Re: Re: dmarc user can't receive email because of encrypted storage
> On 05/05/2023 14:57 EEST efeizbu...@disroot.org wrote: > > > On 2023-05-05 14:29, efeizbudak--- via dovecot wrote: > > On 2023-05-05 09:09, Aki Tuomi via dovecot wrote: > >>> On 05/05/2023 05:49 EEST efeizbudak--- via dovecot > >>> wrote: > >>> > >>> > >> > >> > >>> > try > >>> > > >>> > doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox > >>> > cryptokey generate -U -u dmarc > >>> > > >>> > maybe it works? > >>> > > >>> > Aki > >>> This gives the same error as the above that starts with > >>> > >>> doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) > >>> failed: > >>> mail_crypt_require_encrypted_user_key set, cannot generate user > >>> keypair > >>> without password or key > >> > >> Ok, since this is getting too annoying I tested out that > >> > >> doveadm -o plugin/mail_crypt_private_password=foo mailbox cryptokey > >> generate -u dmarc -U > >> > >> at least works for me with that setting. > >> > >> I've made an issue of this, because it's not supposed to work like > >> this. Although it can end up as documentation task. > >> > >> Aki > > That worked! Thank you!! > Sorry, I've missed one important part. After running this command and > creating the keys, the emails are now received fine on the account but > how can I actually read them? I've tried to log into the account using > something like > > mutt -f imap://dm...@domain.com/Inbox > > but the login fails I guess because the user has keys but no password to > login. How can I decrypt the mail on this account using the generated > keys? I've also tried > > doveadm fetch -u dmarc "text" MAILBOX INBOX UNSEEN > > which gives me an error about password not being available. Well yes. There have been so many threads on this on the mailing list so I'll just summarize it here: If you are going to use per-user-passwords, you need to hash them. In config, you need to export this in passdb. Otherwise it will never end up in plugin environment. Hash them to avoid certain characters making a mess and also to make it more secure. You **must** either make your users to log in to to Dovecot before receiving email, **or** include cryptokey management in your provisioning workflow. Remember to hash the password when providing it over -o plugin/mail_crypt_private_password. Dovecot has no facility to ask the password over IMAP when you try to read the mail. Doing per-user-password encryption is difficult to get right. Aki ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-05 14:29, efeizbudak--- via dovecot wrote: On 2023-05-05 09:09, Aki Tuomi via dovecot wrote: On 05/05/2023 05:49 EEST efeizbudak--- via dovecot wrote: > try > > doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox > cryptokey generate -U -u dmarc > > maybe it works? > > Aki This gives the same error as the above that starts with doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key Ok, since this is getting too annoying I tested out that doveadm -o plugin/mail_crypt_private_password=foo mailbox cryptokey generate -u dmarc -U at least works for me with that setting. I've made an issue of this, because it's not supposed to work like this. Although it can end up as documentation task. Aki That worked! Thank you!! Sorry, I've missed one important part. After running this command and creating the keys, the emails are now received fine on the account but how can I actually read them? I've tried to log into the account using something like mutt -f imap://dm...@domain.com/Inbox but the login fails I guess because the user has keys but no password to login. How can I decrypt the mail on this account using the generated keys? I've also tried doveadm fetch -u dmarc "text" MAILBOX INBOX UNSEEN which gives me an error about password not being available. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-05 09:09, Aki Tuomi via dovecot wrote: On 05/05/2023 05:49 EEST efeizbudak--- via dovecot wrote: > try > > doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox > cryptokey generate -U -u dmarc > > maybe it works? > > Aki This gives the same error as the above that starts with doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key Ok, since this is getting too annoying I tested out that doveadm -o plugin/mail_crypt_private_password=foo mailbox cryptokey generate -u dmarc -U at least works for me with that setting. I've made an issue of this, because it's not supposed to work like this. Although it can end up as documentation task. Aki That worked! Thank you!! ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
