? doveadm(dmarc): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1) doveadm(dmarc): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7fe3f93e04e2] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7fe3f93e05fe] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc49b) [0x7fe3f93ec49b] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc4d1) [0x7fe3f93ec4d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x53aee) [0x7fe3f9343aee] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x407c9) [0x7fe3f94f47c9] -> doveadm(+0x31bcd) [0x55c2ab3d7bcd] -> doveadm(+0x32632) [0x55c2ab3d8632] -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x22d) [0x55c2ab3d94ad] -> doveadm(doveadm_cmd_run_ver2+0x4c8) [0x55c2ab3e9b88] -> doveadm(doveadm_cmd_try_run_ver2+0x3a) [0x55c2ab3e9bda] -> doveadm(main+0x1d0) [0x55c2ab3c8450] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7fe3f8f9fd0a] -> doveadm(_start+0x2a) [0x55c2ab3c892a] Aborted And the second one gives, password: invalid option -- 'U' Thank you for looking into it! ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-04 21:16, Aki Tuomi wrote: On 04/05/2023 21:09 EEST Aki Tuomi via dovecot wrote: > On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: > > > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot > >> wrote: > >> > >> > >> Hi all, > >> > >> So recently google has been trying to send email to dm...@domain.com > >> on > >> my server but I'm using encrypted storage and since the dmarc user has > >> no password the email is being rejected with the error: > >> > >> May 4 16:51:50 domain dovecot: > >> lda(dmarc)<3326>: Error: sieve: > >> msgid=<10341808348719730...@google.com>: failed to store into mailbox > >> 'INBOX': generate_keypair(INBOX) failed: > >> mail_crypt_require_encrypted_user_key set, cannot generate user > >> keypair > >> without password or key > >> > >> How can I fix this, or at least read what the mail says? Would it be > >> safe to just give dmarc user a strong password? > > > > You can run > > > > doveadm mailbox cryptokey generate -U dmarc -N > > > > so the user will have a keypair generated. Then it should work. > > > > Aki > > I'm getting > > generate: invalid option -- 'N' > > should I just run it without -N ? > > Thank you! Please keep responses on the list. Try -n password? I have a faint recall of a buggy version like this. Aki Sorry for replying twice, I'm getting doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) when I try to run it without the -N op Sorry, my bad. doveadm mailbox cryptokey generate -U -u dmarc -n password Aki This too gives me generate: invalid option -- 'n' ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-04 21:09, Aki Tuomi wrote: On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot >> wrote: >> >> >> Hi all, >> >> So recently google has been trying to send email to dm...@domain.com >> on >> my server but I'm using encrypted storage and since the dmarc user has >> no password the email is being rejected with the error: >> >> May 4 16:51:50 domain dovecot: >> lda(dmarc)<3326>: Error: sieve: >> msgid=<10341808348719730...@google.com>: failed to store into mailbox >> 'INBOX': generate_keypair(INBOX) failed: >> mail_crypt_require_encrypted_user_key set, cannot generate user >> keypair >> without password or key >> >> How can I fix this, or at least read what the mail says? Would it be >> safe to just give dmarc user a strong password? > > You can run > > doveadm mailbox cryptokey generate -U dmarc -N > > so the user will have a keypair generated. Then it should work. > > Aki I'm getting generate: invalid option -- 'N' should I just run it without -N ? Thank you! Please keep responses on the list. Try -n password? I have a faint recall of a buggy version like this. Aki Unfortunately doesn't work. I've also tried doveadm mailbox cryptokey password -N -U dmarc doveadm mailbox cryptokey generate -N -U dmarc doveadm mailbox cryptokey generate -U dmarc -n password ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
dmarc user can't receive email because of encrypted storage
Hi all, So recently google has been trying to send email to dm...@domain.com on my server but I'm using encrypted storage and since the dmarc user has no password the email is being rejected with the error: May 4 16:51:50 domain dovecot: lda(dmarc)<3326>: Error: sieve: msgid=<10341808348719730...@google.com>: failed to store into mailbox 'INBOX': generate_keypair(INBOX) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key How can I fix this, or at least read what the mail says? Would it be safe to just give dmarc user a strong password? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