> On 05/05/2023 05:49 EEST efeizbudak--- via dovecot > wrote: > > > > try > > > > doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox > > cryptokey generate -U -u dmarc > > > > maybe it works? > > > > Aki > This gives the same error as the above that starts with > > doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: > mail_crypt_require_encrypted_user_key set, cannot generate user keypair > without password or key Ok, since this is getting too annoying I tested out that doveadm -o plugin/mail_crypt_private_password=foo mailbox cryptokey generate -u dmarc -U at least works for me with that setting. I've made an issue of this, because it's not supposed to work like this. Although it can end up as documentation task. Aki ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-04 21:31, Aki Tuomi via dovecot wrote: On 04/05/2023 21:28 EEST efeizbu...@disroot.org wrote: On 2023-05-04 21:25, Aki Tuomi wrote: >> On 04/05/2023 21:20 EEST efeizbu...@disroot.org wrote: >> >> >> On 2023-05-04 21:16, Aki Tuomi wrote: >> >> On 04/05/2023 21:09 EEST Aki Tuomi via dovecot >> >> wrote: >> >> >> >> >> >> > On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: >> >> > >> >> > >> >> > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: >> >> > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot >> >> > >> wrote: >> >> > >> >> >> > >> >> >> > >> Hi all, >> >> > >> >> >> > >> So recently google has been trying to send email to dm...@domain.com >> >> > >> on >> >> > >> my server but I'm using encrypted storage and since the dmarc user has >> >> > >> no password the email is being rejected with the error: >> >> > >> >> >> > >> May 4 16:51:50 domain dovecot: >> >> > >> lda(dmarc)<3326>: Error: sieve: >> >> > >> msgid=<10341808348719730...@google.com>: failed to store into mailbox >> >> > >> 'INBOX': generate_keypair(INBOX) failed: >> >> > >> mail_crypt_require_encrypted_user_key set, cannot generate user >> >> > >> keypair >> >> > >> without password or key >> >> > >> >> >> > >> How can I fix this, or at least read what the mail says? Would it be >> >> > >> safe to just give dmarc user a strong password? >> >> > > >> >> > > You can run >> >> > > >> >> > > doveadm mailbox cryptokey generate -U dmarc -N >> >> > > >> >> > > so the user will have a keypair generated. Then it should work. >> >> > > >> >> > > Aki >> >> > >> >> > I'm getting >> >> > >> >> > generate: invalid option -- 'N' >> >> > >> >> > should I just run it without -N ? >> >> > >> >> > Thank you! >> >> >> >> Please keep responses on the list. >> >> >> >> Try -n password? I have a faint recall of a buggy version like this. >> >> >> >> Aki >> > >> >> Sorry for replying twice, I'm getting >> >> doveadm(root): Error: Couldn't drop privileges: User is missing UID >> >> (see >> > mail_uid setting) >> >> when I try to run it without the -N op >> > >> > Sorry, my bad. >> > >> > doveadm mailbox cryptokey generate -U -u dmarc -n password >> > >> > Aki >> This too gives me >> >> generate: invalid option -- 'n' > > So it seems. Have to investigate this. > > In the mean time, can you try just > > doveadm mailbox cryptokey generate -U -u dmarc > > If you want, you can do > > doveadm mailbox cryptokey password -u user -U -N > > which hopefully should work. > > Aki First one gives, doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key doveadm(dmarc): Warning: mailbox cryptokey generate: Nothing was matched. Use -U or specify mask? doveadm(dmarc): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1) doveadm(dmarc): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7fe3f93e04e2] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7fe3f93e05fe] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc49b) [0x7fe3f93ec49b] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc4d1) [0x7fe3f93ec4d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x53aee) [0x7fe3f9343aee] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x407c9) [0x7fe3f94f47c9] -> doveadm(+0x31bcd) [0x55c2ab3d7bcd] -> doveadm(+0x32632) [0x55c2ab3d8632] -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x22d) [0x55c2ab3d94ad] -> doveadm(doveadm_cmd_run_ver2+0x4c8) [0x55c2ab3e9b88] -> doveadm(doveadm_cmd_try_run_ver2+0x3a) [0x55c2ab3e9bda] -> doveadm(main+0x1d0) [0x55c2ab3c8450] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7fe3f8f9fd0a] -> doveadm(_start+0x2a) [0x55c2ab3c892a] Aborted And the second one gives, password: invalid option -- 'U' Thank you for looking into it! Sorry, this is bit annoying issue. Seems there was a slight oversight when this option was added.. anyways... try doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox cryptokey generate -U -u dmarc maybe it works? Aki This gives the same error as the above that starts with doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
> On 04/05/2023 21:28 EEST efeizbu...@disroot.org wrote: > > > On 2023-05-04 21:25, Aki Tuomi wrote: > >> On 04/05/2023 21:20 EEST efeizbu...@disroot.org wrote: > >> > >> > >> On 2023-05-04 21:16, Aki Tuomi wrote: > >> >> On 04/05/2023 21:09 EEST Aki Tuomi via dovecot > >> >> wrote: > >> >> > >> >> > >> >> > On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: > >> >> > > >> >> > > >> >> > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: > >> >> > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot > >> >> > >> wrote: > >> >> > >> > >> >> > >> > >> >> > >> Hi all, > >> >> > >> > >> >> > >> So recently google has been trying to send email to > >> >> > >> dm...@domain.com > >> >> > >> on > >> >> > >> my server but I'm using encrypted storage and since the dmarc user > >> >> > >> has > >> >> > >> no password the email is being rejected with the error: > >> >> > >> > >> >> > >> May 4 16:51:50 domain dovecot: > >> >> > >> lda(dmarc)<3326>: Error: sieve: > >> >> > >> msgid=<10341808348719730...@google.com>: failed to store into > >> >> > >> mailbox > >> >> > >> 'INBOX': generate_keypair(INBOX) failed: > >> >> > >> mail_crypt_require_encrypted_user_key set, cannot generate user > >> >> > >> keypair > >> >> > >> without password or key > >> >> > >> > >> >> > >> How can I fix this, or at least read what the mail says? Would it > >> >> > >> be > >> >> > >> safe to just give dmarc user a strong password? > >> >> > > > >> >> > > You can run > >> >> > > > >> >> > > doveadm mailbox cryptokey generate -U dmarc -N > >> >> > > > >> >> > > so the user will have a keypair generated. Then it should work. > >> >> > > > >> >> > > Aki > >> >> > > >> >> > I'm getting > >> >> > > >> >> > generate: invalid option -- 'N' > >> >> > > >> >> > should I just run it without -N ? > >> >> > > >> >> > Thank you! > >> >> > >> >> Please keep responses on the list. > >> >> > >> >> Try -n password? I have a faint recall of a buggy version like this. > >> >> > >> >> Aki > >> > > >> >> Sorry for replying twice, I'm getting > >> >> doveadm(root): Error: Couldn't drop privileges: User is missing UID > >> >> (see > >> > mail_uid setting) > >> >> when I try to run it without the -N op > >> > > >> > Sorry, my bad. > >> > > >> > doveadm mailbox cryptokey generate -U -u dmarc -n password > >> > > >> > Aki > >> This too gives me > >> > >> generate: invalid option -- 'n' > > > > So it seems. Have to investigate this. > > > > In the mean time, can you try just > > > > doveadm mailbox cryptokey generate -U -u dmarc > > > > If you want, you can do > > > > doveadm mailbox cryptokey password -u user -U -N > > > > which hopefully should work. > > > > Aki > First one gives, > > doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: > mail_crypt_require_encrypted_user_key set, cannot generate user keypair > without password or key > doveadm(dmarc): Warning: mailbox cryptokey generate: Nothing was > matched. Use -U or specify mask? > doveadm(dmarc): Panic: file mail-user.c: line 229 (mail_user_deinit): > assertion failed: ((*user)->refcount == 1) > doveadm(dmarc): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7fe3f93e04e2] > -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7fe3f93e05fe] > -> /usr/lib/dovecot/libdovecot.so.0(+0xfc49b) [0x7fe3f93ec49b] -> > /usr/lib/dovecot/libdovecot.so.0(+0xfc4d1) [0x7fe3f93ec4d1] -> > /usr/lib/dovecot/libdovecot.so.0(+0x53aee) [0x7fe3f9343aee] -> > /usr/lib/dovecot/libdovecot-storage.so.0(+0x407c9) [0x7fe3f94f47c9] -> > doveadm(+0x31bcd) [0x55c2ab3d7bcd] -> doveadm(+0x32632) [0x55c2ab3d8632] > -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x22d) [0x55c2ab3d94ad] > -> doveadm(doveadm_cmd_run_ver2+0x4c8) [0x55c2ab3e9b88] -> > doveadm(doveadm_cmd_try_run_ver2+0x3a) [0x55c2ab3e9bda] -> > doveadm(main+0x1d0) [0x55c2ab3c8450] -> > /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7fe3f8f9fd0a] > -> doveadm(_start+0x2a) [0x55c2ab3c892a] > Aborted > > And the second one gives, > > password: invalid option -- 'U' > > Thank you for looking into it! Sorry, this is bit annoying issue. Seems there was a slight oversight when this option was added.. anyways... try doveadm -o plugin/mail_crypt_require_encrypted_user_key=no mailbox cryptokey generate -U -u dmarc maybe it works? Aki ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-04 21:25, Aki Tuomi wrote: On 04/05/2023 21:20 EEST efeizbu...@disroot.org wrote: On 2023-05-04 21:16, Aki Tuomi wrote: >> On 04/05/2023 21:09 EEST Aki Tuomi via dovecot >> wrote: >> >> >> > On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: >> > >> > >> > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: >> > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot >> > >> wrote: >> > >> >> > >> >> > >> Hi all, >> > >> >> > >> So recently google has been trying to send email to dm...@domain.com >> > >> on >> > >> my server but I'm using encrypted storage and since the dmarc user has >> > >> no password the email is being rejected with the error: >> > >> >> > >> May 4 16:51:50 domain dovecot: >> > >> lda(dmarc)<3326>: Error: sieve: >> > >> msgid=<10341808348719730...@google.com>: failed to store into mailbox >> > >> 'INBOX': generate_keypair(INBOX) failed: >> > >> mail_crypt_require_encrypted_user_key set, cannot generate user >> > >> keypair >> > >> without password or key >> > >> >> > >> How can I fix this, or at least read what the mail says? Would it be >> > >> safe to just give dmarc user a strong password? >> > > >> > > You can run >> > > >> > > doveadm mailbox cryptokey generate -U dmarc -N >> > > >> > > so the user will have a keypair generated. Then it should work. >> > > >> > > Aki >> > >> > I'm getting >> > >> > generate: invalid option -- 'N' >> > >> > should I just run it without -N ? >> > >> > Thank you! >> >> Please keep responses on the list. >> >> Try -n password? I have a faint recall of a buggy version like this. >> >> Aki > >> Sorry for replying twice, I'm getting >> doveadm(root): Error: Couldn't drop privileges: User is missing UID >> (see > mail_uid setting) >> when I try to run it without the -N op > > Sorry, my bad. > > doveadm mailbox cryptokey generate -U -u dmarc -n password > > Aki This too gives me generate: invalid option -- 'n' So it seems. Have to investigate this. In the mean time, can you try just doveadm mailbox cryptokey generate -U -u dmarc If you want, you can do doveadm mailbox cryptokey password -u user -U -N which hopefully should work. Aki First one gives, doveadm(dmarc): Error: mail_crypt_user_generate_keypair(dmarc) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key doveadm(dmarc): Warning: mailbox cryptokey generate: Nothing was matched. Use -U or specify mask? doveadm(dmarc): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1) doveadm(dmarc): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7fe3f93e04e2] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7fe3f93e05fe] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc49b) [0x7fe3f93ec49b] -> /usr/lib/dovecot/libdovecot.so.0(+0xfc4d1) [0x7fe3f93ec4d1] -> /usr/lib/dovecot/libdovecot.so.0(+0x53aee) [0x7fe3f9343aee] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x407c9) [0x7fe3f94f47c9] -> doveadm(+0x31bcd) [0x55c2ab3d7bcd] -> doveadm(+0x32632) [0x55c2ab3d8632] -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x22d) [0x55c2ab3d94ad] -> doveadm(doveadm_cmd_run_ver2+0x4c8) [0x55c2ab3e9b88] -> doveadm(doveadm_cmd_try_run_ver2+0x3a) [0x55c2ab3e9bda] -> doveadm(main+0x1d0) [0x55c2ab3c8450] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7fe3f8f9fd0a] -> doveadm(_start+0x2a) [0x55c2ab3c892a] Aborted And the second one gives, password: invalid option -- 'U' Thank you for looking into it! ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
> On 04/05/2023 21:20 EEST efeizbu...@disroot.org wrote: > > > On 2023-05-04 21:16, Aki Tuomi wrote: > >> On 04/05/2023 21:09 EEST Aki Tuomi via dovecot > >> wrote: > >> > >> > >> > On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: > >> > > >> > > >> > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: > >> > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot > >> > >> wrote: > >> > >> > >> > >> > >> > >> Hi all, > >> > >> > >> > >> So recently google has been trying to send email to dm...@domain.com > >> > >> on > >> > >> my server but I'm using encrypted storage and since the dmarc user has > >> > >> no password the email is being rejected with the error: > >> > >> > >> > >> May 4 16:51:50 domain dovecot: > >> > >> lda(dmarc)<3326>: Error: sieve: > >> > >> msgid=<10341808348719730...@google.com>: failed to store into mailbox > >> > >> 'INBOX': generate_keypair(INBOX) failed: > >> > >> mail_crypt_require_encrypted_user_key set, cannot generate user > >> > >> keypair > >> > >> without password or key > >> > >> > >> > >> How can I fix this, or at least read what the mail says? Would it be > >> > >> safe to just give dmarc user a strong password? > >> > > > >> > > You can run > >> > > > >> > > doveadm mailbox cryptokey generate -U dmarc -N > >> > > > >> > > so the user will have a keypair generated. Then it should work. > >> > > > >> > > Aki > >> > > >> > I'm getting > >> > > >> > generate: invalid option -- 'N' > >> > > >> > should I just run it without -N ? > >> > > >> > Thank you! > >> > >> Please keep responses on the list. > >> > >> Try -n password? I have a faint recall of a buggy version like this. > >> > >> Aki > > > >> Sorry for replying twice, I'm getting > >> doveadm(root): Error: Couldn't drop privileges: User is missing UID > >> (see > > mail_uid setting) > >> when I try to run it without the -N op > > > > Sorry, my bad. > > > > doveadm mailbox cryptokey generate -U -u dmarc -n password > > > > Aki > This too gives me > > generate: invalid option -- 'n' So it seems. Have to investigate this. In the mean time, can you try just doveadm mailbox cryptokey generate -U -u dmarc If you want, you can do doveadm mailbox cryptokey password -u user -U -N which hopefully should work. Aki ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-04 21:16, Aki Tuomi wrote: On 04/05/2023 21:09 EEST Aki Tuomi via dovecot wrote: > On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: > > > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot > >> wrote: > >> > >> > >> Hi all, > >> > >> So recently google has been trying to send email to dm...@domain.com > >> on > >> my server but I'm using encrypted storage and since the dmarc user has > >> no password the email is being rejected with the error: > >> > >> May 4 16:51:50 domain dovecot: > >> lda(dmarc)<3326>: Error: sieve: > >> msgid=<10341808348719730...@google.com>: failed to store into mailbox > >> 'INBOX': generate_keypair(INBOX) failed: > >> mail_crypt_require_encrypted_user_key set, cannot generate user > >> keypair > >> without password or key > >> > >> How can I fix this, or at least read what the mail says? Would it be > >> safe to just give dmarc user a strong password? > > > > You can run > > > > doveadm mailbox cryptokey generate -U dmarc -N > > > > so the user will have a keypair generated. Then it should work. > > > > Aki > > I'm getting > > generate: invalid option -- 'N' > > should I just run it without -N ? > > Thank you! Please keep responses on the list. Try -n password? I have a faint recall of a buggy version like this. Aki Sorry for replying twice, I'm getting doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) when I try to run it without the -N op Sorry, my bad. doveadm mailbox cryptokey generate -U -u dmarc -n password Aki This too gives me generate: invalid option -- 'n' ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
On 2023-05-04 21:09, Aki Tuomi wrote: On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot >> wrote: >> >> >> Hi all, >> >> So recently google has been trying to send email to dm...@domain.com >> on >> my server but I'm using encrypted storage and since the dmarc user has >> no password the email is being rejected with the error: >> >> May 4 16:51:50 domain dovecot: >> lda(dmarc)<3326>: Error: sieve: >> msgid=<10341808348719730...@google.com>: failed to store into mailbox >> 'INBOX': generate_keypair(INBOX) failed: >> mail_crypt_require_encrypted_user_key set, cannot generate user >> keypair >> without password or key >> >> How can I fix this, or at least read what the mail says? Would it be >> safe to just give dmarc user a strong password? > > You can run > > doveadm mailbox cryptokey generate -U dmarc -N > > so the user will have a keypair generated. Then it should work. > > Aki I'm getting generate: invalid option -- 'N' should I just run it without -N ? Thank you! Please keep responses on the list. Try -n password? I have a faint recall of a buggy version like this. Aki Unfortunately doesn't work. I've also tried doveadm mailbox cryptokey password -N -U dmarc doveadm mailbox cryptokey generate -N -U dmarc doveadm mailbox cryptokey generate -U dmarc -n password ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
> On 04/05/2023 21:09 EEST Aki Tuomi via dovecot wrote: > > > > On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: > > > > > > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: > > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot > > >> wrote: > > >> > > >> > > >> Hi all, > > >> > > >> So recently google has been trying to send email to dm...@domain.com > > >> on > > >> my server but I'm using encrypted storage and since the dmarc user has > > >> no password the email is being rejected with the error: > > >> > > >> May 4 16:51:50 domain dovecot: > > >> lda(dmarc)<3326>: Error: sieve: > > >> msgid=<10341808348719730...@google.com>: failed to store into mailbox > > >> 'INBOX': generate_keypair(INBOX) failed: > > >> mail_crypt_require_encrypted_user_key set, cannot generate user > > >> keypair > > >> without password or key > > >> > > >> How can I fix this, or at least read what the mail says? Would it be > > >> safe to just give dmarc user a strong password? > > > > > > You can run > > > > > > doveadm mailbox cryptokey generate -U dmarc -N > > > > > > so the user will have a keypair generated. Then it should work. > > > > > > Aki > > > > I'm getting > > > > generate: invalid option -- 'N' > > > > should I just run it without -N ? > > > > Thank you! > > Please keep responses on the list. > > Try -n password? I have a faint recall of a buggy version like this. > > Aki > Sorry for replying twice, I'm getting > doveadm(root): Error: Couldn't drop privileges: User is missing UID (see mail_uid setting) > when I try to run it without the -N op Sorry, my bad. doveadm mailbox cryptokey generate -U -u dmarc -n password Aki ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
> On 04/05/2023 21:08 EEST efeizbu...@disroot.org wrote: > > > On 2023-05-04 20:53, Aki Tuomi via dovecot wrote: > >> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot > >> wrote: > >> > >> > >> Hi all, > >> > >> So recently google has been trying to send email to dm...@domain.com > >> on > >> my server but I'm using encrypted storage and since the dmarc user has > >> no password the email is being rejected with the error: > >> > >> May 4 16:51:50 domain dovecot: > >> lda(dmarc)<3326>: Error: sieve: > >> msgid=<10341808348719730...@google.com>: failed to store into mailbox > >> 'INBOX': generate_keypair(INBOX) failed: > >> mail_crypt_require_encrypted_user_key set, cannot generate user > >> keypair > >> without password or key > >> > >> How can I fix this, or at least read what the mail says? Would it be > >> safe to just give dmarc user a strong password? > > > > You can run > > > > doveadm mailbox cryptokey generate -U dmarc -N > > > > so the user will have a keypair generated. Then it should work. > > > > Aki > > I'm getting > > generate: invalid option -- 'N' > > should I just run it without -N ? > > Thank you! Please keep responses on the list. Try -n password? I have a faint recall of a buggy version like this. Aki ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dmarc user can't receive email because of encrypted storage
> On 04/05/2023 20:11 EEST efeizbudak--- via dovecot > wrote: > > > Hi all, > > So recently google has been trying to send email to dm...@domain.com on > my server but I'm using encrypted storage and since the dmarc user has > no password the email is being rejected with the error: > > May 4 16:51:50 domain dovecot: > lda(dmarc)<3326>: Error: sieve: > msgid=<10341808348719730...@google.com>: failed to store into mailbox > 'INBOX': generate_keypair(INBOX) failed: > mail_crypt_require_encrypted_user_key set, cannot generate user keypair > without password or key > > How can I fix this, or at least read what the mail says? Would it be > safe to just give dmarc user a strong password? You can run doveadm mailbox cryptokey generate -U dmarc -N so the user will have a keypair generated. Then it should work. Aki ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
